This adds consumers to the objects. Unit tests are
also covered.
Co-Authored-By: Ade Lee <alee@redhat.com>
Co-Authored-By: Mauricio Harley <mharley@redhat.com>
Change-Id: I598209e30d8f0e4515292b1f8c9a89aa952bac4e
This patch centralizes the managed objects conversion in order to be
used across multiple key_manager backends.
Change-Id: Ia2e15d46eb2e504b815a7f51173aecaf82978402
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
nit: Certificate inherits from ManagedObject which already has
ABCMeta as metaclass.
Change-Id: I17b12980b88e306fbdc99a3e92b1fa22d8e96471
Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
The managed objects did not have an ID associated with them. This is most
helpful for the list command, where once you have more than one object,
it's hard to track unique identifiers for the objects.
Change-Id: Ibc48762e7c2c71659fb96826c53301bc6f55ddf7
The context wrapper classes under castellan.common.credentials were
missing an auth_url property resulting in calls to get_endpoint()
failing with 'Could not determine a suitable URL for the plugin' unless
users set barbican/auth_endpoint.
Change-Id: I1be3a1e11e3f4c2170062927ad359bf679eb25d9
Closes-Bug: #1497993
project_domain_id and project_domain_name are not correctly referenced
in credential_factory. This patch fixes that.
Change-Id: I0ea96cbdb97c7bf3b4c385b5aa9d9db71f6bdab5
Adds the ability to retrieve only the metadata of a secret. This is
helpful in situations when the caller wants to know information about
the secret, but doesn't want to unnecessarily handle the secret data.
Change-Id: I63aec037973aad2555190ca3eb6bba765955399a
When an exception was caught and rethrown, it should call 'raise'
without any arguments because it shows the place where an exception
occured initially instead of place where the exception re-raised.
Change-Id: I121c004082d37a5af1671060e3bdf6655ebeffc2
oslo config has an option called 'secret' setting this to true
will avoid accidental logging of sensitive parameters during
operation.
Change-Id: If95d6a2d31527b2ce42205d2603f5bf345a91e10
Closes-Bug: #1576251
This patch adds help documentation to the Castellan Credential
Factory Options when a configuration is generated.
Change-Id: I132923954ef70342eb31b048ff443d894988b320
This patch introduces the credential factory which creates a
credential object based upon the values in the configuration file.
It is the second of several patches which will implement the
"Allow different Keystone Auth Support in Castellan" blueprint.
Other patches will add:
1.) barbican key manager logic and tests
2.) documentation on usage
Change-Id: I34243c7a2523d9d0aa4e86d823dd28f1beed821a
Implements: blueprint remove-keystone-dependency
This patch introduces the credential class in Castellan. It
includes Credential, Token, Password, Keystone Token, and
Keystone Password classes.
It is the first of several patches which will implement the
"Allow different Keystone Auth Support in Castellan" blueprint.
Other patches will add:
1.) credential factory
2.) barbican key manager logic and tests
3.) documentation on usage
Implements: blueprint remove-keystone-dependency
Change-Id: I4a4a85a108403d832e2bba91c901aaede605168d
Adds the property 'created' to managed objects in Castellan.
The property is None until the secret has been stored.
Change-Id: I83e79cd3dbc07b90f4526a36aaf4ee76e902e228
Allows a user to be able to set logging defaults if they have not
created a configuration for logging.
Change-Id: I7e7ce2f7904aefa30db63264d9e0702f0db57513
Co-Authored-By: Michael McCune <msm@redhat.com>
Closes-Bug: #1521265
In the unit tests for managed objects, add tests to check changes for
each attribute of the objects to check that __eq__ and __ne__ are
working correctly.
Change-Id: If8bb85cc8e08d99e2c7f30e04945925538f53730
Adding this new error type will allow Castellan to distinguish between
whether an error occurred because the could not be found or some other sort
of error with communicating with Barbican.
Change-Id: Ie8fc3cf457009522349285c750adeeedd75e9a60
Castellan will support multiple objects, not just symmetric keys. The bytes of
the managed object are returned as bytestrings.
Change-Id: If75ff5d458604a8210980a4f50d1e4fc27d2b037
Adds the first usable key manager plugin to Castellan. While there is an
implementation of a mock key manager in the test directories, it is used
only for testing.
This code is based on the barbican key manager code in Nova written by
Brianna Poulos. See: https://review.openstack.org/#/c/104001/
The Barbican API version info will be read from a config option until
the Barbican Version API is fixed. See fix-version-api blueprint.
Implements: blueprint add-barbican-key-manager
Co-authored-by: Brianna Poulos <brianna.poulos@jhuapl.edu>
Change-Id: Ia27cd831f42c6b027778240b3396b1c4149dc689
This patch adds the code found in cinder.keymgr
to castellan, except for the barbican wrapper
and the barbican test case.
The ConfKeyManager is also not included, since
it is insecure and not suitable for production,
and the MockKeyManager is suitable for testing.
Change-Id: I1139262581720be47a09b46f01f4bfb85a764d9a