Retrieve Barbican KMS configurations for all SVMs

security key-manager external barbican show
security key-manager external barbican check

Parameters

Name	Type	In	Required	Description
verify_host	boolean	query	False	Filter by verify_host
barbican_reachability.message	string	query	False	Filter by barbican_reachability.message
barbican_reachability.code	string	query	False	Filter by barbican_reachability.code
barbican_reachability.reachable	boolean	query	False	Filter by barbican_reachability.reachable
state.code	string	query	False	Filter by state.code
state.message	string	query	False	Filter by state.message
state.cluster_state	boolean	query	False	Filter by state.cluster_state
application_cred_id	string	query	False	Filter by application_cred_id
timeout	integer	query	False	Filter by timeout
configuration.uuid	string	query	False	Filter by configuration.uuid
configuration.name	string	query	False	Filter by configuration.name
key_id	string	query	False	Filter by key_id
proxy_username	string	query	False	Filter by proxy_username
verify	boolean	query	False	Filter by verify
proxy_type	string	query	False	Filter by proxy_type
scope	string	query	False	Filter by scope
proxy_port	integer	query	False	Filter by proxy_port
uuid	string	query	False	Filter by uuid
keystone_url	string	query	False	Filter by keystone_url
proxy_host	string	query	False	Filter by proxy_host
svm.name	string	query	False	Filter by svm.name
svm.uuid	string	query	False	Filter by svm.uuid
enabled	boolean	query	False	Filter by enabled
fields	array[string]	query	False	Specify the fields to return.
max_records	integer	query	False	Limit the number of records returned.
return_timeout	integer	query	False	The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached. Default value: 1 Max value: 120 Min value: 0
return_records	boolean	query	False	The default is true for GET calls. When set to false, only the number of records is returned. Default value: 1
order_by	array[string]	query	False	Order results by specified fields and optional [asc

Name

Type

In

Required

Description

verify_host

boolean

query

False

Filter by verify_host

barbican_reachability.message

string

query

False

Filter by barbican_reachability.message

barbican_reachability.code

string

query

False

Filter by barbican_reachability.code

barbican_reachability.reachable

boolean

query

False

Filter by barbican_reachability.reachable

state.code

string

query

False

Filter by state.code

state.message

string

query

False

Filter by state.message

state.cluster_state

boolean

query

False

Filter by state.cluster_state

application_cred_id

string

query

False

Filter by application_cred_id

timeout

integer

query

False

Filter by timeout

configuration.uuid

string

query

False

Filter by configuration.uuid

configuration.name

string

query

False

Filter by configuration.name

key_id

string

query

False

Filter by key_id

proxy_username

string

query

False

Filter by proxy_username

verify

boolean

query

False

Filter by verify

proxy_type

string

query

False

Filter by proxy_type

scope

string

query

False

Filter by scope

proxy_port

integer

query

False

Filter by proxy_port

uuid

string

query

False

Filter by uuid

keystone_url

string

query

False

Filter by keystone_url

proxy_host

string

query

False

Filter by proxy_host

svm.name

string

query

False

Filter by svm.name

svm.uuid

string

query

False

Filter by svm.uuid

enabled

boolean

query

False

Filter by enabled

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

Default value: 1
Max value: 120
Min value: 0

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

Default value: 1

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok

Name	Type	Description
_links	_links
num_records	integer	Number of records
records	array[barbican]

Name

Type

Description

_links

num_records

integer

Number of records

records

array[barbican]

Example response

{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "num_records": 1,
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "application_cred_id": "63e3cb77f84f42b7a0395a3efb7636f9",
      "barbican_reachability": {
        "code": "346758",
        "message": "Barbican KMS is not reachable from all nodes - <reason>.",
        "reachable": ""
      },
      "configuration": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "default",
        "uuid": "1cd8a442-86d1-11e0-ae1c-123478563434"
      },
      "key_id": "https://172.29.58.184:9311/v1/secrets/5c610a4f-ea97-44b5-8682-f4daeafa9647",
      "keystone_url": "https://keystoneip:5000/v3/auth/tokens",
      "proxy_host": "proxy.eng.com",
      "proxy_port": 1234,
      "proxy_type": "http",
      "proxy_username": "proxyuser",
      "scope": "string",
      "state": {
        "cluster_state": "",
        "code": "346758",
        "message": "Top-level internal key encryption key is unavailable on the following nodes with the associated reasons: Node: node1. Reason: No volumes created yet for the SVM. Wrapped KEK status will be available after creating encrypted volumes."
      },
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      },
      "timeout": 60,
      "uuid": "1cd8a442-86d1-11e0-ae1c-123478563434"
    }
  ]
}

Error

Status: Default

ONTAP Error Response Codes

Error Code	Description
65539801	The Barbican Key Management Service is unreachable from one or more nodes.

Error Code

Description

65539801

The Barbican Key Management Service is unreachable from one or more nodes.

Also see the table of common errors in the Response body overview section of this documentation.

Name	Type	Description
error	returned_error

Name

Type

Description

error

returned_error

Example error

{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name	Type	Description
href	string

Name

Type

Description

href

string

_links

Name	Type	Description
next	href
self	href

Name

Type

Description

self

href

_links

Name	Type	Description
self	href

Name

Type

Description

self

href

barbican_reachability

Indicates whether the Barbican KMS is reachable from all nodes in the cluster. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET request or an instance GET request unless it is explicitly requested using the field's query parameter or GET for all advanced properties is enabled.

Name	Type	Description
code	string	Code corresponding to the error message. Returns 0 if Barbican KMS is reachable from all nodes in the cluster.
message	string	Set to the appropriate error message when 'reachable' is false.
reachable	boolean	Set to true if the Barbican KMS is reachable from all nodes of the cluster.

Name

Type

Description

code

string

Code corresponding to the error message. Returns 0 if Barbican KMS is reachable from all nodes in the cluster.

message

string

Set to the appropriate error message when 'reachable' is false.

reachable

boolean

Set to true if the Barbican KMS is reachable from all nodes of the cluster.

configuration

Security keystore object reference.

Name	Type	Description
_links	_links
name	string	Name of the configuration.
uuid	string	Keystore UUID.

Name

Type

Description

_links

name

string

Name of the configuration.

uuid

string

Keystore UUID.

state

Indicates whether or not the SVM key encryption key (KEK) is available cluster wide. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

Name	Type	Description
cluster_state	boolean	Set to true when an SVM-KEK is present on all nodes of the cluster.
code	string	Code corresponding to the status message. Returns a 0 if the SVM-KEK is available on all nodes in the cluster.
message	string	Error message returned when there's no SVM-KEK availability on the cluster.

Name

Type

Description

cluster_state

boolean

Set to true when an SVM-KEK is present on all nodes of the cluster.

code

string

Code corresponding to the status message. Returns a 0 if the SVM-KEK is available on all nodes in the cluster.

message

string

Error message returned when there's no SVM-KEK availability on the cluster.

svm

SVM, applies only to SVM-scoped objects.

Name	Type	Description
_links	_links
name	string	The name of the SVM. This field cannot be specified in a PATCH method.
uuid	string	The unique identifier of the SVM. This field cannot be specified in a PATCH method.

Name

Type

Description

_links

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

barbican

Name Type Description

Name	Type	Description
_links	_links
application_cred_id	string	Keystone application credentials ID required to access the specified Barbican KMS.
barbican_reachability	barbican_reachability	Indicates whether the Barbican KMS is reachable from all nodes in the cluster. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET request or an instance GET request unless it is explicitly requested using the field's query parameter or GET for all advanced properties is enabled.
configuration	configuration	Security keystore object reference.
enabled	boolean	Indicates whether the configuration is enabled.
key_id	string	Key Identifier URL of the Barbican KMS key encryption key. Must be an HTTPS URL.
keystone_url	string	Keystone URL for the access token. Must be an HTTPS URL.
proxy_host	string	Proxy host name.
proxy_port	integer	Proxy port number.
proxy_type	string	Type of proxy.
proxy_username	string	Proxy username.
scope	string	Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".
state	state	Indicates whether or not the SVM key encryption key (KEK) is available cluster wide. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the `fields` query parameter or GET for all advanced properties is enabled.
svm	svm	SVM, applies only to SVM-scoped objects.
timeout	integer	Connection timeout in seconds.
uuid	string	A unique identifier of the Barbican KMS.
verify	boolean	Verify the identity of the Barbican KMS.
verify_host	boolean	Verify the identity of the Barbican KMS host name.

_links

application_cred_id

string

Keystone application credentials ID required to access the specified Barbican KMS.

barbican_reachability

Indicates whether the Barbican KMS is reachable from all nodes in the cluster. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET request or an instance GET request unless it is explicitly requested using the field's query parameter or GET for all advanced properties is enabled.

configuration

Security keystore object reference.

enabled

boolean

Indicates whether the configuration is enabled.

key_id

string

Key Identifier URL of the Barbican KMS key encryption key. Must be an HTTPS URL.

keystone_url

string

Keystone URL for the access token. Must be an HTTPS URL.

proxy_host

string

Proxy host name.

proxy_port

integer

Proxy port number.

proxy_type

string

Type of proxy.

proxy_username

string

Proxy username.

scope

string

Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".

state

Indicates whether or not the SVM key encryption key (KEK) is available cluster wide. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

svm

SVM, applies only to SVM-scoped objects.

timeout

integer

Connection timeout in seconds.

uuid

string

A unique identifier of the Barbican KMS.

verify

boolean

Verify the identity of the Barbican KMS.

verify_host

boolean

Verify the identity of the Barbican KMS host name.

error_arguments

Name	Type	Description
code	string	Argument code
message	string	Message argument

Name

Type

Description

code

string

Argument code

message

string

Message argument

returned_error

Name	Type	Description
arguments	array[error_arguments]	Message arguments
code	string	Error code
message	string	Error message
target	string	The target parameter that caused the error.

Name

Type

Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.

Retrieve Barbican KMS configurations for all SVMs

Creating your file...

Related ONTAP commands

Parameters

Response

Error

Definitions