diff --git a/cinder/keymgr/__init__.py b/cinder/keymgr/__init__.py index ac705dc0ff0..8fc375f3042 100644 --- a/cinder/keymgr/__init__.py +++ b/cinder/keymgr/__init__.py @@ -25,52 +25,62 @@ LOG = logging.getLogger(__name__) CONF = cfg.CONF -castellan_opts.set_defaults(cfg.CONF) +castellan_opts.set_defaults(CONF) # NOTE(kfarr): This line can be removed when a value is assigned in DevStack CONF.set_default('api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager', group='key_manager') -# NOTE(kfarr): For backwards compatibility, everything below this comment -# is deprecated for removal -api_class = None -try: - api_class = CONF.key_manager.api_class -except cfg.NoSuchOptError: - LOG.warning(_LW("key_manager.api_class is not set, will use deprecated " - "option keymgr.api_class if set")) - try: - api_class = CONF.keymgr.api_class - except cfg.NoSuchOptError: - LOG.warning(_LW("keymgr.api_class is not set")) -deprecated_barbican = 'cinder.keymgr.barbican.BarbicanKeyManager' -barbican = 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager' -deprecated_mock = 'cinder.tests.unit.keymgr.mock_key_mgr.MockKeyManager' -castellan_mock = ('castellan.tests.unit.key_manager.mock_key_manager.' - 'MockKeyManager') - - -def log_deprecated_warning(deprecated, castellan): - versionutils.deprecation_warning(deprecated, versionutils.NEWTON, +def log_deprecated_warning(deprecated_value, castellan): + versionutils.deprecation_warning(deprecated_value, + versionutils.deprecated.NEWTON, in_favor_of=castellan, logger=LOG) -if api_class == deprecated_barbican: - log_deprecated_warning(deprecated_barbican, barbican) - api_class = barbican -elif api_class == deprecated_mock: - log_deprecated_warning(deprecated_mock, castellan_mock) - api_class = castellan_mock -elif api_class is None: - # TODO(kfarr): key_manager.api_class should be set in DevStack, and this - # block can be removed - LOG.warning(_LW("key manager not set, using insecure default %s"), - castellan_mock) - api_class = castellan_mock -CONF.set_override('api_class', api_class, 'key_manager') +# NOTE(kfarr): this method is for backwards compatibility, it is deprecated +# for removal +def set_overrides(conf): + api_class = None + should_override = False + try: + api_class = conf.key_manager.api_class + except cfg.NoSuchOptError: + LOG.warning(_LW("key_manager.api_class is not set, will use deprecated" + " option keymgr.api_class if set")) + try: + api_class = CONF.keymgr.api_class + should_override = True + except cfg.NoSuchOptError: + LOG.warning(_LW("keymgr.api_class is not set")) + + deprecated_barbican = 'cinder.keymgr.barbican.BarbicanKeyManager' + barbican = 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager' + deprecated_mock = 'cinder.tests.unit.keymgr.mock_key_mgr.MockKeyManager' + castellan_mock = ('castellan.tests.unit.key_manager.mock_key_manager.' + 'MockKeyManager') + + if api_class == deprecated_barbican: + should_override = True + log_deprecated_warning(deprecated_barbican, barbican) + api_class = barbican + elif api_class == deprecated_mock: + should_override = True + log_deprecated_warning(deprecated_mock, castellan_mock) + api_class = castellan_mock + elif api_class is None: + should_override = True + # TODO(kfarr): key_manager.api_class should be set in DevStack, and + # this block can be removed + LOG.warning(_LW("key manager not set, using insecure default %s"), + castellan_mock) + api_class = castellan_mock + + if should_override: + conf.set_override('api_class', api_class, 'key_manager') def API(conf=CONF): + set_overrides(conf) cls = importutils.import_class(conf.key_manager.api_class) return cls(conf) diff --git a/cinder/tests/unit/keymgr/test_init.py b/cinder/tests/unit/keymgr/test_init.py new file mode 100644 index 00000000000..b74c91dc731 --- /dev/null +++ b/cinder/tests/unit/keymgr/test_init.py @@ -0,0 +1,85 @@ +# Copyright (c) 2016 The Johns Hopkins University/Applied Physics Laboratory +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import castellan +from castellan import key_manager +from castellan import options as castellan_opts + +from oslo_config import cfg + +from cinder import keymgr +from cinder import test + + +class InitTestCase(test.TestCase): + def setUp(self): + super(InitTestCase, self).setUp() + self.config = cfg.ConfigOpts() + castellan_opts.set_defaults(self.config) + self.config.set_default('api_class', + 'cinder.keymgr.conf_key_mgr.ConfKeyManager', + group='key_manager') + + def test_blank_config(self): + kmgr = keymgr.API(self.config) + self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager) + + def test_set_barbican_key_manager(self): + self.config.set_override( + 'api_class', + 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager', + group='key_manager') + kmgr = keymgr.API(self.config) + self.assertEqual( + type(kmgr), + key_manager.barbican_key_manager.BarbicanKeyManager) + + def test_set_mock_key_manager(self): + self.config.set_override( + 'api_class', + 'castellan.tests.unit.key_manager.mock_key_manager.MockKeyManager', + group='key_manager') + kmgr = keymgr.API(self.config) + self.assertEqual( + type(kmgr), + castellan.tests.unit.key_manager.mock_key_manager.MockKeyManager) + + def test_set_conf_key_manager(self): + self.config.set_override( + 'api_class', + 'cinder.keymgr.conf_key_mgr.ConfKeyManager', + group='key_manager') + kmgr = keymgr.API(self.config) + self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager) + + def test_deprecated_barbican_key_manager(self): + self.config.set_override( + 'api_class', + 'cinder.keymgr.barbican.BarbicanKeyManager', + group='key_manager') + kmgr = keymgr.API(self.config) + self.assertEqual( + type(kmgr), + key_manager.barbican_key_manager.BarbicanKeyManager) + + def test_deprecated_mock_key_manager(self): + self.config.set_override( + 'api_class', + 'cinder.tests.unit.keymgr.mock_key_mgr.MockKeyManager', + group='key_manager') + kmgr = keymgr.API(self.config) + self.assertEqual( + type(kmgr), + castellan.tests.unit.key_manager.mock_key_manager.MockKeyManager) diff --git a/cinder/utils.py b/cinder/utils.py index 66a84a59e04..4750d7947de 100644 --- a/cinder/utils.py +++ b/cinder/utils.py @@ -513,7 +513,7 @@ def brick_get_encryptor(connection_info, *args, **kwargs): """Wrapper to get a brick encryptor object.""" root_helper = get_root_helper() - key_manager = keymgr.API() + key_manager = keymgr.API(CONF) return encryptors.get_volume_encryptor(root_helper=root_helper, connection_info=connection_info, keymgr=key_manager,