Update Crypto Plugin Interface
As discussed during the Keystone hackathon in January, the plugin interface for Barbican needs to be modified to support a DogTag plugin. This change requires the "create" method to be removed from the plugin abstract base class. The method will be replaced with a "generate" method with a return signature that matches the "encrypt" method.
The plugin manager will change so that "generate_
This allows a plugin to handle secret creation and encryption in one step. From Barbican's point of view, plugin encryption and plugin generation both produce an encrypted blob that will later be given back to the plugin for decryption. Barbican does not require that the encrypted blob actually contain the secret. The only requirement is that the plugin's decrypt method is able to produce the secret when given the encrypted blob.
For the DogTag plugin, this "encrypted blob" would be the dogtag URI to the secret. Barbican doesn't care that the blob isn't really a secret. All that matters is that the DogTag plugin is able to produce the secret when the URI is given to the decrypt method.
barbican.
Secret object to the DB before calling the plugin and adding some try/except logic to cleanup the Secret object in the event of a plugin exception.
Blueprint information
- Status:
- Complete
- Approver:
- Douglas Mendizábal
- Priority:
- Medium
- Drafter:
- Douglas Mendizábal
- Direction:
- Approved
- Assignee:
- Ade Lee
- Definition:
- Approved
- Series goal:
- Accepted for juno
- Implementation:
- Implemented
- Milestone target:
- juno-2
- Started by
- Douglas Mendizábal
- Completed by
- Douglas Mendizábal
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Update crypto plugin interface to support Dogtag
Addressed by: https:/
Add Dogtag crypto plugin.
Work Items
Dependency tree
* Blueprints in grey have been implemented.