openstack/openstacksdk
Code Issues Proposed changes
Files
0a19263facedc8028eeccfbd03abf62efc5b2bad
openstacksdk/doc/source/users/guides/key_manager.rst
Brian Curtin 0a19263fac Refactor Key Manager for resource2 
This change updates the Key Manager service for the resource2/proxy2
refactoring. Along with making it work with the new classes, it improves
usability--at least temporarily--by exposing the ID value necessary from
the HREFs that the service returns. The HREF that gets returned, e.g.,
from a list call, is not directly usable to then pass it into a get
call. A more long-term fix for this would potentially be to create a Key
Manager specific base class that fiddles around with IDs and looks to
see if they are an HREF and converts them to a UUID in the proper
direction depending on where the data is going, but that's too much to
tackle in this refactoring change.

Besides updating some of the resources to match the documented
attributes, one feature this does add is retrieval of the Secret
payload, which is done via a separate endpoint. However, like other
calls in Glance and Heat, we unify them in the proxy's `get_secret` call
so the user doesn't need to know it's a separate call.

This also includes some basic docs in the user guide to show how the
different ID usage is currently necessary.

Change-Id: I8b5753e121d8f79350b38803e8aac95d7b4d1627
2016-08-24 15:58:51 -04:00

2.0 KiB
Raw Blame History

Using OpenStack Key Manager

Before working with the Key Manager service, you'll need to create a connection to your OpenStack cloud by following the connect user guide. This will provide you with the conn variable used in the examples below.

Table of Contents

Note

Some interactions with the Key Manager service differ from that of other services in that resources do not have a proper id parameter, which is necessary to make some calls. Instead, resources have a separately named id attribute, e.g., the Secret resource has secret_id.

The examples below outline when to pass in those id values.

Create a Secret

The Key Manager service allows you to create new secrets by passing the attributes of the ~openstack.key_manager.v1.secret.Secret to the ~openstack.key_manager.v1._proxy.Proxy.create_secret method.

../examples/key_manager/create.py

List Secrets

Once you have stored some secrets, they are available for you to list via the ~openstack.key_manager.v1._proxy.Proxy.secrets method. This method returns a generator, which yields each ~openstack.key_manager.v1.secret.Secret.

../examples/key_manager/list.py

The ~openstack.key_manager.v1._proxy.Proxy.secrets method can also make more advanced queries to limit the secrets that are returned.

../examples/key_manager/list.py

Get Secret Payload

Once you have received a ~openstack.key_manager.v1.secret.Secret, you can obtain the payload for it by passing the secret's id value to the ~openstack.key_manager.v1._proxy.Proxy.secrets method. Use the ~openstack.key_manager.v1.secret.Secret.secret_id attribute when making this request.

../examples/key_manager/get.py