Merge "Add project_id to barbican keymgr wrapper"

2015-04-05 18:17:28 +00:00 · 2015-04-05 18:17:28 +00:00 · b69ba44b06
parent 3843cb5cde 7dac025cbc
commit b69ba44b06
2 changed files with 51 additions and 1 deletions
--- a/cinder/keymgr/barbican.py
+++ b/cinder/keymgr/barbican.py
@ -54,6 +54,8 @@ class BarbicanKeyManager(key_mgr.KeyManager):
        :param ctxt: the user context for authentication
        :return: a Barbican Client object
        :throws NotAuthorized: if the ctxt is None
+        :throws KeyManagerError: if ctxt is missing project_id
+                                 or project_id is None
        """

        if not self._barbican_client:
@ -63,10 +65,16 @@ class BarbicanKeyManager(key_mgr.KeyManager):
                LOG.error(msg)
                raise exception.NotAuthorized(msg)

+            if not hasattr(ctxt, 'project_id') or ctxt.project_id is None:
+                msg = _("Unable to create Barbican Client without project_id.")
+                LOG.error(msg)
+                raise exception.KeyManagerError(msg)
+
            try:
                auth = identity.v3.Token(
                    auth_url=CONF.keymgr.encryption_auth_url,
-                    token=ctxt.auth_token)
+                    token=ctxt.auth_token,
+                    project_id=ctxt.project_id)
                sess = session.Session(auth=auth)
                self._barbican_client = barbican_client.Client(
                    session=sess,
--- a/cinder/tests/keymgr/test_barbican.py
+++ b/cinder/tests/keymgr/test_barbican.py
@ -45,6 +45,7 @@ class BarbicanKeyManagerTestCase(test_key_mgr.KeyManagerTestCase):
        # Create fake auth_token
        self.ctxt = mock.Mock()
        self.ctxt.auth_token = "fake_token"
+        self.ctxt.project_id = "fake_project_id"

        # Create mock barbican client
        self._build_mock_barbican()
@ -229,3 +230,44 @@ class BarbicanKeyManagerTestCase(test_key_mgr.KeyManagerTestCase):
        self.key_mgr._barbican_client = None
        self.assertRaises(exception.NotAuthorized,
                          self.key_mgr.store_key, None, None)
+
+    def test_null_project_id(self):
+        self.key_mgr._barbican_client = None
+        self.ctxt.project_id = None
+        self.assertRaises(exception.KeyManagerError,
+                          self.key_mgr.create_key, self.ctxt)
+
+    def test_ctxt_without_project_id(self):
+        self.key_mgr._barbican_client = None
+        del self.ctxt.project_id
+        self.assertRaises(exception.KeyManagerError,
+                          self.key_mgr.create_key, self.ctxt)
+
+    @mock.patch('cinder.keymgr.barbican.identity.v3.Token')
+    @mock.patch('cinder.keymgr.barbican.session.Session')
+    @mock.patch('cinder.keymgr.barbican.barbican_client.Client')
+    def test_ctxt_with_project_id(self, mock_client, mock_session,
+                                  mock_token):
+        # set client to None so that client creation will occur
+        self.key_mgr._barbican_client = None
+
+        # mock the return values
+        mock_auth = mock.Mock()
+        mock_token.return_value = mock_auth
+        mock_sess = mock.Mock()
+        mock_session.return_value = mock_sess
+
+        # mock the endpoint
+        mock_endpoint = mock.Mock()
+        self.key_mgr._barbican_endpoint = mock_endpoint
+
+        self.key_mgr.create_key(self.ctxt)
+
+        # assert proper calls occured, including with project_id
+        mock_token.assert_called_once_with(
+            auth_url=CONF.keymgr.encryption_auth_url,
+            token=self.ctxt.auth_token,
+            project_id=self.ctxt.project_id)
+        mock_session.assert_called_once_with(auth=mock_auth)
+        mock_client.assert_called_once_with(session=mock_sess,
+                                            endpoint=mock_endpoint)