def __init__(self, config, master_key_id, vault_id): """ Represents a MasterKey contained in the OCI Key Management Service. :param dict config: (required) An OCI config dict used to create underlying clients to talk to OCI KMS. Note, the 'region' in this config must match the region that the key / vault exist in otherwise they will not be found. :param str master_key_id: (required) The OCID of the KMS master key :param str vault_id: (required) The OCID of the vault containing the master key """ kms_vault_client = KmsVaultClient(config) try: vault = kms_vault_client.get_vault(vault_id).data except ServiceError as service_error: message = "Failed to access vaultId: {vault_id} while targeting region: {region}.".format( vault_id=vault_id, region=config['region']) raise_runtime_error_from(message, service_error) self.kms_management_client = KmsManagementClient( config, service_endpoint=vault.management_endpoint) self.kms_crypto_client = KmsCryptoClient( config, service_endpoint=vault.crypto_endpoint) self.master_key_id = master_key_id self.vault_id = vault.id self.region = config["region"]
def __init__(self, config, master_key_id, vault_id, **kwargs): """ Represents a MasterKey contained in the OCI Key Management Service. :param dict config: (required) An OCI config dict used to create underlying clients to talk to OCI KMS. Note, the 'region' in this config must match the region that the key / vault exist in otherwise they will not be found. :param str master_key_id: (required) The OCID of the KMS master key :param str vault_id: (required) The OCID of the vault containing the master key :param signer: (optional) The signer to use when signing requests made by the service client. The default is to use a :py:class:`~oci.signer.Signer` based on the values provided in the config parameter. One use case for this parameter is for `Instance Principals authentication <https://docs.cloud.oracle.com/Content/Identity/Tasks/callingservicesfrominstances.htm>`__ by passing an instance of :py:class:`~oci.auth.signers.InstancePrincipalsSecurityTokenSigner` as the value for this keyword argument :type signer: :py:class:`~oci.signer.AbstractBaseSigner` :param str region: (optional) The region this master key resides in """ if not config and not kwargs.get("signer"): raise ValueError("Either a config or signer must be passed in") self.region = None # Get region from **kwargs, config, or signer if kwargs.get('region'): self.region = kwargs.get("region") elif "region" in config: self.region = config["region"] elif kwargs.get('signer'): self.region = kwargs.get("signer").region kms_vault_client = KmsVaultClient(config, **kwargs) # There is a chance that caller specified a region and differs from the config or signer's region kms_vault_client.base_client.set_region(self.region) try: vault = kms_vault_client.get_vault(vault_id).data except ServiceError as service_error: message = "Failed to access vaultId: {vault_id} while targeting region: {region}.".format( vault_id=vault_id, region=self.region) raise_runtime_error_from(message, service_error) self.kms_management_client = KmsManagementClient( config, service_endpoint=vault.management_endpoint, **kwargs) self.kms_crypto_client = KmsCryptoClient( config, service_endpoint=vault.crypto_endpoint, **kwargs) self.master_key_id = master_key_id self.vault_id = vault.id
async def get_keys(self, keyvault): try: key_client = KmsManagementClient(self._credentials.config, keyvault['management_endpoint']) response = await run_concurrently( lambda: list_call_get_all_results( key_client.list_keys, self._credentials.get_scope())) return response.data except Exception as e: print_exception(f'Failed to get KMS vaults: {e}') return []
async def get_keys(self, keyvault): key_client = KmsManagementClient(self._credentials.config, keyvault['management_endpoint']) response = await run_concurrently(lambda: list_call_get_all_results( key_client.list_keys, self._credentials.compartment_id)) return response.data