Merge pull request #379 from OpenKMIP/feat/update-client-docs

Updating the client documentation with configuration info
2017-12-07 13:20:23 -05:00 · 2017-12-07 13:20:23 -05:00 · 7895d4c820
parent bd9e28e10e 0c046b173d
commit 7895d4c820
1 changed files with 118 additions and 0 deletions
--- a/docs/source/client.rst
+++ b/docs/source/client.rst
@ -3,6 +3,121 @@ Client
 The PyKMIP client allows developers to connect to a KMIP-compliant key
 management server and conduct key management operations.
 Configuration
 -------------
 The client settings can be managed by a configuration file, by default
 located at ``/etc/pykmip/pykmip.conf``. An example client configuration
 settings block, as found in the configuration file, is shown below:
 .. code-block:: console
    [client]
    host=127.0.0.1
    port=5696
    certfile=/path/to/certificate/file
    keyfile=/path/to/certificate/key/file
    ca_certs=/path/to/ca/certificate/file
    cert_reqs=CERT_REQUIRED
    ssl_version=PROTOCOL_SSLv23
    do_handshake_on_connect=True
    suppress_ragged_eofs=True
    username=example_username
    password=example_password
 The configuration file can contain multiple settings blocks. Only one,
 ``[client]``, is shown above. You can swap between different settings
 blocks by simply providing the name of the block as the ``config``
 parameter (see below).
 The client can also be configured manually via Python. The following example
 shows how to create the ``ProxyKmipClient`` in Python code, directly
 specifying the different configuration values:
 .. code-block:: python
    >>> import ssl
    >>> from kmip.pie.client import ProxyKmipClient
    >>> client = ProxyKmipClient(
    ...     hostname='127.0.0.1',
    ...     port=5696,
    ...     cert='/path/to/certificate/file',
    ...     key='/path/to/certificate/key/file',
    ...     ca='/path/to/ca/certificate/file',
    ...     ssl_version=ssl.PROTOCOL_SSLv23,
    ...     username='example_username',
    ...     password='example_password'
    ...     config='client'
    ... )
 Settings specified at runtime, as in the above example, will take precedence
 over the default values found in the configuration file.
 The different configuration options are defined below:
 * ``host``
    A string representing either a hostname in Internet domain notation or an
    IPv4 address.
 * ``port``
    An integer representing a port number. Recommended to be ``5696``
    according to the KMIP specification.
 * ``certfile``
    A string representing a path to a PEM-encoded client certificate file. For
    more information, see the `ssl`_ documentation.
 * ``keyfile``
    A string representing a path to a PEM-encoded client certificate key file.
    The private key contained in the file must correspond to the certificate
    pointed to by ``certfile``. For more information, see the `ssl`_
    documentation.
 * ``ca_certs``
    A string representing a path to a PEM-encoded certificate authority
    certificate file. This certificate will be used to verify the server's
    certificate when establishing a TLS connection. For more information, see
    the `ssl`_ documentation.
 * ``cert_reqs``
    A flag indicating the enforcement level to use when validating the
    certificate received from the server. Options include: ``CERT_NONE``,
    ``CERT_OPTIONAL``, and ``CERT_REQUIRED``. ``CERT_REQUIRED`` is the most
    secure option and should be used at all times. The other options can be
    helpful when debugging TLS connections. For more information, see the
    `ssl`_ documentation.
 * ``ssl_version``
    A flag indicating the SSL/TLS version to use when establishing a TLS
    connection with a server. Options are derived from the `ssl`_ module.
    The recommended value is ``PROTOCOL_SSLv23`` or ``PROTOCOL_TLS``, which
    automatically allows the client to pick the most secure option provided
    by the server. For more information, see the `ssl`_ documentation.
 * ``do_handshake_on_connect``
    A boolean flag indicating when the client should perform the TLS handshake
    when establishing the TLS connection. The recommended value is ``True``.
    For more information, see the `ssl`_ documentation.
    .. note::
       This configuration option is deprecated and will be removed in a future
       version of PyKMIP.
 * ``suppress_ragged_eofs``
    A boolean flag indicating how the client should handle unexpected EOF from
    the TLS connection. The recommended value is ``True``. For more
    information, see the `ssl`_ documentation.
    .. note::
       This configuration option is deprecated and will be removed in a future
       version of PyKMIP.
 * ``username``
    A string representing the username to use for KMIP requests. Optional
    depending on server access policies. Leave blank if not needed.
 * ``password``
    A string representing the password to use for KMIP requests. Optional
    depending on server access policies. Leave blank if not needed.
 Usage
 -----
 The following class documentation provides numerous examples detailing how to
 use the client. For additional examples, demo scripts for different operations
 are available in the ``kmip/demos/pie`` directory.
 Class Documentation
 -------------------
 .. py:module:: kmip.pie.client
 .. py:class:: ProxyKmipClient(hostname=None, port=None, cert=None, key=None, ca=None, ssl_version=None, username=None, password=None, config='client')
@ -972,3 +1087,6 @@ management server and conduct key management operations.
    .. py:method:: mac(data, uid=None, algorithm=None)
        Documentation coming soon.
 .. _`ssl`: https://docs.python.org/dev/library/ssl.html#socket-creation