def __init__(self, config, master_key_id, vault_id):
"""
Represents a MasterKey contained in the OCI Key Management Service.
:param dict config: (required)
An OCI config dict used to create underlying clients to talk to OCI KMS.
Note, the 'region' in this config must match the region that the key / vault
exist in otherwise they will not be found.
:param str master_key_id: (required)
The OCID of the KMS master key
:param str vault_id: (required)
The OCID of the vault containing the master key
"""
kms_vault_client = KmsVaultClient(config)
try:
vault = kms_vault_client.get_vault(vault_id).data
except ServiceError as service_error:
message = "Failed to access vaultId: {vault_id} while targeting region: {region}.".format(
vault_id=vault_id, region=config['region'])
raise_runtime_error_from(message, service_error)
self.kms_management_client = KmsManagementClient(
config, service_endpoint=vault.management_endpoint)
self.kms_crypto_client = KmsCryptoClient(
config, service_endpoint=vault.crypto_endpoint)
self.master_key_id = master_key_id
self.vault_id = vault.id
self.region = config["region"]
def __init__(self, config, master_key_id, vault_id, **kwargs):
"""
Represents a MasterKey contained in the OCI Key Management Service.
:param dict config: (required)
An OCI config dict used to create underlying clients to talk to OCI KMS.
Note, the 'region' in this config must match the region that the key / vault
exist in otherwise they will not be found.
:param str master_key_id: (required)
The OCID of the KMS master key
:param str vault_id: (required)
The OCID of the vault containing the master key
:param signer: (optional)
The signer to use when signing requests made by the service client. The default is to use a :py:class:`~oci.signer.Signer` based on the values
provided in the config parameter.
One use case for this parameter is for `Instance Principals authentication <https://docs.cloud.oracle.com/Content/Identity/Tasks/callingservicesfrominstances.htm>`__
by passing an instance of :py:class:`~oci.auth.signers.InstancePrincipalsSecurityTokenSigner` as the value for this keyword argument
:type signer: :py:class:`~oci.signer.AbstractBaseSigner`
:param str region: (optional)
The region this master key resides in
"""
if not config and not kwargs.get("signer"):
raise ValueError("Either a config or signer must be passed in")
self.region = None
# Get region from **kwargs, config, or signer
if kwargs.get('region'):
self.region = kwargs.get("region")
elif "region" in config:
self.region = config["region"]
elif kwargs.get('signer'):
self.region = kwargs.get("signer").region
kms_vault_client = KmsVaultClient(config, **kwargs)
# There is a chance that caller specified a region and differs from the config or signer's region
kms_vault_client.base_client.set_region(self.region)
try:
vault = kms_vault_client.get_vault(vault_id).data
except ServiceError as service_error:
message = "Failed to access vaultId: {vault_id} while targeting region: {region}.".format(
vault_id=vault_id, region=self.region)
raise_runtime_error_from(message, service_error)
self.kms_management_client = KmsManagementClient(
config, service_endpoint=vault.management_endpoint, **kwargs)
self.kms_crypto_client = KmsCryptoClient(
config, service_endpoint=vault.crypto_endpoint, **kwargs)
self.master_key_id = master_key_id
self.vault_id = vault.id
async def get_keys(self, keyvault):
try:
key_client = KmsManagementClient(self._credentials.config,
keyvault['management_endpoint'])
response = await run_concurrently(
lambda: list_call_get_all_results(
key_client.list_keys, self._credentials.get_scope()))
return response.data
except Exception as e:
print_exception(f'Failed to get KMS vaults: {e}')
return []
async def get_keys(self, keyvault):
key_client = KmsManagementClient(self._credentials.config,
keyvault['management_endpoint'])
response = await run_concurrently(lambda: list_call_get_all_results(
key_client.list_keys, self._credentials.compartment_id))
return response.data