Barbican/Blueprints/add-metadata-to-secrets

• Launchpad Entry: https://blueprints.launchpad.net/barbican/+spec/add-metadata-to-secrets
• Created: 4-April-2014
• Updated: 4-April-2014
• Contributors: Kaitlin Farr

Abstract

This blueprint proposes adding a metadata property to secrets.

Description

The Barbican API returns metadata to the user about secrets, but the user is not allowed to set metadata options that are not supported by Barbican. This blueprint proposes adding a metadata field to secrets that allows users to store any metadata with a secret.

Note that this blueprint only provides the model and backend storage changes required to store metadata. It does not provide a change to the interface to allow the user to specify new metadata with the key. That is reserved for another blueprint.

Proposed Changes

Adding metadata to keys will require a couple of small changes. The first change will be to add a metadata field to Secret. The metadata field will be a reference to a list of SecretMetadata. SecretMetadata will be a simple class that contains an ID (for the SQL table), key, value, and secret ID. The class diagrams below illustrate the class relationships.

This change will also require changing the database. This will require adding a new table for the secret metadata. The format of the table is below.

The following is an overview of the Barbican database model, with the new secret_metadata table included.

The last item to change is in Secret. The Secret class has a method, _do_extra_dict_fields(), that returns a dictionary of key value pairs. The current implementation returns metadata that are stored in the Secret table as columns. The new implementation will return this plus all the SecretMetadata. This will return all of the metadata to the user.