1 files changed, 72 insertions, 4 deletions

diff --git a/barbicanclient/secrets.py b/barbicanclient/secrets.py
index d5ad472..c052940 100644
--- a/barbicanclient/secrets.py
+++ b/barbicanclient/secrets.py
@@ -1,6 +1,13 @@
 from urlparse import urlparse
+
+from openstack.common import log as logging
 from openstack.common.timeutils import parse_isotime
 
+from barbicanclient import base
+
+
+LOG = logging.getLogger(__name__)
+
 
 class Secret(object):
 
@@ -8,12 +15,10 @@ class Secret(object):
     A secret is any data the user has stored in the key management system.
     """
 
-    def __init__(self, connection, secret_dict):
+    def __init__(self, secret_dict):
         """
-        Builds a secret object from a json representation. Includes the
-        connection object for subtasks.
+        Builds a secret object from a dictionary.
         """
-        self.connection = connection
         self.secret_ref = secret_dict.get('secret_ref')
         self.created = parse_isotime(secret_dict.get('created'))
         self.status = secret_dict.get('status')
@@ -60,3 +65,66 @@ class Secret(object):
                         self.payload_content_encoding, self.bit_length,
                         self.algorithm, self.cypher_type, self.expiration)
                 )
+
+
+class SecretManager(base.BaseEntityManager):
+
+    def __init__(self, api):
+        super(SecretManager, self).__init__(api, 'secrets')
+
+    def create(self,
+               name=None,
+               payload=None,
+               payload_content_type=None,
+               payload_content_encoding=None,
+               algorithm=None,
+               bit_length=None,
+               mode=None,
+               expiration=None):
+        """
+        Stores a new secret in Barbican
+
+        :param name: A friendly name for the secret
+        :param payload: The unencrypted secret data
+        :param payload_content_type: The format/type of the secret data
+        :param payload_content_encoding: The encoding of the secret data
+        :param algorithm: The algorithm barbican should use to encrypt
+        :param bit_length: The bit length of the key used for ecnryption
+        :param mode: The algorithm mode (e.g. CBC or CTR mode)
+        :param expiration: The expiration time of the secret in ISO 8601 format
+        :returns: Secret ID for the stored secret
+        """
+        LOG.debug("Creating secret of payload content type {0}".format(
+            payload_content_type))
+        href = self.entity
+        LOG.debug("href: {0}".format(href))
+
+        secret_dict = dict()
+        secret_dict['name'] = name
+        secret_dict['payload'] = payload
+        secret_dict['payload_content_type'] = payload_content_type
+        secret_dict['payload_content_encoding'] = payload_content_encoding
+        secret_dict['algorithm'] = algorithm
+        #TODO(dmend): Change this to 'mode'
+        secret_dict['cypher_type'] = mode
+        secret_dict['bit_length'] = bit_length
+        secret_dict['expiration'] = expiration
+        self._remove_empty_keys(secret_dict)
+
+        LOG.debug("Request body: {0}".format(secret_dict))
+
+        resp = self.api.post(self.entity, secret_dict)
+        #TODO(dmend): return secret object?
+        #secret = Secret(resp)
+        secret_id = resp['secret_ref'].split('/')[-1]
+
+        return secret_id
+
+    def list(self, limit=10, offset=0):
+
+        LOG.debug('Listing secrets - offset {0} limit {1}'.format(offset,
+                                                                  limit))
+        params = {'limit': limit, 'offset': offset}
+        resp = self.api.get(self.entity, params)
+
+        return resp