~ubuntu-branches/ubuntu/vivid/heat/vivid : contents of contrib/heat_barbican/heat_barbican/resources/secret.py at revision 37

~ubuntu-branches/ubuntu/vivid/heat/vivid : (revision 37)

#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import six

from heat.common import exception
from heat.common.i18n import _
from heat.engine import attributes
from heat.engine import clients
from heat.engine import constraints
from heat.engine import properties
from heat.engine import resource
from heat.openstack.common import log as logging


LOG = logging.getLogger(__name__)


class Secret(resource.Resource):

    PROPERTIES = (
        NAME, PAYLOAD, PAYLOAD_CONTENT_TYPE, PAYLOAD_CONTENT_ENCODING,
        MODE, EXPIRATION, ALGORITHM, BIT_LENGTH,
    ) = (
        'name', 'payload', 'payload_content_type', 'payload_content_encoding',
        'mode', 'expiration', 'algorithm', 'bit_length',
    )

    ATTRIBUTES = (
        STATUS, DECRYPTED_PAYLOAD,
    ) = (
        'status', 'decrypted_payload',
    )

    properties_schema = {
        NAME: properties.Schema(
            properties.Schema.STRING,
            _('Human readable name for the secret.'),
        ),
        PAYLOAD: properties.Schema(
            properties.Schema.STRING,
            _('The unencrypted plain text of the secret.'),
        ),
        PAYLOAD_CONTENT_TYPE: properties.Schema(
            properties.Schema.STRING,
            _('The type/format the secret data is provided in.'),
            constraints=[
                constraints.AllowedValues([
                    'text/plain',
                    'application/octet-stream',
                ]),
            ],
        ),
        PAYLOAD_CONTENT_ENCODING: properties.Schema(
            properties.Schema.STRING,
            _('The encoding format used to provide the payload data.'),
            default='base64',
            constraints=[
                constraints.AllowedValues([
                    'base64',
                ]),
            ],
        ),
        EXPIRATION: properties.Schema(
            properties.Schema.STRING,
            _('The expiration date for the secret in ISO-8601 format.'),
            constraints=[
                constraints.CustomConstraint('iso_8601'),
            ],
        ),
        ALGORITHM: properties.Schema(
            properties.Schema.STRING,
            _('The algorithm type used to generate the secret.'),
        ),
        BIT_LENGTH: properties.Schema(
            properties.Schema.NUMBER,
            _('The bit-length of the secret.'),
            constraints=[
                constraints.Range(
                    min=0,
                ),
            ],
        ),
        MODE: properties.Schema(
            properties.Schema.STRING,
            _('The type/mode of the algorithm associated with the secret '
              'information.'),
        ),
    }

    attributes_schema = {
        STATUS: attributes.Schema(
            _('The status of the secret.')
        ),
        DECRYPTED_PAYLOAD: attributes.Schema(
            _('The decrypted secret payload.')
        ),
    }

    def barbican(self):
        return self.client('barbican')

    def validate(self):
        super(Secret, self).validate()
        self._validate_payload()

    def _validate_payload(self):
        '''Payload is optional, but requires content type if provided.'''

        payload = self.properties.get(self.PAYLOAD)
        content_type = self.properties.get(self.PAYLOAD_CONTENT_TYPE)
        if bool(payload) != bool(content_type):
            msg = _("'payload' and 'payload_content_type' must both be "
                    "provided or omitted.")
            raise exception.StackValidationFailed(message=msg)

    def handle_create(self):
        info = dict(self.properties)
        secret = self.barbican().secrets.create(**info)
        secret_ref = secret.store()
        self.resource_id_set(secret_ref)
        return secret_ref

    def handle_delete(self):
        if not self.resource_id:
            return

        client = self.barbican()
        try:
            client.secrets.delete(self.resource_id)
        except client.barbican_client.HTTPClientError as exc:
            # This is the only exception the client raises
            # Inspecting the message to see if it's a 'Not Found'
            if 'Not Found' not in six.text_type(exc):
                raise

    def _resolve_attribute(self, name):
        secret = self.barbican().secrets.get(self.resource_id)

        if name == self.DECRYPTED_PAYLOAD:
            return secret.payload

        if name == self.STATUS:
            return secret.status


def resource_mapping():
    return {
        'OS::Barbican::Secret': Secret,
    }


def available_resource_mapping():
    if not clients.has_client('barbican'):
        return {}

    return resource_mapping()

1.1.16 by Chuck Short Import upstream version 2014.2~b3	1	#
	2	# Licensed under the Apache License, Version 2.0 (the "License"); you may
	3	# not use this file except in compliance with the License. You may obtain
	4	# a copy of the License at
	5	#
	6	# http://www.apache.org/licenses/LICENSE-2.0
	7	#
	8	# Unless required by applicable law or agreed to in writing, software
	9	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	10	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	11	# License for the specific language governing permissions and limitations
	12	# under the License.
	13
	14	import six
	15
	16	from heat.common import exception
1.1.21 by Chuck Short Import upstream version 2015.1~b1	17	from heat.common.i18n import _
1.1.16 by Chuck Short Import upstream version 2014.2~b3	18	from heat.engine import attributes
	19	from heat.engine import clients
	20	from heat.engine import constraints
	21	from heat.engine import properties
	22	from heat.engine import resource
	23	from heat.openstack.common import log as logging
	24
	25
	26	LOG = logging.getLogger(__name__)
	27
	28
	29	class Secret(resource.Resource):
	30
	31	PROPERTIES = (
	32	NAME, PAYLOAD, PAYLOAD_CONTENT_TYPE, PAYLOAD_CONTENT_ENCODING,
	33	MODE, EXPIRATION, ALGORITHM, BIT_LENGTH,
	34	) = (
	35	'name', 'payload', 'payload_content_type', 'payload_content_encoding',
	36	'mode', 'expiration', 'algorithm', 'bit_length',
	37	)
	38
	39	ATTRIBUTES = (
	40	STATUS, DECRYPTED_PAYLOAD,
	41	) = (
	42	'status', 'decrypted_payload',
	43	)
	44
	45	properties_schema = {
	46	NAME: properties.Schema(
	47	properties.Schema.STRING,
	48	_('Human readable name for the secret.'),
	49	),
	50	PAYLOAD: properties.Schema(
	51	properties.Schema.STRING,
	52	_('The unencrypted plain text of the secret.'),
	53	),
	54	PAYLOAD_CONTENT_TYPE: properties.Schema(
	55	properties.Schema.STRING,
	56	_('The type/format the secret data is provided in.'),
	57	constraints=[
	58	constraints.AllowedValues([
	59	'text/plain',
	60	'application/octet-stream',
	61	]),
	62	],
	63	),
	64	PAYLOAD_CONTENT_ENCODING: properties.Schema(
	65	properties.Schema.STRING,
	66	_('The encoding format used to provide the payload data.'),
	67	default='base64',
	68	constraints=[
	69	constraints.AllowedValues([
	70	'base64',
	71	]),
	72	],
	73	),
	74	EXPIRATION: properties.Schema(
	75	properties.Schema.STRING,
	76	_('The expiration date for the secret in ISO-8601 format.'),
	77	constraints=[
	78	constraints.CustomConstraint('iso_8601'),
	79	],
	80	),
	81	ALGORITHM: properties.Schema(
82	properties.Schema.STRING,
83	_('The algorithm type used to generate the secret.'),
84	),
85	BIT_LENGTH: properties.Schema(
86	properties.Schema.NUMBER,
87	_('The bit-length of the secret.'),
88	constraints=[
89	constraints.Range(
90	min=0,
91	),
92	],
93	),
94	MODE: properties.Schema(
95	properties.Schema.STRING,
96	_('The type/mode of the algorithm associated with the secret '
97	'information.'),
98	),
99	}
100
101	attributes_schema = {
102	STATUS: attributes.Schema(
103	_('The status of the secret.')
104	),
105	DECRYPTED_PAYLOAD: attributes.Schema(
106	_('The decrypted secret payload.')
107	),
108	}
109
110	def barbican(self):
1.1.17 by James Page Import upstream version 2014.2~rc1	111	return self.client('barbican')
1.1.16 by Chuck Short Import upstream version 2014.2~b3	112
	113	def validate(self):
	114	super(Secret, self).validate()
	115	self._validate_payload()
	116
	117	def _validate_payload(self):
	118	'''Payload is optional, but requires content type if provided.'''
	119
	120	payload = self.properties.get(self.PAYLOAD)
	121	content_type = self.properties.get(self.PAYLOAD_CONTENT_TYPE)
	122	if bool(payload) != bool(content_type):
	123	msg = _("'payload' and 'payload_content_type' must both be "
	124	"provided or omitted.")
	125	raise exception.StackValidationFailed(message=msg)
	126
	127	def handle_create(self):
	128	info = dict(self.properties)
1.1.21 by Chuck Short Import upstream version 2015.1~b1	129	secret = self.barbican().secrets.create(**info)
1.1.17 by James Page Import upstream version 2014.2~rc1	130	secret_ref = secret.store()
1.1.16 by Chuck Short Import upstream version 2014.2~b3	131	self.resource_id_set(secret_ref)
	132	return secret_ref
	133
	134	def handle_delete(self):
	135	if not self.resource_id:
	136	return
	137
1.1.17 by James Page Import upstream version 2014.2~rc1	138	client = self.barbican()
1.1.16 by Chuck Short Import upstream version 2014.2~b3	139	try:
1.1.17 by James Page Import upstream version 2014.2~rc1	140	client.secrets.delete(self.resource_id)
1.1.16 by Chuck Short Import upstream version 2014.2~b3	141	except client.barbican_client.HTTPClientError as exc:
	142	# This is the only exception the client raises
	143	# Inspecting the message to see if it's a 'Not Found'
	144	if 'Not Found' not in six.text_type(exc):
	145	raise
	146
	147	def _resolve_attribute(self, name):
1.1.21 by Chuck Short Import upstream version 2015.1~b1	148	secret = self.barbican().secrets.get(self.resource_id)
1.1.17 by James Page Import upstream version 2014.2~rc1	149
1.1.16 by Chuck Short Import upstream version 2014.2~b3	150	if name == self.DECRYPTED_PAYLOAD:
1.1.17 by James Page Import upstream version 2014.2~rc1	151	return secret.payload
1.1.16 by Chuck Short Import upstream version 2014.2~b3	152
	153	if name == self.STATUS:
	154	return secret.status
	155
	156
	157	def resource_mapping():
	158	return {
	159	'OS::Barbican::Secret': Secret,
	160	}
	161
	162
	163	def available_resource_mapping():
	164	if not clients.has_client('barbican'):
	165	return {}
	166
	167	return resource_mapping()