tacker.keymgr.key_manager module

Key manager API

class tacker.keymgr.key_manager.KeyManager(auth_url)

Bases: object

Base Key Manager Interface

A Key Manager is responsible for creating, reading, and deleting keys.

abstract delete(context, managed_object_id)

Deletes the specified managed object.

Implementations should verify that the caller has permission to delete the managed object by checking the context object (context). A NotAuthorized exception should be raised if the caller lacks permission.

If the specified object does not exist, then a KeyError should be raised. Implementations should preclude users from discerning the UUIDs of objects that belong to other users by repeatedly calling this method. That is, objects that belong to other users should be considered “non-existent” and completely invisible.

abstract get(context, managed_object_id, metadata_only=False)

Retrieves the specified managed object.

Implementations should verify that the caller has permissions to retrieve the managed object by checking the context object passed in as context. If the user lacks permission then a NotAuthorized exception is raised.

If the caller requests only metadata, then the object that is returned will contain only the secret metadata and no secret bytes.

If the specified object does not exist, then a KeyError should be raised. Implementations should preclude users from discerning the UUIDs of objects that belong to other users by repeatedly calling this method. That is, objects that belong to other users should be considered “non-existent” and completely invisible.

abstract store(context, managed_object, expiration=None)

Stores a managed object with the key manager.

This method stores the specified managed object and returns its UUID that identifies it within the key manager. If the specified context does not permit the creation of keys, then a NotAuthorized exception should be raised.