def _get_barbican_client(self, context):
"""Creates a client to connect to the Barbican service.
:param context: the user context for authentication
:return: a Barbican Client object
:raises Forbidden: if the context is None
:raises KeyManagerError: if context is missing tenant or tenant is
None or error occurs while creating client
"""
# Confirm context is provided, if not raise forbidden
if not context:
msg = u._("User is not authorized to use key manager.")
LOG.error(msg)
raise exception.Forbidden(msg)
if not hasattr(context, 'tenant') or context.tenant is None:
msg = u._("Unable to create Barbican Client without tenant "
"attribute in context object.")
LOG.error(msg)
raise exception.KeyManagerError(reason=msg)
if self._barbican_client and self._current_context == context:
return self._barbican_client
try:
self._current_context = context
auth = self._get_keystone_auth(context)
sess = session.Session(auth=auth)
self._barbican_endpoint = self._get_barbican_endpoint(auth, sess)
self._barbican_client = barbican_client.Client(
session=sess, endpoint=self._barbican_endpoint)
except Exception as e:
LOG.error(u._LE("Error creating Barbican client: %s"), e)
raise exception.KeyManagerError(reason=e)
self._base_url = self._create_base_url(auth, sess,
self._barbican_endpoint)
return self._barbican_client
def _get_barbican_client(self, context):
"""Creates a client to connect to the Barbican service.
:param context: the user context for authentication
:return: a Barbican Client object
:raises Forbidden: if the context is None
:raises KeyManagerError: if context is missing tenant or tenant is
None or error occurs while creating client
"""
# Confirm context is provided, if not raise forbidden
if not context:
msg = u._("User is not authorized to use key manager.")
LOG.error(msg)
raise exception.Forbidden(msg)
if not hasattr(context, "tenant") or context.tenant is None:
msg = u._("Unable to create Barbican Client without tenant " "attribute in context object.")
LOG.error(msg)
raise exception.KeyManagerError(reason=msg)
if self._barbican_client and self._current_context == context:
return self._barbican_client
try:
self._current_context = context
auth = self._get_keystone_auth(context)
sess = session.Session(auth=auth)
self._barbican_endpoint = self._get_barbican_endpoint(auth, sess)
self._barbican_client = barbican_client.Client(session=sess, endpoint=self._barbican_endpoint)
except Exception as e:
LOG.error(u._LE("Error creating Barbican client: %s"), e)
raise exception.KeyManagerError(reason=e)
self._base_url = self._create_base_url(auth, sess, self._barbican_endpoint)
return self._barbican_client
class CastellanException(Exception):
"""Base Castellan Exception
To correctly use this class, inherit from it and define
a 'message' property. That message will get printf'd
with the keyword arguments provided to the constructor.
"""
message = u._("An unknown exception occurred")
def __init__(self, message_arg=None, *args, **kwargs):
if not message_arg:
message_arg = self.message
try:
self.message = message_arg % kwargs
except Exception as e:
if _FATAL_EXCEPTION_FORMAT_ERRORS:
raise e
else:
# at least get the core message out if something happened
pass
super(CastellanException, self).__init__(self.message)
class InsufficientCredentialDataError(CastellanException):
message = u._("Insufficient credential data was provided, either "
"\"token\" must be set in the passed conf, or a context "
"with an \"auth_token\" property must be passed.")
class AuthTypeInvalidError(CastellanException):
message = u._("Invalid auth_type was specified, auth_type: %(type)s")
class ManagedObjectNotFoundError(CastellanException):
message = u._("Key not found, uuid: %(uuid)s")
class KeyManagerError(CastellanException):
message = u._("Key manager error: %(reason)s")
class Forbidden(CastellanException):
message = u._("You are not authorized to complete this action.")
