Merge "Fix KMIP gate"

2017-03-22 04:29:56 +00:00 · 2017-03-22 04:29:56 +00:00 · e88d79cae0
commit e88d79cae0
parent 180a94078f 10e7a5491a
5 changed files with 26 additions and 15 deletions
--- a/barbican/plugin/kmip_secret_store.py
+++ b/barbican/plugin/kmip_secret_store.py
@ -239,13 +239,9 @@ class KMIPSecretStore(ss.SecretStoreBase):

        config = conf.kmip_plugin

-        # Use TLSv1_2, if present
-        tlsv12 = getattr(ssl, "PROTOCOL_TLSv1_2", None)
-        if tlsv12:
-            config.ssl_version = 'PROTOCOL_TLSv1_2'
-            LOG.info(u._LI('Going to use TLS1.2...'))
-        else:
-            LOG.warning(u._LW('TLSv1_2 is not present on the System'))
+        if not getattr(ssl, config.ssl_version, None):
+            LOG.error(u._LE("The configured SSL version (%s) is not available"
+                            " on the system."), config.ssl_version)

        self.client = client.ProxyKmipClient(
            hostname=config.host,
--- a/barbican/tests/plugin/test_kmip.py
+++ b/barbican/tests/plugin/test_kmip.py
@ -13,7 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import base64
-import ssl
 import stat

 import mock
@ -146,11 +145,18 @@ class WhenTestingKMIPSecretStore(utils.BaseTestCase):
        self.assertTrue(secret_store.pkcs1_only)

    def test_enable_tlsv12_config_option(self):
-        ssl.PROTOCOL_TLSv1_2 = 5
+        ssl_version = "PROTOCOL_TLSv1_2"
        CONF = kss.CONF
-        secret_store = kss.KMIPSecretStore(CONF)
-        self.assertTrue(secret_store)
-        self.assertEqual(CONF.kmip_plugin.ssl_version, 'PROTOCOL_TLSv1_2')
+        CONF.kmip_plugin.ssl_version = ssl_version
+        kss.KMIPSecretStore(CONF)
+        self.assertEqual(ssl_version, CONF.kmip_plugin.ssl_version)
+
+    def test_enable_tlsv1_config_option(self):
+        ssl_version = "PROTOCOL_TLSv1"
+        CONF = kss.CONF
+        CONF.kmip_plugin.ssl_version = ssl_version
+        kss.KMIPSecretStore(CONF)
+        self.assertEqual(ssl_version, CONF.kmip_plugin.ssl_version)

    # --------------- TEST GENERATE_SUPPORTS ---------------------------------

--- a/devstack/lib/barbican
+++ b/devstack/lib/barbican
@ -376,6 +376,7 @@ function install_pykmip {
    if is_service_enabled pykmip-server; then
        [ ! -d ${PYKMIP_CONF_DIR} ] && sudo mkdir -p ${PYKMIP_CONF_DIR}
        sudo chown ${USER} ${PYKMIP_CONF_DIR}
+
        [ ! -d ${PYKMIP_LOG_DIR} ] && sudo mkdir -p ${PYKMIP_LOG_DIR}
        sudo chown ${USER} ${PYKMIP_LOG_DIR}

@ -397,7 +398,7 @@ port=5696
 certificate_path=${PYKMIP_SERVER_CERT}
 key_path=${PYKMIP_SERVER_KEY}
 ca_path=${PYKMIP_CA_PATH}
-auth_suite=Basic
+auth_suite=TLS1.2
 EOF
       fi
   fi
@ -415,7 +416,7 @@ function configure_pykmip {

 # start_pykmip - start the PyKMIP server
 function start_pykmip {
-    run_process pykmip-server "pykmip-server -f \'${PYKMIP_CONF}\' -l \'${PYKMIP_LOG_DIR}/pykmip-devstack.log\'"
+    run_process pykmip-server "pykmip-server -f ${PYKMIP_CONF} -l ${PYKMIP_LOG_DIR}/pykmip-devstack.log"
 }

 # Dogtag functions
--- a/functionaltests/post_test_hook.sh
+++ b/functionaltests/post_test_hook.sh
@ -18,8 +18,10 @@

 set -ex

+plugin=$1
+
 sudo pip install -r /opt/stack/new/barbican/test-requirements.txt

 cd /opt/stack/new/barbican/functionaltests
 echo 'Running Functional Tests'
-sudo ./run_tests.sh
+sudo ./run_tests.sh $plugin
--- a/functionaltests/run_tests.sh
+++ b/functionaltests/run_tests.sh
@ -22,6 +22,12 @@ fi

 echo "Successfully contacted the Barbican API"

+plugin=$1
+
+if [[ "$plugin" == "kmip" ]]; then
+    export KMIP_PLUGIN_ENABLED=1
+fi
+
 # run the tests sequentially
 testr init
 testr run --subunit | subunit-trace --no-failure-debug -f