barbican/api-guide/source/orders.rst
Juan Antonio Osorio Robles 9a934e57eb Revert "Add ID property to all entities"
This change breaks several gates, including RDO's package promotion.

This reverts commit f06ba48195.

Change-Id: I0524b7057016daa59ea0a506bdc50a71e9fc8f6a
2017-01-30 21:27:29 +02:00

6.3 KiB

Orders API - User Guide

The orders resource allows the user to request barbican to generate a secret. This is also very helpful for requesting the creation of certificates and public/private key pairs.

The orders resource supports the following types:
  • symmetric keys
  • asymmetric keys
  • certificates

Warning

DEPRECATION WARNING: The Certificates Order resource has been deprecated and will be removed in the P release.

This user guide provides high level examples of the orders resource. It will assume you will be using a local running development environment of barbican. If you need assistance with getting set up, please reference the development guide.

For a more in depth explanation on how to order a certificate, reference the How to Order a Certificate <order_certificate> documentation.

Creating an Order

When you want barbican to generate a secret you need to create an order. For an order to be processed correctly the parameters mode, bit_length, and algorithm must be valid. Otherwise the order will fail and the secret will not be generated. The example below shows a valid order for generating a symmetric key. You can find a more detailed explanation about the parameters in the Orders API documentation.

curl -X POST -H "X-Auth-Token: $TOKEN" -H "content-type:application/json" -d '{
"type":"key", "meta": { "name": "secretname", "algorithm": "aes",
"bit_length": 256, "mode": "cbc", "payload_content_type": "application/octet-stream"}
}' http://localhost:9311/v1/orders

You should receive an order reference after placing your order with barbican.

{"order_ref": "http://localhost:9311/v1/orders/3a5c6748-44de-4c1c-9e54-085c3f79e942"}

The order reference is used to retrieve the metadata for the order you placed which can then be used to retrieve your secret.

Retrieving an Order

In order to retrieve the order we will use the reference returned during the initial creation. (See Creating an Order <create_order>.)

curl -H "X-Auth-Token: $TOKEN" -H 'Accept:application/json' \
http://localhost:9311/v1/orders/3a5c6748-44de-4c1c-9e54-085c3f79e942

The typical response is below:

{
    "created": "2015-10-15T18:15:10",
    "creator_id": "40540f978fbd45c1af18910e3e02b63f",
    "meta": {
        "algorithm": "AES",
        "bit_length": 256,
        "expiration": null,
        "mode": "cbc",
        "name": "secretname",
        "payload_content_type": "application/octet-stream"
    },
    "order_ref": "http://localhost:9311/v1/orders/3a5c6748-44de-4c1c-9e54-085c3f79e942",
    "secret_ref": "http://localhost:9311/v1/secrets/bcd1b853-edeb-4509-9f12-019b8c8dfb5f",
    "status": "ACTIVE",
    "sub_status": "Unknown",
    "sub_status_message": "Unknown",
    "type": "key",
    "updated": "2015-10-15T18:15:10"
}

This is the metadata associated with the order. To retrieve the secret generated by the order, refer to the Secrets User Guide <secrets>. The order metadata is very useful for determining if your order was processed correctly. Since orders are processed asynchronously, you can use the metadata returned for the order to verify a successful secret creation. The parameters of the response are explained in more detail here.

Retrieving All Orders

It is also possible to retrieve all orders for a project.

curl -H "X-Auth-Token: $TOKEN" -H 'Accept:application/json' http://localhost:9311/v1/orders
{
    "orders": [
        {
            "created": "2015-10-15T18:15:10",
            "creator_id": "40540f978fbd45c1af18910e3e02b63f",
            "meta": {
                "algorithm": "AES",
                "bit_length": 256,
                "expiration": null,
                "mode": "cbc",
                "name": "secretname",
                "payload_content_type": "application/octet-stream"
            },
            "order_ref": "http://localhost:9311/v1/orders/3a5c6748-44de-4c1c-9e54-085c3f79e942",
            "secret_ref": "http://localhost:9311/v1/secrets/bcd1b853-edeb-4509-9f12-019b8c8dfb5f",
            "status": "ACTIVE",
            "sub_status": "Unknown",
            "sub_status_message": "Unknown",
            "type": "key",
            "updated": "2015-10-15T18:15:10"
        },
        {
            "created": "2015-10-15T18:51:35",
            "creator_id": "40540f978fbd45c1af18910e3e02b63f",
            "meta": {
                "algorithm": "AES",
                "bit_length": 256,
                "mode": "cbc",
                "expiration": null,
                "name": null
            },
            "order_ref": "http://localhost:9311/v1/orders/d99ced51-ea7a-4c14-8e11-0dda0f49c5be",
            "secret_ref": "http://localhost:9311/v1/secrets/abadd306-8235-4f6b-984a-cc48ad039def",
            "status": "ACTIVE",
            "sub_status": "Unknown",
            "sub_status_message": "Unknown",
            "type": "key",
            "updated": "2015-10-15T18:51:35"
        }
    ],
    "total": 2
}

You can refer to the orders parameters section of the Orders API documentation in order to refine your search among orders.

Deleting an Order

It is also possible to delete an order from barbican.

curl -X DELETE -H "X-Auth-Token: $TOKEN" -H 'Accept:application/json' http://localhost:9311/v1/orders/fbdd845f-4a5e-43e3-8f68-64e8f106c486

Nothing will be returned when you delete an order. If something was returned there was most likely an error while deleting the order.