Foundry.KeyRotator¶

Subclasses:: None

Methods¶

Inherited:: Foundry.Contextual (4), GObject.Object (37), Json.Serializable (8)
Structs:: GObject.ObjectClass (5)

	`can_rotate` (host, service_name, secret)
	`check_expires_at` (host, service_name, secret)
	`rotate` (host, service_name, secret, expire_at)

Virtual Methods¶

Inherited:: GObject.Object (7), Json.Serializable (5)

	`do_can_rotate` (host, service_name, secret)
	`do_check_expires_at` (host, service_name, secret)
	`do_rotate` (host, service_name, secret, expire_at)

Properties¶

Inherited:: Foundry.Contextual (1)

Signals¶

Inherited:: GObject.Object (1)

Fields¶

Inherited:: GObject.Object (1)

Name	Type	Access	Description
parent_instance	`Foundry.Contextual`	r

Class Details¶

class Foundry.KeyRotator(**kwargs)¶

Bases:: Foundry.Contextual
Abstract:: Yes
Structure:: Foundry.KeyRotatorClass

Abstract base class for rotating API keys.

Foundry.KeyRotator provides an interface for rotating API keys associated with a host and service name. Subclasses implement the actual rotation logic for specific services or providers.

New in version 1.1.

can_rotate(host, service_name, secret)¶

Parameters:

host (str) – the host name for the API key
service_name (str) – the service name for the API key
secret (str) – the current secret value

Returns:

True if the key can be rotated, False otherwise

Return type:

bool

Checks if the key rotator can rotate the API key for the given host and service name.

New in version 1.1.

check_expires_at(host, service_name, secret)¶

Parameters:

host (str) – the hostname
service_name (str) – the name of the service such as “gitlab”
secret (str) – the current secret

Returns:

a [class`Dex`.Future] that resolves to a GLib.DateTime or rejects with error.

Return type:

Dex.Future

Checks when the key expires by querying the service.

New in version 1.1.

rotate(host, service_name, secret, expire_at)¶

Parameters:

host (str) – the host name for the API key
service_name (str) – the service name for the API key
secret (str) – the current secret value
expire_at (GLib.DateTime or None) – when the new key should expire, or None

Returns:

a Dex.Future that resolves to a string containing the replacement secret, or rejects with an error

Return type:

Dex.Future

Rotates the API key for the given host and service name.

New in version 1.1.

do_can_rotate(host, service_name, secret) virtual¶

Parameters:

host (str) – the host name for the API key
service_name (str) – the service name for the API key
secret (str) – the current secret value

Returns:

True if the key can be rotated, False otherwise

Return type:

bool

Checks if the key rotator can rotate the API key for the given host and service name.

New in version 1.1.

do_check_expires_at(host, service_name, secret) virtual¶

Parameters:

host (str) – the hostname
service_name (str) – the name of the service such as “gitlab”
secret (str) – the current secret

Returns:

a [class`Dex`.Future] that resolves to a GLib.DateTime or rejects with error.

Return type:

Dex.Future

Checks when the key expires by querying the service.

New in version 1.1.

do_rotate(host, service_name, secret, expire_at) virtual¶

Parameters:

host (str) – the host name for the API key
service_name (str) – the service name for the API key
secret (str) – the current secret value
expire_at (GLib.DateTime or None) – when the new key should expire, or None

Returns:

a Dex.Future that resolves to a string containing the replacement secret, or rejects with an error

Return type:

Dex.Future

Rotates the API key for the given host and service name.

New in version 1.1.