Cert manager implementation for Barbican using a single PKCS12 secret
BarbicanCertManager
[source]¶Bases: octavia.certificates.manager.cert_mgr.CertManager
Certificate Manager that wraps the Barbican client API.
delete_cert
(context, cert_ref, resource_ref, service_name=None)[source]¶Deregister as a consumer for the specified cert.
Parameters: |
|
---|---|
Raises: | Exception – if deregistration fails |
get_cert
(context, cert_ref, resource_ref=None, check_only=False, service_name=None)[source]¶Retrieves the specified cert and registers as a consumer.
Parameters: |
|
---|---|
Returns: | octavia.certificates.common.Cert representation of the certificate data |
Raises: | Exception – if certificate retrieval fails |
set_acls
(context, cert_ref)[source]¶Adds ACLs so Octavia can access the cert objects.
If the specified cert does not exist or the addition of ACLs fails for any reason, a CertificateStorageException should be raised.
store_cert
(context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, name='PKCS12 Certificate Bundle')[source]¶Stores a certificate in the certificate manager.
Parameters: |
|
---|---|
Returns: | the container_ref of the stored cert |
Raises: | Exception – if certificate storage fails |
Legacy cert manager implementation for Barbican (container+secrets)
BarbicanCertManager
(auth=None)[source]¶Bases: octavia.certificates.manager.cert_mgr.CertManager
Certificate Manager that wraps the Barbican client API.
delete_cert
(context, cert_ref, resource_ref, service_name=None)[source]¶Deregister as a consumer for the specified cert.
Parameters: |
|
---|---|
Raises: | Exception – if deregistration fails |
get_cert
(context, cert_ref, resource_ref=None, check_only=False, service_name=None)[source]¶Retrieves the specified cert and registers as a consumer.
Parameters: |
|
---|---|
Returns: | octavia.certificates.common.Cert representation of the certificate data |
Raises: | Exception – if certificate retrieval fails |
set_acls
(context, cert_ref)[source]¶Adds ACLs so Octavia can access the cert objects.
If the specified cert does not exist or the addition of ACLs fails for any reason, a CertificateStorageException should be raised.
store_cert
(context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, name=None)[source]¶Stores a certificate in the certificate manager.
Parameters: |
|
---|---|
Returns: | the container_ref of the stored cert |
Raises: | Exception – if certificate storage fails |
Cert manager implementation for Castellan
CastellanCertManager
[source]¶Bases: octavia.certificates.manager.cert_mgr.CertManager
Certificate Manager for the Castellan library.
delete_cert
(context, cert_ref, resource_ref, service_name=None)[source]¶Deletes the specified cert.
If the specified cert does not exist, a CertificateStorageException should be raised.
get_cert
(context, cert_ref, resource_ref=None, check_only=False, service_name=None)[source]¶Retrieves the specified cert.
If check_only is True, don’t perform any sort of registration. If the specified cert does not exist, a CertificateStorageException should be raised.
set_acls
(context, cert_ref)[source]¶Adds ACLs so Octavia can access the cert objects.
If the specified cert does not exist or the addition of ACLs fails for any reason, a CertificateStorageException should be raised.
store_cert
(context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, name='PKCS12 Certificate Bundle')[source]¶Stores (i.e., registers) a cert with the cert manager.
This method stores the specified cert and returns its UUID that identifies it within the cert manager. If storage of the certificate data fails, a CertificateStorageException should be raised.
Certificate manager API
CertManager
[source]¶Bases: object
Base Cert Manager Interface
A Cert Manager is responsible for managing certificates for TLS.
delete_cert
(context, cert_ref, resource_ref, service_name=None)[source]¶Deletes the specified cert.
If the specified cert does not exist, a CertificateStorageException should be raised.
get_cert
(context, cert_ref, resource_ref=None, check_only=False, service_name=None)[source]¶Retrieves the specified cert.
If check_only is True, don’t perform any sort of registration. If the specified cert does not exist, a CertificateStorageException should be raised.
set_acls
(context, cert_ref)[source]¶Adds ACLs so Octavia can access the cert objects.
If the specified cert does not exist or the addition of ACLs fails for any reason, a CertificateStorageException should be raised.
store_cert
(context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, name=None)[source]¶Stores (i.e., registers) a cert with the cert manager.
This method stores the specified cert and returns its UUID that identifies it within the cert manager. If storage of the certificate data fails, a CertificateStorageException should be raised.
LocalCertManager
[source]¶Bases: octavia.certificates.manager.cert_mgr.CertManager
Cert Manager Interface that stores data locally.
delete_cert
(context, cert_ref, **kwargs)[source]¶Deletes the specified cert.
Parameters: |
|
---|---|
Raises: | CertificateStorageException – if certificate deletion fails |
get_cert
(context, cert_ref, **kwargs)[source]¶Retrieves the specified cert.
Parameters: |
|
---|---|
Returns: | octavia.certificates.common.Cert representation of the certificate data |
Raises: | CertificateStorageException – if certificate retrieval fails |
set_acls
(context, cert_ref)[source]¶Adds ACLs so Octavia can access the cert objects.
If the specified cert does not exist or the addition of ACLs fails for any reason, a CertificateStorageException should be raised.
store_cert
(context, certificate, private_key, intermediates=None, private_key_passphrase=None, **kwargs)[source]¶Stores (i.e., registers) a cert with the cert manager.
This method stores the specified cert to the filesystem and returns a UUID that can be used to retrieve it.
Parameters: |
|
---|---|
Returns: | the UUID of the stored cert |
Raises: | CertificateStorageException – if certificate storage fails |
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.