octavia.certificates.manager package

octavia.certificates.manager package

Submodules

octavia.certificates.manager.barbican module

Cert manager implementation for Barbican using a single PKCS12 secret

class BarbicanCertManager[source]

Bases: octavia.certificates.manager.cert_mgr.CertManager

Certificate Manager that wraps the Barbican client API.

delete_cert(context, cert_ref, resource_ref, service_name=None)[source]

Deregister as a consumer for the specified cert.

Parameters:
  • context – Oslo context of the request
  • cert_ref – the UUID of the cert to retrieve
  • resource_ref – Full HATEOAS reference to the consuming resource
  • service_name – Friendly name for the consuming service
Raises:

Exception – if deregistration fails

get_cert(context, cert_ref, resource_ref=None, check_only=False, service_name=None)[source]

Retrieves the specified cert and registers as a consumer.

Parameters:
  • context – Oslo context of the request
  • cert_ref – the UUID of the cert to retrieve
  • resource_ref – Full HATEOAS reference to the consuming resource
  • check_only – Read Certificate data without registering
  • service_name – Friendly name for the consuming service
Returns:

octavia.certificates.common.Cert representation of the certificate data

Raises:

Exception – if certificate retrieval fails

set_acls(context, cert_ref)[source]

Adds ACLs so Octavia can access the cert objects.

If the specified cert does not exist or the addition of ACLs fails for any reason, a CertificateStorageException should be raised.

store_cert(context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, name='PKCS12 Certificate Bundle')[source]

Stores a certificate in the certificate manager.

Parameters:
  • context – Oslo context of the request
  • certificate – PEM encoded TLS certificate
  • private_key – private key for the supplied certificate
  • intermediates – ordered and concatenated intermediate certs
  • private_key_passphrase – optional passphrase for the supplied key
  • expiration – the expiration time of the cert in ISO 8601 format
  • name – a friendly name for the cert
Returns:

the container_ref of the stored cert

Raises:

Exception – if certificate storage fails

unset_acls(context, cert_ref)[source]

Remove ACLs so Octavia can access the cert objects.

If the specified cert does not exist or the removal of ACLs fails for any reason, a CertificateStorageException should be raised.

octavia.certificates.manager.barbican_legacy module

Legacy cert manager implementation for Barbican (container+secrets)

class BarbicanCertManager(auth=None)[source]

Bases: octavia.certificates.manager.cert_mgr.CertManager

Certificate Manager that wraps the Barbican client API.

delete_cert(context, cert_ref, resource_ref, service_name=None)[source]

Deregister as a consumer for the specified cert.

Parameters:
  • context – Oslo context of the request
  • cert_ref – the UUID of the cert to retrieve
  • resource_ref – Full HATEOAS reference to the consuming resource
  • service_name – Friendly name for the consuming service
Raises:

Exception – if deregistration fails

get_cert(context, cert_ref, resource_ref=None, check_only=False, service_name=None)[source]

Retrieves the specified cert and registers as a consumer.

Parameters:
  • context – Oslo context of the request
  • cert_ref – the UUID of the cert to retrieve
  • resource_ref – Full HATEOAS reference to the consuming resource
  • check_only – Read Certificate data without registering
  • service_name – Friendly name for the consuming service
Returns:

octavia.certificates.common.Cert representation of the certificate data

Raises:

Exception – if certificate retrieval fails

set_acls(context, cert_ref)[source]

Adds ACLs so Octavia can access the cert objects.

If the specified cert does not exist or the addition of ACLs fails for any reason, a CertificateStorageException should be raised.

store_cert(context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, name=None)[source]

Stores a certificate in the certificate manager.

Parameters:
  • context – Oslo context of the request
  • certificate – PEM encoded TLS certificate
  • private_key – private key for the supplied certificate
  • intermediates – ordered and concatenated intermediate certs
  • private_key_passphrase – optional passphrase for the supplied key
  • expiration – the expiration time of the cert in ISO 8601 format
  • name – a friendly name for the cert
Returns:

the container_ref of the stored cert

Raises:

Exception – if certificate storage fails

unset_acls(context, cert_ref)[source]

Remove ACLs so Octavia can access the cert objects.

If the specified cert does not exist or the removal of ACLs fails for any reason, a CertificateStorageException should be raised.

octavia.certificates.manager.castellan_mgr module

Cert manager implementation for Castellan

class CastellanCertManager[source]

Bases: octavia.certificates.manager.cert_mgr.CertManager

Certificate Manager for the Castellan library.

delete_cert(context, cert_ref, resource_ref, service_name=None)[source]

Deletes the specified cert.

If the specified cert does not exist, a CertificateStorageException should be raised.

get_cert(context, cert_ref, resource_ref=None, check_only=False, service_name=None)[source]

Retrieves the specified cert.

If check_only is True, don’t perform any sort of registration. If the specified cert does not exist, a CertificateStorageException should be raised.

set_acls(context, cert_ref)[source]

Adds ACLs so Octavia can access the cert objects.

If the specified cert does not exist or the addition of ACLs fails for any reason, a CertificateStorageException should be raised.

store_cert(context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, name='PKCS12 Certificate Bundle')[source]

Stores (i.e., registers) a cert with the cert manager.

This method stores the specified cert and returns its UUID that identifies it within the cert manager. If storage of the certificate data fails, a CertificateStorageException should be raised.

unset_acls(context, cert_ref)[source]

Remove ACLs so Octavia can access the cert objects.

If the specified cert does not exist or the removal of ACLs fails for any reason, a CertificateStorageException should be raised.

octavia.certificates.manager.cert_mgr module

Certificate manager API

class CertManager[source]

Bases: object

Base Cert Manager Interface

A Cert Manager is responsible for managing certificates for TLS.

delete_cert(context, cert_ref, resource_ref, service_name=None)[source]

Deletes the specified cert.

If the specified cert does not exist, a CertificateStorageException should be raised.

get_cert(context, cert_ref, resource_ref=None, check_only=False, service_name=None)[source]

Retrieves the specified cert.

If check_only is True, don’t perform any sort of registration. If the specified cert does not exist, a CertificateStorageException should be raised.

set_acls(context, cert_ref)[source]

Adds ACLs so Octavia can access the cert objects.

If the specified cert does not exist or the addition of ACLs fails for any reason, a CertificateStorageException should be raised.

store_cert(context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, name=None)[source]

Stores (i.e., registers) a cert with the cert manager.

This method stores the specified cert and returns its UUID that identifies it within the cert manager. If storage of the certificate data fails, a CertificateStorageException should be raised.

unset_acls(context, cert_ref)[source]

Remove ACLs so Octavia can access the cert objects.

If the specified cert does not exist or the removal of ACLs fails for any reason, a CertificateStorageException should be raised.

octavia.certificates.manager.local module

class LocalCertManager[source]

Bases: octavia.certificates.manager.cert_mgr.CertManager

Cert Manager Interface that stores data locally.

static delete_cert(context, cert_ref, **kwargs)[source]

Deletes the specified cert.

Parameters:
  • context – Ignored in this implementation
  • cert_ref – the UUID of the cert to delete
Raises:

CertificateStorageException – if certificate deletion fails

static get_cert(context, cert_ref, **kwargs)[source]

Retrieves the specified cert.

Parameters:
  • context – Ignored in this implementation
  • cert_ref – the UUID of the cert to retrieve
Returns:

octavia.certificates.common.Cert representation of the certificate data

Raises:

CertificateStorageException – if certificate retrieval fails

set_acls(context, cert_ref)[source]

Adds ACLs so Octavia can access the cert objects.

If the specified cert does not exist or the addition of ACLs fails for any reason, a CertificateStorageException should be raised.

static store_cert(context, certificate, private_key, intermediates=None, private_key_passphrase=None, **kwargs)[source]

Stores (i.e., registers) a cert with the cert manager.

This method stores the specified cert to the filesystem and returns a UUID that can be used to retrieve it.

Parameters:
  • context – Ignored in this implementation
  • certificate – PEM encoded TLS certificate
  • private_key – private key for the supplied certificate
  • intermediates – ordered and concatenated intermediate certs
  • private_key_passphrase – optional passphrase for the supplied key
Returns:

the UUID of the stored cert

Raises:

CertificateStorageException – if certificate storage fails

unset_acls(context, cert_ref)[source]

Remove ACLs so Octavia can access the cert objects.

If the specified cert does not exist or the removal of ACLs fails for any reason, a CertificateStorageException should be raised.

Module contents

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.