Fix merge conflicts.
This commit is contained in:
jfwood
@@ -13,11 +13,11 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
import json
|
||||
import logging
|
||||
import os
|
||||
|
||||
import requests
|
||||
|
||||
from barbicanclient.openstack.common import log as logging
|
||||
from barbicanclient.openstack.common.gettextutils import _
|
||||
from barbicanclient import orders
|
||||
from barbicanclient import secrets
|
||||
@@ -25,7 +25,6 @@ from barbicanclient import verifications
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
logging.setup('barbicanclient')
|
||||
|
||||
|
||||
class HTTPError(Exception):
|
||||
@@ -51,8 +50,8 @@ class HTTPAuthError(HTTPError):
|
||||
|
||||
class Client(object):
|
||||
|
||||
def __init__(self, session=None, auth_plugin=None,
|
||||
endpoint=None, tenant_id=None):
|
||||
def __init__(self, session=None, auth_plugin=None, endpoint=None,
|
||||
tenant_id=None, insecure=False):
|
||||
"""
|
||||
Barbican client object used to interact with barbican service.
|
||||
|
||||
@@ -68,6 +67,7 @@ class Client(object):
|
||||
LOG.debug(_("Creating Client object"))
|
||||
|
||||
self._session = session or requests.Session()
|
||||
self.verify = not insecure
|
||||
self.auth_plugin = auth_plugin
|
||||
|
||||
if self.auth_plugin is not None:
|
||||
@@ -96,23 +96,25 @@ class Client(object):
|
||||
|
||||
def get(self, href, params=None):
|
||||
headers = {'Accept': 'application/json'}
|
||||
resp = self._session.get(href, params=params, headers=headers)
|
||||
resp = self._session.get(href, params=params, headers=headers,
|
||||
verify=self.verify)
|
||||
self._check_status_code(resp)
|
||||
return resp.json()
|
||||
|
||||
def get_raw(self, href, headers):
|
||||
resp = self._session.get(href, headers=headers)
|
||||
resp = self._session.get(href, headers=headers, verify=self.verify)
|
||||
self._check_status_code(resp)
|
||||
return resp.content
|
||||
|
||||
def delete(self, href):
|
||||
resp = self._session.delete(href)
|
||||
resp = self._session.delete(href, verify=self.verify)
|
||||
self._check_status_code(resp)
|
||||
|
||||
def post(self, path, data):
|
||||
url = '{0}/{1}/'.format(self.base_url, path)
|
||||
headers = {'content-type': 'application/json'}
|
||||
resp = self._session.post(url, data=json.dumps(data), headers=headers)
|
||||
resp = self._session.post(url, data=json.dumps(data), headers=headers,
|
||||
verify=self.verify)
|
||||
self._check_status_code(resp)
|
||||
return resp.json()
|
||||
|
||||
|
||||
@@ -12,10 +12,11 @@
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
import logging
|
||||
|
||||
from keystoneclient.v2_0 import client as ksclient
|
||||
from keystoneclient import exceptions
|
||||
|
||||
from barbicanclient.openstack.common import log as logging
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
@@ -28,14 +29,15 @@ class AuthException(Exception):
|
||||
|
||||
class KeystoneAuthV2(object):
|
||||
def __init__(self, auth_url='', username='', password='',
|
||||
tenant_name='', tenant_id='', keystone=None):
|
||||
tenant_name='', tenant_id='', insecure=False, keystone=None):
|
||||
if not all([auth_url, username, password, tenant_name or tenant_id]):
|
||||
raise ValueError('Please provide auth_url, username, password,'
|
||||
' and tenant_id or tenant_name)')
|
||||
self._keystone = keystone or ksclient.Client(username=username,
|
||||
password=password,
|
||||
tenant_name=tenant_name,
|
||||
auth_url=auth_url)
|
||||
auth_url=auth_url,
|
||||
insecure=insecure)
|
||||
self._barbican_url = None
|
||||
#TODO(dmend): make these configurable
|
||||
self._service_type = 'keystore'
|
||||
|
||||
@@ -19,6 +19,9 @@ import argparse
|
||||
|
||||
from barbicanclient.common import auth
|
||||
from barbicanclient import client
|
||||
from barbicanclient.openstack.common import log as logging
|
||||
|
||||
logging.setup('barbicanclient')
|
||||
|
||||
|
||||
class Keep:
|
||||
@@ -72,22 +75,35 @@ class Keep:
|
||||
metavar='<barbican-url>',
|
||||
default=client.env('BARBICAN_ENDPOINT'),
|
||||
help='Defaults to env[BARBICAN_ENDPOINT].')
|
||||
parser.add_argument('--insecure',
|
||||
default=False,
|
||||
action="store_true",
|
||||
help='Explicitly allow barbicanclient to perform '
|
||||
'"insecure" TLS (https) requests. The '
|
||||
'server\'s certificate will not be verified '
|
||||
'against any certificate authorities. This '
|
||||
'option should be used with caution.')
|
||||
return parser
|
||||
|
||||
def _add_verify_args(self):
|
||||
verify_parser = self.subparsers.add_parser('verify',
|
||||
help='Create a new verification.')
|
||||
help='Create a new '
|
||||
'verification.')
|
||||
verify_parser.add_argument('--type', '-t', default='image',
|
||||
help='resource type to verify, such as "image".')
|
||||
help='resource type to verify, '
|
||||
'such as "image".')
|
||||
|
||||
verify_parser.add_argument('--ref', '-r',
|
||||
help='reference URI to resource to verify.')
|
||||
help='reference URI to '
|
||||
'resource to verify.')
|
||||
|
||||
verify_parser.add_argument('--action', '-a', default='vm_attach',
|
||||
help='action to perform on resource, such as "vm_attach".')
|
||||
help='action to perform on '
|
||||
'resource, such as "vm_attach".')
|
||||
|
||||
verify_parser.add_argument('--impersonation', '-i', default=True,
|
||||
help='is impersonation allowed for the resource.')
|
||||
help='is impersonation allowed '
|
||||
'for the resource.')
|
||||
verify_parser.set_defaults(func=self.verify)
|
||||
|
||||
def _add_create_args(self):
|
||||
@@ -110,7 +126,8 @@ class Keep:
|
||||
default='application/octet-stream',
|
||||
help='the type/format of the secret to be'
|
||||
' generated (default: %(default)s).')
|
||||
create_parser.add_argument('--expiration', '-x', help='the expiration '
|
||||
create_parser.add_argument('--expiration', '-x',
|
||||
help='the expiration '
|
||||
'time for the secret in ISO 8601 format.')
|
||||
create_parser.set_defaults(func=self.create)
|
||||
|
||||
@@ -122,7 +139,8 @@ class Keep:
|
||||
store_parser.add_argument('--name', '-n',
|
||||
help='a human-friendly name.')
|
||||
store_parser.add_argument('--payload', '-p', help='the unencrypted'
|
||||
' secret; if provided, you must also provide'
|
||||
' secret; if provided, '
|
||||
'you must also provide'
|
||||
' a payload_content_type')
|
||||
store_parser.add_argument('--payload-content-type', '-t',
|
||||
help='the type/format of the provided '
|
||||
@@ -133,7 +151,8 @@ class Keep:
|
||||
help='required if --payload-content-type is'
|
||||
' "application/octet-stream".')
|
||||
store_parser.add_argument('--algorithm', '-a', default='aes',
|
||||
help='the algorithm (default: %(default)s).')
|
||||
help='the algorithm (default: '
|
||||
'%(default)s).')
|
||||
store_parser.add_argument('--bit-length', '-b', default=256,
|
||||
help='the bit length '
|
||||
'(default: %(default)s).',
|
||||
@@ -148,18 +167,22 @@ class Keep:
|
||||
def _add_delete_args(self):
|
||||
delete_parser = self.subparsers.add_parser(
|
||||
'delete',
|
||||
help='Delete a secret, order or verification by providing its href.'
|
||||
help='Delete a secret, order or '
|
||||
'verification by providing its href.'
|
||||
)
|
||||
delete_parser.add_argument('URI', help='The URI reference for the'
|
||||
' secret, order or verification')
|
||||
' secret, order '
|
||||
'or verification')
|
||||
delete_parser.set_defaults(func=self.delete)
|
||||
|
||||
def _add_get_args(self):
|
||||
get_parser = self.subparsers.add_parser(
|
||||
'get',
|
||||
help='Retrieve a secret, order or verification by providing its URI.'
|
||||
help='Retrieve a secret, order or '
|
||||
'verification by providing its URI.'
|
||||
)
|
||||
get_parser.add_argument('URI', help='The URI reference for the secret, '
|
||||
get_parser.add_argument('URI', help='The URI reference '
|
||||
'for the secret, '
|
||||
'order or verification.')
|
||||
get_parser.add_argument('--decrypt', '-d', help='if specified, keep'
|
||||
' will retrieve the unencrypted secret data;'
|
||||
@@ -176,9 +199,11 @@ class Keep:
|
||||
|
||||
def _add_list_args(self):
|
||||
list_parser = self.subparsers.add_parser('list',
|
||||
help='List secrets, orders or verifications')
|
||||
list_parser.add_argument('--limit', '-l', default=10, help='specify t'
|
||||
'he limit to the number of items to list per'
|
||||
help='List secrets, '
|
||||
'orders or '
|
||||
'verifications')
|
||||
list_parser.add_argument('--limit', '-l', default=10, help='specify '
|
||||
'the limit to the number of items to list per'
|
||||
' page (default: %(default)s; maximum: 100)',
|
||||
type=int)
|
||||
list_parser.add_argument('--offset', '-o', default=0, help='specify t'
|
||||
@@ -223,7 +248,8 @@ class Keep:
|
||||
self.client.orders.delete(args.URI)
|
||||
else:
|
||||
self.parser.exit(status=1, message='ERROR: delete is only '
|
||||
'supported for secrets, orders or verifications\n')
|
||||
'supported for secrets, '
|
||||
'orders or verifications\n')
|
||||
|
||||
def get(self, args):
|
||||
if args.command == 'secret':
|
||||
@@ -238,7 +264,8 @@ class Keep:
|
||||
print self.client.orders.get(args.URI)
|
||||
else:
|
||||
self.parser.exit(status=1, message='ERROR: get is only '
|
||||
'supported for secrets, orders or verifications\n')
|
||||
'supported for secrets, '
|
||||
'orders or verifications\n')
|
||||
|
||||
def list(self, args):
|
||||
if args.command == 'secret':
|
||||
@@ -249,7 +276,8 @@ class Keep:
|
||||
ls = self.client.orders.list(args.limit, args.offset)
|
||||
else:
|
||||
self.parser.exit(status=1, message='ERROR: get list is only '
|
||||
'supported for secrets, orders or verifications\n')
|
||||
'supported for secrets, '
|
||||
'orders or verifications\n')
|
||||
for obj in ls:
|
||||
print obj
|
||||
print '{0}s displayed: {1} - offset: {2}'.format(args.command, len(ls),
|
||||
@@ -271,18 +299,21 @@ class Keep:
|
||||
args = self.parser.parse_args(kwargs.get('argv'))
|
||||
if args.no_auth:
|
||||
self.client = client.Client(endpoint=args.endpoint,
|
||||
tenant_id=args.os_tenant_id)
|
||||
tenant_id=args.os_tenant_id,
|
||||
insecure=args.insecure)
|
||||
elif all([args.os_auth_url, args.os_username, args.os_password,
|
||||
args.os_tenant_name]):
|
||||
self._keystone = auth.KeystoneAuthV2(
|
||||
auth_url=args.os_auth_url,
|
||||
username=args.os_username,
|
||||
password=args.os_password,
|
||||
tenant_name=args.os_tenant_name
|
||||
tenant_name=args.os_tenant_name,
|
||||
insecure=args.insecure
|
||||
)
|
||||
self.client = client.Client(auth_plugin=self._keystone,
|
||||
endpoint=args.endpoint,
|
||||
tenant_id=args.os_tenant_id)
|
||||
tenant_id=args.os_tenant_id,
|
||||
insecure=args.insecure)
|
||||
else:
|
||||
self.parser.exit(
|
||||
status=1,
|
||||
|
||||
@@ -12,9 +12,10 @@
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
import logging
|
||||
|
||||
from barbicanclient import base
|
||||
from barbicanclient.openstack.common.gettextutils import _
|
||||
from barbicanclient.openstack.common import log as logging
|
||||
from barbicanclient.openstack.common import timeutils
|
||||
|
||||
|
||||
|
||||
@@ -12,8 +12,9 @@
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
import logging
|
||||
|
||||
from barbicanclient import base
|
||||
from barbicanclient.openstack.common import log as logging
|
||||
from barbicanclient.openstack.common.timeutils import parse_isotime
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user