ó
͍EYc@sJdZd
dl
Z
d
dlZeje
jƒ
def
d„ƒYƒ
ZdS(s
Key manager API
iÿÿÿÿNt
KeyManagercBsŒeZ
dZejd
„ƒ
Zejddd„ƒ
Zejddd„ƒ
Zejdd„
ƒ
Z	eje
d„
ƒ
Zejd„ƒ
ZRS(s¶Base Key Manager Interface

    A Key Manager is responsible for managing encryption keys for volumes. A
    Key Manager is responsible for creating, reading, and deleting keys.
    c
Csd
S(s¥Instantiate a KeyManager object.

        Creates a KeyManager object with implementation specific details
        obtained from the supplied configuration.
        N((tselft
configuration((sV/home/tvault/.virtenv/lib/python2.7/site-packages/castellan/key_manager/key_manager.pyt__init__!sc
Csd
S(sêCreates a symmetric key.

        This method creates a symmetric key and returns the key's UUID. If the
        specified context does not permit the creation of keys, then a
        NotAuthorized exception should be raised.
        N((R
tcontextt	algorithmtlengtht
expirationtname((sV/home/tvault/.virtenv/lib/python2.7/site-packages/castellan/key_manager/key_manager.pyt
create_key*s	c
Csd
S(s9
Creates an asymmetric key pair.

        This method creates an asymmetric key pair and returns the pair of key
        UUIDs. If the specified context does not permit the creation of keys,
        then a NotAuthorized exception should be raised. The order of the UUIDs
        will be (private, public).
        N((R
RRRRR((sV/home/tvault/.virtenv/lib/python2.7/site-packages/castellan/key_manager/key_manager.pytcreate_key_pair5s
c
Csd
S(s7
Stores a managed object with the key manager.

        This method stores the specified managed object and returns its UUID
        that identifies it within the key manager. If the specified context
        does not permit the creation of keys, then a NotAuthorized exception
        should be raised.
        N((R
Rtmanaged_objectR((sV/home/tvault/.virtenv/lib/python2.7/site-packages/castellan/key_manager/key_manager.pytstoreAs	c
Csd
S(s#Retrieves the specified managed object.

        Implementations should verify that the caller has permissions to
        retrieve the managed object by checking the context object passed in
        as context. If the user lacks permission then a NotAuthorized
        exception is raised.

        If the caller requests only metadata, then the object that is
        returned will contain only the secret metadata and no secret bytes.

        If the specified object does not exist, then a KeyError should be
        raised. Implementations should preclude users from discerning the
        UUIDs of objects that belong to other users by repeatedly calling
        this method. That is, objects that belong to other users should be
        considered "non-existent" and completely invisible.
        N((R
Rtmanaged_object_idt
metadata_only((sV/home/tvault/.virtenv/lib/python2.7/site-packages/castellan/key_manager/key_manager.pytgetLsc
Csd
S(s„Deletes the specified managed object.

        Implementations should verify that the caller has permission to delete
        the managed object by checking the context object (context). A
        NotAuthorized exception should be raised if the caller lacks
        permission.

        If the specified object does not exist, then a KeyError should be
        raised. Implementations should preclude users from discerning the
        UUIDs of objects that belong to other users by repeatedly calling this
        method. That is, objects that belong to other users should be
        considered "non-existent" and completely invisible.
        N((R
RR
((sV/home/tvault/.virtenv/lib/python2.7/site-packages/castellan/key_manager/key_manager.pytdelete`sN(
t__name__t
__module__t__doc__tabctabstractmethodRtNoneR	R
RtFalseRR(((sV/home/tvault/.virtenv/lib/python2.7/site-packages/castellan/key_manager/key_manager.pyRs		



(RRtsixt
add_metaclasstABCMetatobjectR(((sV/home/tvault/.virtenv/lib/python2.7/site-packages/castellan/key_manager/key_manager.pyt<module>s