tatu/tatu/castellano.py

125 lines
3.9 KiB
Python

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from castellan.common.objects.passphrase import Passphrase
from castellan.common.utils import credential_factory
from castellan.key_manager import API
from castellan.key_manager.key_manager import KeyManager
from oslo_config import cfg
from oslo_log import log as logging
LOG = logging.getLogger(__name__)
_context = None
_api = None
def context():
global _context
if _context is None and cfg.CONF.tatu.use_barbican_key_manager:
_context = credential_factory(conf=cfg.CONF)
return _context
def api():
global _api
if _api is None:
_api = API()
return _api
def delete_secret(id, ctx=None):
"""delete a secret from the external key manager
:param id: The identifier of the secret to delete
:param ctx: The context, and associated authentication, to use with
this operation (defaults to the current context)
"""
api().delete(ctx or context(), id)
def get_secret(id, ctx=None):
"""get a secret associated with an id
:param id: The identifier of the secret to retrieve
:param ctx: The context, and associated authentication, to use with
this operation (defaults to the current context)
"""
key = api().get(ctx or context(), id)
return key.get_encoded()
def store_secret(secret, ctx=None):
"""store a secret and return its identifier
:param secret: The secret to store, this should be a string
:param ctx: The context, and associated authentication, to use with
this operation (defaults to the current context)
"""
key = Passphrase(secret)
return api().store(ctx or context(), key)
"""
This module contains the KeyManager class that will be used by the
castellan library, it is not meant for direct usage within tatu.
"""
class TatuKeyManager(KeyManager):
"""Tatu specific key manager
This manager is a thin wrapper around the secret being stored. It is
intended for backward compatible use only. It will not store keys
or generate UUIDs but instead return the secret that is being stored.
This behavior allows Tatu to continue storing secrets in its database
while using the Castellan key manager abstraction.
"""
def __init__(self, configuration=None):
pass
def create_key(self, context, algorithm=None, length=0,
expiration=None, **kwargs):
pass
def create_key_pair(self, *args, **kwargs):
pass
def store(self, context, key, expiration=None, **kwargs):
"""store a key
In normal usage a store_key will return the UUID of the key as
dictated by the key manager. Tatu would then store this UUID in
its database to use for retrieval. As tatu is not actually using
a key manager in this context it will return the key's payload for
storage.
"""
return key.get_encoded()
def get(self, context, key_id, **kwargs):
"""get a key
Since tatu is not actually storing key UUIDs the key_id to this
function should actually be the key payload. this function will
simply return a new TatuKey based on that value.
"""
return Passphrase(passphrase=key_id)
def delete(self, context, key_id, **kwargs):
"""delete a key
As there is no external key manager, this function will not
perform any external actions. therefore, it won't change anything.
"""
pass