diff options
Diffstat (limited to 'doc/source/cli/usage.rst')
-rw-r--r-- | doc/source/cli/usage.rst | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/doc/source/cli/usage.rst b/doc/source/cli/usage.rst index 4bf2d38..15cf12c 100644 --- a/doc/source/cli/usage.rst +++ b/doc/source/cli/usage.rst @@ -186,6 +186,52 @@ Example: retrieved_container = barbican.containers.get(my_container_ref) +Secret Consumers +================ + +Secret consumers are represented by three attributes: service, resource type and resource id. +Callers can register secret consumers to indicate that they are using a secret. +For instance, in the example below, the caller creates a secret consumer to indicate that +the created secret is being used to encrypt a specific Glance image. + +Secret consumers should be managed using the +:class:`barbicanclient.secrets.SecretManager` instance in the +`secrets` attribute of the `Client` and by the corresponding +`register_consumer`, `remove_consumer` and `list_consumers` methods. + +Example: + + .. code-block:: python + + # Creating a secret and adding a consumer to it + + secret = barbican.secrets.create(name='image encryption key', + payload='encryption_key') + secret.store() + + barbican.secrets.register_consumer( + secret.secret_ref, + service="image", + resource_type="image", + resource_id="123e4567-e89b-12d3-a456-426614174002" + ) + + # Listing all the secret's consumers + + consumers = barbican.secrets.list_consumers(secret.secret_ref) + for consumer in consumers: + print(f"Service: {consumer['service']}\t" + f"Resource Type: {consumer['resource_type']}\t" + f"Resource id: {consumer['resource_id']}") + + # Removing the previously created consumer + + barbican.secrets.remove_consumer( + secret.secret_ref, + service="image", + resource_type="image", + resource_id="123e4567-e89b-12d3-a456-426614174002" + ) ACLs ==== @@ -325,7 +371,7 @@ Example: # Case 2 - Remove same users from ACL settings for each operation type # -------------------------------------------------------------------- - # Get ACL entity from server + # Get ACL from server acl_entity = barbican.acls.get(secret_ref) # Go through each operation ACL setting and remove users from existing list |