As a developer of an openstack service, I want to be able to use castellan to add or delete a consumer to a secret. I would expect the list of consumers for a secret to be returned as part of the secret's metadata.

Summary

Castellan is used by the other services to interact with a key manager (barbican or vault). We need to add consumers to castellan to take advantage of the the consumers API that has been added to barbican, so that features like image encryption can move forward.

As castellan is an interface with two different implementations, we will need to implement consumers in both the barbican and vault implementations. This particular story is concerned with making changes to the vault implementation.

Definition of Ready

There is already a set of patches for adding secret consumers to castellan. These need to merge so that the key_manager interface changes are available. (https://review.opendev.org/q/topic:add-consumers)

There has been a longstanding need to update the vault implementation with something that uses the vault HVAC library. This should be done first, so that the consumers work can be done using this mechanism instead. That work is tracked in a separate story – <<link needed >>.
This work is ultimately also needed for the secret management feature.

When all the above is complete, the work for this story can be started.

Acceptance Criteria

• Functionality added to the vault key_manager implementation to add a list of consumers to each secret. This should be returned as part of the metadata
  for the secret.
• Functionality added to the vault key_manager implementation to add/remove consumers
• Functional and unit tests modified and pass (tests add/remove/list consumers). With the above castellan patches, the behavior of
  the implementations (barbican and vault) differs and so separate tests were needed. The tests should be unified again.
• Castellan documentation updated.
• Castellan released

Definition of Done

Acceptance criteria completed.