Update the secret consumers spec
This changes the spec, so that the API makes the same assumptions as the container consumers API. Change-Id: I02f6dfc072416780dc541534733274279a849423
This commit is contained in:
parent
5e3201676b
commit
33b30e604c
|
@ -99,9 +99,9 @@ Body Parameters
|
||||||
| resource_id | string | Unique identifier for the resource using this secret. |
|
| resource_id | string | Unique identifier for the resource using this secret. |
|
||||||
+---------------------+--------+--------------------------------------------------------+
|
+---------------------+--------+--------------------------------------------------------+
|
||||||
|
|
||||||
Barbican will consider the resource_id to be a unique consumer. This assumes
|
Barbican will consider the resource_id to be a unique together with the secret,
|
||||||
that resource_id is a UUID, and that duplicate IDs for different projects
|
service and resource_type. If the resource_id is a UUID, duplicate IDs for
|
||||||
is not likely to ever happen in a single cloud.
|
different projects are not likely to ever happen in a single cloud.
|
||||||
|
|
||||||
resource_type should be meaningful to the individual projects, and should
|
resource_type should be meaningful to the individual projects, and should
|
||||||
be used to identify the resource in the consuming service. For example,
|
be used to identify the resource in the consuming service. For example,
|
||||||
|
@ -196,7 +196,7 @@ Other Responses
|
||||||
| | not have the appropriate role/scope |
|
| | not have the appropriate role/scope |
|
||||||
+------+--------------------------------------------------------------------+
|
+------+--------------------------------------------------------------------+
|
||||||
|
|
||||||
DELETE /v1/secrets/{secret_id}/consumers/{resource_id}
|
DELETE /v1/secrets/{secret_id}/consumers
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
Delete a consumer. ie. The resource is being deleted and it longer needs
|
Delete a consumer. ie. The resource is being deleted and it longer needs
|
||||||
|
@ -207,7 +207,16 @@ Request
|
||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
DELETE v1/secrets/{secret_id}/consumers/{resource_id}
|
DELETE v1/secrets/{secret_id}/consumers
|
||||||
|
Headers:
|
||||||
|
X-Auth-Token: {token}
|
||||||
|
X-Content-Type: application/json
|
||||||
|
|
||||||
|
{
|
||||||
|
"service": "image",
|
||||||
|
"resource_type": "images",
|
||||||
|
"resource_id": "{image_id}"
|
||||||
|
}
|
||||||
|
|
||||||
Responses
|
Responses
|
||||||
+++++++++
|
+++++++++
|
||||||
|
@ -250,24 +259,24 @@ Python and Command Line Client Impact
|
||||||
The Secret class in python-barbicanclient should be updated to add new
|
The Secret class in python-barbicanclient should be updated to add new
|
||||||
methods such as::
|
methods such as::
|
||||||
|
|
||||||
class Secret(...):
|
class SecretManager(...):
|
||||||
...
|
...
|
||||||
|
|
||||||
def add_consumer(self, service_type, resource_type, resource_id):
|
def register_consumer(self, secret_ref, service_type, resource_type, resource_id):
|
||||||
...
|
...
|
||||||
|
|
||||||
def remove_consumer(self, service_type, resource_type, resource_id):
|
def remove_consumer(self, secret_ref, service_type, resource_type, resource_id):
|
||||||
...
|
...
|
||||||
|
|
||||||
Both methods should raise appropriate exceptions when the API returns an error.
|
Both methods should raise appropriate exceptions when the API returns an error.
|
||||||
Additionally, the Secret.delete() method should be updated to take a new *force*
|
Additionally, the SecretManager.delete() method should be updated to take a new
|
||||||
parameter and throw an exception when delete() is called with force=False,
|
*force* parameter and throw an exception when delete() is called with
|
||||||
and the secret still has consumers::
|
force=False and the secret still has consumers::
|
||||||
|
|
||||||
class Secret(...):
|
class SecretManager(...):
|
||||||
...
|
...
|
||||||
|
|
||||||
def delete(self, force=False):
|
def delete(self, container_ref, force=False):
|
||||||
...
|
...
|
||||||
|
|
||||||
The CLI client should be changed to add new consumer options, such as::
|
The CLI client should be changed to add new consumer options, such as::
|
||||||
|
@ -336,6 +345,7 @@ Primary assignee:
|
||||||
|
|
||||||
Other contributors:
|
Other contributors:
|
||||||
Moisés Guimarães (OFTC: moguimar) <moguimar@redhat.com>
|
Moisés Guimarães (OFTC: moguimar) <moguimar@redhat.com>
|
||||||
|
Grzegorz Grasza (OFTC: xek) <xek@redhat.com>
|
||||||
|
|
||||||
Work Items
|
Work Items
|
||||||
----------
|
----------
|
||||||
|
|
Loading…
Reference in New Issue