diff --git a/cinder/api/contrib/volume_actions.py b/cinder/api/contrib/volume_actions.py index de47a0976b3..d26a022a41d 100644 --- a/cinder/api/contrib/volume_actions.py +++ b/cinder/api/contrib/volume_actions.py @@ -13,6 +13,7 @@ # under the License. +from castellan import key_manager from oslo_config import cfg import oslo_messaging as messaging from oslo_utils import encodeutils @@ -27,7 +28,6 @@ from cinder.api.openstack import wsgi from cinder import exception from cinder.i18n import _ from cinder.image import image_utils -from cinder import keymgr from cinder.policies import volume_actions as policy from cinder import utils from cinder import volume @@ -46,7 +46,7 @@ class VolumeActionsController(wsgi.Controller): def _key_manager(self): # Allows for lazy initialization of the key manager if self._key_mgr is None: - self._key_mgr = keymgr.API(CONF) + self._key_mgr = key_manager.API(CONF) return self._key_mgr diff --git a/cinder/backup/driver.py b/cinder/backup/driver.py index 6cb6aa41fec..ad08a9f7ab9 100644 --- a/cinder/backup/driver.py +++ b/cinder/backup/driver.py @@ -17,6 +17,7 @@ import abc +from castellan import key_manager from oslo_config import cfg from oslo_log import log as logging from oslo_serialization import jsonutils @@ -25,7 +26,6 @@ import six from cinder.db import base from cinder import exception from cinder.i18n import _ -from cinder import keymgr as key_manager service_opts = [ cfg.IntOpt('backup_metadata_version', default=2, @@ -57,6 +57,14 @@ class BackupMetadataAPI(base.Base): def __init__(self, context, db=None): super(BackupMetadataAPI, self).__init__(db) self.context = context + self._key_mgr = None + + @property + def _key_manager(self): + # Allows for lazy initialization of the key manager + if self._key_mgr is None: + self._key_mgr = key_manager.API(CONF) + return self._key_mgr @staticmethod def _is_serializable(value): @@ -89,8 +97,10 @@ class BackupMetadataAPI(base.Base): continue # Copy the encryption key UUID for backup if key is 'encryption_key_id' and value is not None: - km = key_manager.API(CONF) - value = km.store(self.context, km.get(self.context, value)) + value = self._key_manager.store( + self.context, + self._key_manager.get(self.context, value) + ) LOG.debug("Copying encryption key UUID for backup.") container[type_tag][key] = value diff --git a/cinder/keymgr/__init__.py b/cinder/keymgr/__init__.py index 9ebb72f2860..1edbd25ac5a 100644 --- a/cinder/keymgr/__init__.py +++ b/cinder/keymgr/__init__.py @@ -13,17 +13,9 @@ # License for the specific language governing permissions and limitations # under the License. -from castellan import key_manager from castellan import options as castellan_opts from oslo_config import cfg -from oslo_log import log as logging - -LOG = logging.getLogger(__name__) CONF = cfg.CONF castellan_opts.set_defaults(CONF) - - -def API(conf=CONF): - return key_manager.API(conf) diff --git a/cinder/tests/unit/backup/drivers/test_backup_driver_base.py b/cinder/tests/unit/backup/drivers/test_backup_driver_base.py index 255830d9af7..ad55977b48c 100644 --- a/cinder/tests/unit/backup/drivers/test_backup_driver_base.py +++ b/cinder/tests/unit/backup/drivers/test_backup_driver_base.py @@ -23,7 +23,6 @@ from cinder.backup import driver from cinder import context from cinder import db from cinder import exception -from cinder import keymgr as key_manager from cinder import objects from cinder import test from cinder.tests.unit.backup import fake_service @@ -287,7 +286,8 @@ class BackupMetadataAPITestCase(test.TestCase): def _create_encrypted_volume_db_entry(self, id, type_id, encrypted): if encrypted: - key_id = key_manager.API().key_id + key_id = self.bak_meta_api._key_manager.create_key( + 'context', algorithm='AES', length=256) vol = {'id': id, 'size': 1, 'status': 'available', 'volume_type_id': type_id, 'encryption_key_id': key_id} else: diff --git a/cinder/tests/unit/conf_fixture.py b/cinder/tests/unit/conf_fixture.py index 2e19b82e1b0..a52832eaa4b 100644 --- a/cinder/tests/unit/conf_fixture.py +++ b/cinder/tests/unit/conf_fixture.py @@ -27,7 +27,6 @@ CONF.import_opt('volume_driver', 'cinder.volume.manager', group=configuration.SHARED_CONF_GROUP) CONF.import_opt('backup_driver', 'cinder.backup.manager') CONF.import_opt('backend', 'cinder.keymgr', group='key_manager') -CONF.import_opt('fixed_key', 'cinder.keymgr.conf_key_mgr', group='key_manager') CONF.import_opt('scheduler_driver', 'cinder.scheduler.manager') def_vol_type = 'fake_vol_type' @@ -46,9 +45,9 @@ def set_defaults(conf): group='oslo_policy') conf.set_default('backup_driver', 'cinder.tests.unit.backup.fake_service') conf.set_default('backend', - 'cinder.keymgr.conf_key_mgr.ConfKeyManager', + 'castellan.tests.unit.key_manager.mock_key_manager.' + 'MockKeyManager', group='key_manager') - conf.set_default('fixed_key', default='0' * 64, group='key_manager') conf.set_default('scheduler_driver', 'cinder.scheduler.filter_scheduler.FilterScheduler') conf.set_default('state_path', os.path.abspath( diff --git a/cinder/tests/unit/keymgr/test_init.py b/cinder/tests/unit/keymgr/test_init.py deleted file mode 100644 index 69f8155196d..00000000000 --- a/cinder/tests/unit/keymgr/test_init.py +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright (c) 2016 The Johns Hopkins University/Applied Physics Laboratory -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from castellan.key_manager import barbican_key_manager -from castellan import options as castellan_opts - -from oslo_config import cfg - -from cinder import keymgr -from cinder import test - - -class InitTestCase(test.TestCase): - def setUp(self): - super(InitTestCase, self).setUp() - self.config = cfg.ConfigOpts() - castellan_opts.set_defaults(self.config) - self.config.set_default('backend', - 'cinder.keymgr.conf_key_mgr.ConfKeyManager', - group='key_manager') - - def test_blank_config(self): - kmgr = keymgr.API(self.config) - self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager) - - def test_barbican_backend(self): - self.config.set_override( - 'backend', - 'barbican', - group='key_manager') - kmgr = keymgr.API(self.config) - self.assertEqual(type(kmgr), barbican_key_manager.BarbicanKeyManager) - - def test_set_conf_key_manager(self): - self.config.set_override( - 'backend', - 'cinder.keymgr.conf_key_mgr.ConfKeyManager', - group='key_manager') - kmgr = keymgr.API(self.config) - self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager) diff --git a/cinder/tests/unit/test_volume_utils.py b/cinder/tests/unit/test_volume_utils.py index 01c6cdff0f9..045046b7f10 100644 --- a/cinder/tests/unit/test_volume_utils.py +++ b/cinder/tests/unit/test_volume_utils.py @@ -21,6 +21,7 @@ import io import mock import six +from castellan import key_manager import ddt from oslo_concurrency import processutils from oslo_config import cfg @@ -30,7 +31,6 @@ from cinder import context from cinder import db from cinder.db.sqlalchemy import models from cinder import exception -from cinder import keymgr from cinder.objects import fields from cinder import test from cinder.tests.unit.backup import fake_backup @@ -993,9 +993,9 @@ class VolumeUtilsTestCase(test.TestCase): 'backend', 'cinder.keymgr.conf_key_mgr.ConfKeyManager', group='key_manager') - key_manager = keymgr.API() + km = key_manager.API() volume_utils.create_encryption_key(ctxt, - key_manager, + km, fake.VOLUME_TYPE_ID) is_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID) diff --git a/cinder/tests/unit/volume/test_volume.py b/cinder/tests/unit/volume/test_volume.py index d0e09a25612..83b35e7082d 100644 --- a/cinder/tests/unit/volume/test_volume.py +++ b/cinder/tests/unit/volume/test_volume.py @@ -20,6 +20,7 @@ import ddt import time import uuid +from castellan import key_manager import enum import eventlet import mock @@ -34,7 +35,6 @@ from cinder import context from cinder import coordination from cinder import db from cinder import exception -from cinder import keymgr as key_manager from cinder import objects from cinder.objects import fields import cinder.policy diff --git a/cinder/utils.py b/cinder/utils.py index 453dadd0003..3e305e8a654 100644 --- a/cinder/utils.py +++ b/cinder/utils.py @@ -37,6 +37,7 @@ import tempfile import time import types +from castellan import key_manager from os_brick import encryptors from os_brick.initiator import connector from oslo_concurrency import lockutils @@ -54,7 +55,6 @@ import webob.exc from cinder import exception from cinder.i18n import _ -from cinder import keymgr CONF = cfg.CONF @@ -501,10 +501,10 @@ def brick_get_encryptor(connection_info, *args, **kwargs): """Wrapper to get a brick encryptor object.""" root_helper = get_root_helper() - key_manager = keymgr.API(CONF) + km = key_manager.API(CONF) return encryptors.get_volume_encryptor(root_helper=root_helper, connection_info=connection_info, - keymgr=key_manager, + keymgr=km, *args, **kwargs) diff --git a/cinder/volume/api.py b/cinder/volume/api.py index 3e8a2c9270d..49e22fe34bf 100644 --- a/cinder/volume/api.py +++ b/cinder/volume/api.py @@ -20,6 +20,7 @@ import ast import collections import datetime +from castellan import key_manager from oslo_config import cfg from oslo_log import log as logging from oslo_utils import excutils @@ -38,7 +39,6 @@ from cinder import flow_utils from cinder.i18n import _ from cinder.image import cache as image_cache from cinder.image import glance -from cinder import keymgr as key_manager from cinder import objects from cinder.objects import base as objects_base from cinder.objects import fields diff --git a/cinder/volume/manager.py b/cinder/volume/manager.py index 39f8dd20911..88c935ad04a 100644 --- a/cinder/volume/manager.py +++ b/cinder/volume/manager.py @@ -39,6 +39,7 @@ intact. import requests import time +from castellan import key_manager from oslo_config import cfg from oslo_log import log as logging import oslo_messaging as messaging @@ -64,7 +65,6 @@ from cinder.i18n import _ from cinder.image import cache as image_cache from cinder.image import glance from cinder.image import image_utils -from cinder import keymgr as key_manager from cinder import manager from cinder.message import api as message_api from cinder.message import message_field diff --git a/releasenotes/notes/remove-deprecated-keymgr-d11a25c620862ed6.yaml b/releasenotes/notes/remove-deprecated-keymgr-d11a25c620862ed6.yaml new file mode 100644 index 00000000000..bfe752b566b --- /dev/null +++ b/releasenotes/notes/remove-deprecated-keymgr-d11a25c620862ed6.yaml @@ -0,0 +1,16 @@ +--- +upgrade: + - | + The old deprecated ``keymgr`` options have been removed. + Configuration options using the ``[keymgr]`` group will not be + applied anymore. Use the ``[key_manager]`` group from Castellan instead. + The Castellan ``backend`` options should also be used instead of + ``api_class``, as most + of the options that lived in Cinder have migrated to Castellan. + + - Instead of ``api_class`` option + ``cinder.keymgr.barbican.BarbicanKeyManager``, use ``backend`` option + `barbican`` + - ``cinder.keymgr.conf_key_mgr.ConfKeyManager`` still remains, but + the ``fixed_key`` configuration options should be moved to the ``[key_manager]`` section +