1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
# Copyright (c) 2016 GohighSec, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import logging
from keystoneauth1 import discover
from barbicanclient import client as base_client
from barbicanclient.v1 import acls
from barbicanclient.v1 import cas
from barbicanclient.v1 import containers
from barbicanclient.v1 import orders
from barbicanclient.v1 import secrets
LOG = logging.getLogger(__name__)
_SUPPORTED_MICROVERSIONS = [(1, 0),
(1, 1)]
# For microversion 1.0, API status is "stable"
_STABLE = "STABLE"
class Client(object):
def __init__(self, session=None, *args, **kwargs):
"""Barbican client implementation for API version v1
This class is dynamically loaded by the factory function
`barbicanclient.client.Client`. It's recommended to use that
function instead of making instances of this class directly.
"""
microversion = kwargs.pop('microversion', None)
if microversion:
if not self._validate_microversion(
session,
kwargs.get('endpoint'),
kwargs.get('version'),
kwargs.get('service_type'),
kwargs.get('service_name'),
kwargs.get('interface'),
kwargs.get('region_name'),
microversion
):
raise ValueError(
"Endpoint does not support microversion {}".format(
microversion))
kwargs['default_microversion'] = microversion
# TODO(dmendiza): This should be a private member
self.client = base_client._HTTPClient(session=session, *args, **kwargs)
self.secrets = secrets.SecretManager(self.client)
self.orders = orders.OrderManager(self.client)
self.containers = containers.ContainerManager(self.client)
self.cas = cas.CAManager(self.client)
self.acls = acls.ACLManager(self.client)
def _validate_microversion(self, session, endpoint, version, service_type,
service_name, interface, region_name,
microversion):
# first we make sure that the microversion is something we understand
normalized = discover.normalize_version_number(microversion)
if normalized not in _SUPPORTED_MICROVERSIONS:
raise ValueError("Invalid microversion {}".format(microversion))
microversion = discover.version_to_string(normalized)
if not endpoint:
endpoint = session.get_endpoint(
service_type=service_type,
service_name=service_name,
interface=interface,
region_name=region_name,
version=version
)
resp = discover.get_version_data(
session, endpoint,
version_header='key-manager ' + microversion)
if resp:
resp = resp[0]
status = resp['status'].upper()
if status == _STABLE:
# status is only set to STABLE in two cases
# 1. when the server is older and is ignoring the microversion
# header
# 2. when we ask for microversion 1.0 and the server
# undertsands the header
# in either case min/max will be 1.0
min_ver = '1.0'
max_ver = '1.0'
else:
# any other status will have a min/max
min_ver = resp['version']['min_version']
max_ver = resp['version']['max_version']
return discover.version_between(min_ver, max_ver, microversion)
# TODO(afariasa) What should be returned? error?
return False
|