diff options
author | Mauricio Harley <mharley@redhat.com> | 2023-02-13 17:49:00 +0100 |
---|---|---|
committer | Mauricio Harley <mharley@redhat.com> | 2023-02-15 10:30:03 +0100 |
commit | ad14b64a7a1a3d4d1315891c486a12e0a4567846 (patch) | |
tree | 107045eba71408a4e5cbcefdd4b61f91877a6bd7 /doc/source/cli/usage.rst | |
parent | da03fc5cf0774f4bcd884279356452deeac4e700 (diff) | |
download | python-barbicanclient-ad14b64a7a1a3d4d1315891c486a12e0a4567846.tar.gz |
Add secret consumers documentation5.5.0
Change-Id: I55cdf4735d6936c966f7b1638714762747f6d480
Diffstat (limited to 'doc/source/cli/usage.rst')
-rw-r--r-- | doc/source/cli/usage.rst | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/doc/source/cli/usage.rst b/doc/source/cli/usage.rst index 4bf2d38..15cf12c 100644 --- a/doc/source/cli/usage.rst +++ b/doc/source/cli/usage.rst @@ -186,6 +186,52 @@ Example: retrieved_container = barbican.containers.get(my_container_ref) +Secret Consumers +================ + +Secret consumers are represented by three attributes: service, resource type and resource id. +Callers can register secret consumers to indicate that they are using a secret. +For instance, in the example below, the caller creates a secret consumer to indicate that +the created secret is being used to encrypt a specific Glance image. + +Secret consumers should be managed using the +:class:`barbicanclient.secrets.SecretManager` instance in the +`secrets` attribute of the `Client` and by the corresponding +`register_consumer`, `remove_consumer` and `list_consumers` methods. + +Example: + + .. code-block:: python + + # Creating a secret and adding a consumer to it + + secret = barbican.secrets.create(name='image encryption key', + payload='encryption_key') + secret.store() + + barbican.secrets.register_consumer( + secret.secret_ref, + service="image", + resource_type="image", + resource_id="123e4567-e89b-12d3-a456-426614174002" + ) + + # Listing all the secret's consumers + + consumers = barbican.secrets.list_consumers(secret.secret_ref) + for consumer in consumers: + print(f"Service: {consumer['service']}\t" + f"Resource Type: {consumer['resource_type']}\t" + f"Resource id: {consumer['resource_id']}") + + # Removing the previously created consumer + + barbican.secrets.remove_consumer( + secret.secret_ref, + service="image", + resource_type="image", + resource_id="123e4567-e89b-12d3-a456-426614174002" + ) ACLs ==== @@ -325,7 +371,7 @@ Example: # Case 2 - Remove same users from ACL settings for each operation type # -------------------------------------------------------------------- - # Get ACL entity from server + # Get ACL from server acl_entity = barbican.acls.get(secret_ref) # Go through each operation ACL setting and remove users from existing list |