Refactor Client Entity Models¶
The current Entity Models in the client are a bit awkward to use. This blueprint proposes refactoring some functionality to make the API more usable and consistent.
The Entity Models in
barbicanclient should be refactored to provide a
more Pythonic api. This refactor will make the existing Entities consistent
with the recently approved Containers blueprint. 1
Refactor existing Models to provide methods for actions that affect a single
entity inside the entity class. This will allow for worflows that only affect
a single entity to be completed without the need for a reference to the
Secret entity should be refactored to add a
store() method and
from barbicanclient import client # Set up client connection connection = client.Client(tenant_id="1", endpoint=ENDPOINT, insecure=True) # Create a new Secret my_secret = connection.secrets.Secret(name="My secret name", payload="the secret sauce") my_secret.store() # Alternatively set Secret properties instead of passing args my_secret = connection.secrets.Secret() my_secret.name = "My secret name" my_secret.payload = "the secret sauce" my_secret.store()
Orders should allow both args to the constructor as well as
setting properties directly. We should also add a
submit() method to
submit the order to the API:
from barbicanclient import client # Set up client connection connection = client.Client(tenant_id="1", endpoint=ENDPOINT, insecure=True) # Create and submit a new Order my_order = connection.orders.Order( name="My Order", payload_content_type="application/octet-stream" algorithm="AES", mode="CBC", bit_length=256, expiration=None ) my_order.submit() # Alternatively set the Order properties instead of passing args my_order = connection.orders.Order() my_order.name = "My Order" my_order.payload_content_type = "application/octet-stream" my_order.algorithm = "AES" my_order.mode = "CBC" my_order.bit_length = 256 my_order.expiration = None my_order.submit()
Listing entities should still be handled via the corresponding
EntityManager. The ability to decrypt a secret, however, should be moved
Secret class, and removed from the
Retrieving entities should be moved from the
get() function) to the
Entity constructor. For example:
my_secret = connection.secrets.Secret(secret_ref=SECRET_REF) my_order = connection.orders.Order(order_ref=ORDER_REF)
Deleting entities can either be done with the existing
delete(entity_ref) or with a new
An example using a Secret:
# New method my_secret = connection.secrets.Secret(secret_ref=SECRET_REF) my_secret.delete() # Old way still works connection.secrets.delete(secret_ref=SECRET_REF)
We could continue to use the objects as they currently exist.
Also note that the Orders functionality will need to be revisited once the Typed Orders implementation lands. 2
Data model impact¶
REST API impact¶
Notifications & Audit Impact¶
Logging should be done in a manner consistent with the rest of the library.
Other end user impact¶
This change will require rewriting how Secret objects are consumed, and will require a new major version for the client library.
Other deployer impact¶
Blueprint Draft: Douglas Mendizábal (redrobot) Implementation: Adam Harwell (rm_work)
Refactor Secret entity
Refactor Order entity
Testing should be consistent with existing testing in the library.
Common workflows will have to be updated to give examples on how to use the refactored classes.
Containers in the Client etherpad: https://etherpad.openstack.org/p/python-barbicanclient-containers Containers Blueprint: https://specs.openstack.org/openstack/barbican-specs/specs/juno/client-add-containers.html