Reference¶

Client¶

class barbicanclient.client.Client(session=None, *args, **kwargs)¶

Barbican client object used to interact with barbican service.

Parameters:

session – An instance of keystoneclient.session.Session that can be either authenticated, or not authenticated. When using a non-authenticated Session, you must provide some additional parameters. When no session is provided it will default to a non-authenticated Session.
endpoint – Barbican endpoint url. Required when a session is not given, or when using a non-authenticated session. When using an authenticated session, the client will attempt to get an endpoint from the session.
project_id – The project ID used for context in Barbican. Required when a session is not given, or when using a non-authenticated session. When using an authenticated session, the project ID will be provided by the authentication mechanism.
verify – When a session is not given, the client will create a non-authenticated session. This parameter is passed to the session that is created. If set to False, it allows barbicanclient to perform “insecure” TLS (https) requests. The server’s certificate will not be verified against any certificate authorities. WARNING: This option should be used with caution.
service_type – Used as an endpoint filter when using an authenticated keystone session. Defaults to ‘key-management’.
service_name – Used as an endpoint filter when using an authenticated keystone session.
interface – Used as an endpoint filter when using an authenticated keystone session. Defaults to ‘public’.
region_name – Used as an endpoint filter when using an authenticated keystone session.

Secrets¶

class barbicanclient.secrets.SecretManager(api)¶

Entity Manager for Secret entities

create(name=None, payload=None, payload_content_type=None, payload_content_encoding=None, algorithm=None, bit_length=None, secret_type=None, mode=None, expiration=None)¶

Factory method for creating new Secret objects

Secrets returned by this method have not yet been stored in the Barbican service.

Parameters:	name – A friendly name for the Secret payload – The unencrypted secret data payload_content_type – DEPRECATED: The format/type of the secret data. Setting this can lead to unexpected results. See Launchpad Bug #1419166. payload_content_encoding – DEPRECATED: The encoding of the secret data. Setting this can lead to unexpected results. See Launchpad Bug #1419166. algorithm – The algorithm associated with this secret key bit_length – The bit length of this secret key mode – The algorithm mode used with this secret key secret_type – The secret type for this secret key expiration – The expiration time of the secret in ISO 8601 format
Returns:	A new Secret object
Return type:	`barbicanclient.secrets.Secret`
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

delete(secret_ref)¶

Delete a Secret from Barbican

Parameters:	secret_ref – The href for the secret to be deleted
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

get(secret_ref, payload_content_type=None)¶

Retrieve an existing Secret from Barbican

Parameters:	secret_ref (str) – Full HATEOAS reference to a Secret payload_content_type (str) – DEPRECATED: Content type to use for payload decryption. Setting this can lead to unexpected results. See Launchpad Bug #1419166.
Returns:	Secret object retrieved from Barbican
Return type:	`barbicanclient.secrets.Secret`
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

list(limit=10, offset=0, name=None, algorithm=None, mode=None, bits=0)¶

List Secrets for the project

This method uses the limit and offset parameters for paging, and also supports filtering.

Parameters:	limit – Max number of secrets returned offset – Offset secrets to begin list name – Name filter for the list algorithm – Algorithm filter for the list mode – Mode filter for the list bits – Bits filter for the list
Returns:	list of Secret objects that satisfy the provided filter criteria.
Return type:	list
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

class barbicanclient.secrets.Secret(api, name=None, expiration=None, algorithm=None, bit_length=None, mode=None, payload=None, payload_content_type=None, payload_content_encoding=None, secret_ref=None, created=None, updated=None, content_types=None, status=None, secret_type=None, creator_id=None)¶

Secrets represent keys, credentials, and other sensitive data that is stored by the Barbican service.

Secret objects should not be instantiated directly. You should use the create or get methods of the barbicanclient.secrets.SecretManager instead.

delete()¶: Deletes the Secret from Barbican

payload¶: Lazy-loaded property that holds the unencrypted data

store(*args)¶

Stores the Secret in Barbican. New Secret objects are not persisted in Barbican until this method is called.

Raises:	PayloadException

Orders¶

class barbicanclient.orders.OrderManager(api)¶

Entity Manager for Order entitites

create_asymmetric(name=None, algorithm=None, bit_length=None, pass_phrase=None, payload_content_type=None, expiration=None)¶

Factory method for AsymmetricOrder objects

AsymmetricOrder objects returned by this method have not yet been submitted to the Barbican service.

Parameters:	name – A friendly name for the container to be created algorithm – The algorithm associated with this secret key bit_length – The bit length of this secret key pass_phrase – Optional passphrase payload_content_type – The format/type of the secret data expiration – The expiration time of the secret in ISO 8601 format
Returns:	AsymmetricOrder
Return type:	`barbicanclient.orders.AsymmetricOrder`
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

create_certificate(name=None, request_type=None, subject_dn=None, source_container_ref=None, ca_id=None, profile=None, request_data=None)¶

Factory method for CertificateOrder objects

CertificateOrder objects returned by this method have not yet been submitted to the Barbican service.

Parameters:	name – A friendly name for the container to be created request_type – The type of the certificate request subject_dn – A subject for the certificate source_container_ref – A container with a public/private key pair to use as source for stored-key requests ca_id – The identifier of the CA to use profile – The profile of certificate to use request_data – The CSR content
Returns:	CertificateOrder
Return type:	`barbicanclient.orders.CertificateOrder`

create_key(name=None, algorithm=None, bit_length=None, mode=None, payload_content_type=None, expiration=None)¶

Factory method for KeyOrder objects

KeyOrder objects returned by this method have not yet been submitted to the Barbican service.

Parameters:	name – A friendly name for the secret to be created algorithm – The algorithm associated with this secret key bit_length – The bit length of this secret key mode – The algorithm mode used with this secret key payload_content_type – The format/type of the secret data expiration – The expiration time of the secret in ISO 8601 format
Returns:	KeyOrder
Return type:	`barbicanclient.orders.KeyOrder`
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

delete(order_ref)¶

Delete an Order from Barbican

Parameters:	order_ref – The href for the order

get(order_ref)¶

Retrieve an existing Order from Barbican

Parameters:	order_ref – Full HATEOAS reference to an Order
Returns:	An instance of the appropriate subtype of Order
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

list(limit=10, offset=0)¶

List Orders for the project

This method uses the limit and offset parameters for paging.

Parameters:	limit – Max number of orders returned offset – Offset orders to begin list
Returns:	list of Order objects
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

class barbicanclient.orders.Order(api, type, status=None, created=None, updated=None, meta=None, order_ref=None, error_status_code=None, error_reason=None, sub_status=None, sub_status_message=None, creator_id=None)¶

Base order object to hold common functionality

This should be considered an abstract class that should not be instantiated directly.

delete()¶: Deletes the Order from Barbican

submit(*args)¶: Submit the Order to Barbican. New Order objects are not persisted in Barbican until this method is called.

class barbicanclient.orders.KeyOrder(api, name=None, algorithm=None, bit_length=None, mode=None, expiration=None, payload_content_type=None, status=None, created=None, updated=None, order_ref=None, secret_ref=None, error_status_code=None, error_reason=None, sub_status=None, sub_status_message=None, creator_id=None)¶

KeyOrders can be used to request random key material from Barbican

mode¶

Encryption mode being used with this key

The mode could be set to “CBC” for example, when requesting a key that will be used for AES encryption in CBC mode.

class barbicanclient.orders.AsymmetricOrder(api, name=None, algorithm=None, bit_length=None, mode=None, pass_phrase=None, expiration=None, payload_content_type=None, status=None, created=None, updated=None, order_ref=None, container_ref=None, error_status_code=None, error_reason=None, sub_status=None, sub_status_message=None, creator_id=None)¶

pass_phrase¶: Passphrase to be used for passphrase protected asymmetric keys

Containers¶

class barbicanclient.containers.ContainerManager(api)¶

EntityManager for Container entities

You should use the ContainerManager exposed by the Client and should not need to instantiate your own.

create(name=None, secrets=None)¶

Factory method for Container objects

Container objects returned by this method have not yet been stored in Barbican.

Parameters:	name – A friendly name for the Container secrets – Secrets to populate when creating a Container
Returns:	Container
Return type:	`barbicanclient.containers.Container`
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

create_certificate(name=None, certificate=None, intermediates=None, private_key=None, private_key_passphrase=None)¶

Factory method for CertificateContainer objects

CertificateContainer objects returned by this method have not yet been stored in Barbican.

Parameters:	name – A friendly name for the CertificateContainer certificate – Secret object containing a Certificate intermediates – Secret object containing Intermediate Certs private_key – Secret object containing a Private Key private_key_passphrase – Secret object containing a passphrase
Returns:	CertificateContainer
Return type:	`barbicanclient.containers.CertificateContainer`
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

create_rsa(name=None, public_key=None, private_key=None, private_key_passphrase=None)¶

Factory method for RSAContainer objects

RSAContainer objects returned by this method have not yet been stored in Barbican.

Parameters:	name – A friendly name for the RSAContainer public_key – Secret object containing a Public Key private_key – Secret object containing a Private Key private_key_passphrase – Secret object containing a passphrase
Returns:	RSAContainer
Return type:	`barbicanclient.containers.RSAContainer`
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

delete(container_ref)¶

Delete a Container from Barbican

Parameters:	container_ref – Full HATEOAS reference to a Container
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

get(container_ref)¶

Retrieve an existing Container from Barbican

Parameters:	container_ref (str) – Full HATEOAS reference to a Container
Returns:	Container object or a subclass of the appropriate type

list(limit=10, offset=0, name=None, type=None)¶

List containers for the project. This method uses the limit and offset parameters for paging.

Parameters:	limit – Max number of containers returned offset – Offset containers to begin list name – Name filter for the list type – Type filter for the list
Returns:	list of Container metadata objects
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

register_consumer(container_ref, name, url)¶

Add a consumer to the container

Parameters:	container_ref – Full HATEOAS reference to a Container name – Name of the consuming service url – URL of the consuming resource
Returns:	A container object per the get() method
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

remove_consumer(container_ref, name, url)¶

Remove a consumer from the container

Parameters:	container_ref – Full HATEOAS reference to a Container name – Name of the previously consuming service url – URL of the previously consuming resource
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

class barbicanclient.containers.Container(api, name=None, secrets=None, consumers=None, container_ref=None, created=None, updated=None, status=None, secret_refs=None)¶

Container is a generic grouping of Secrets

delete()¶: Delete container from Barbican

secrets¶: List of Secrets in Containers

store(*args)¶: Store Container in Barbican

class barbicanclient.containers.RSAContainer(api, name=None, public_key=None, private_key=None, private_key_passphrase=None, consumers=[], container_ref=None, created=None, updated=None, status=None, public_key_ref=None, private_key_ref=None, private_key_passphrase_ref=None)¶

private_key¶: Secret containing the Private Key

private_key_passphrase¶: Secret containing the Passphrase

public_key¶: Secret containing the Public Key

class barbicanclient.containers.CertificateContainer(api, name=None, certificate=None, intermediates=None, private_key=None, private_key_passphrase=None, consumers=[], container_ref=None, created=None, updated=None, status=None, certificate_ref=None, intermediates_ref=None, private_key_ref=None, private_key_passphrase_ref=None)¶

certificate¶: Secret containing the certificate

intermediates¶: Secret containing intermediate certificates

private_key¶: Secret containing the private key

private_key_passphrase¶: Secret containing the passphrase

Certificate Authorities¶

class barbicanclient.cas.CAManager(api)¶

Entity Manager for Secret entities

get(ca_ref)¶

Retrieve an existing CA from Barbican

Parameters:	ca_ref (str) – Full HATEOAS reference to a CA
Returns:	CA object retrieved from Barbican
Return type:	`barbicanclient.cas.CA`
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

list(limit=10, offset=0, name=None)¶

List CAs for the project

This method uses the limit and offset parameters for paging, and also supports filtering.

Parameters:	limit – Max number of CAs returned offset – Offset secrets to begin list name – Name filter for the list
Returns:	list of CA objects that satisfy the provided filter criteria.
Return type:	list
Raises:	barbicanclient.exceptions.HTTPAuthError – 401 Responses barbicanclient.exceptions.HTTPClientError – 4xx Responses barbicanclient.exceptions.HTTPServerError – 5xx Responses

class barbicanclient.cas.CA(api, meta=None, expiration=None, plugin_name=None, plugin_ca_id=None, ca_ref=None, created=None, updated=None, status=None, creator_id=None)¶

CAs represent certificate authorities or subCAs with which the Barbican service is configured to interact.

CA objects should not be instantiated directly. You should use the create or get methods of the barbicanclient.cas.CAManager instead.

Exceptions¶

exception barbicanclient.exceptions.HTTPAuthError(message, status_code=401)¶: Raised for 401 Unauthorized responses from the server.

exception barbicanclient.exceptions.HTTPClientError(message, status_code=0)¶: Raised for 4xx responses from the server.

exception barbicanclient.exceptions.HTTPError(message, status_code=0)¶: Base exception for HTTP errors.

exception barbicanclient.exceptions.HTTPServerError(message, status_code=0)¶: Raised for 5xx responses from the server.

OpenStack

Reference¶

Client¶

Secrets¶

Orders¶

Containers¶

Certificate Authorities¶

Exceptions¶

Table Of Contents

Previous topic

Next topic

This Page

OpenStack

Reference¶

Client¶

Secrets¶

Orders¶

Containers¶

Certificate Authorities¶

Exceptions¶

Table Of Contents

Previous topic

Next topic

This Page

Quick search