Switch to use key_manager.backend

Castellan commit 8980bf7da55dd084ad84c84534fe937f0d43b9c0 deprecated the api_class option in favor of the new backend option. This causes doc build failures in Cinder due to us treating warnings as errors. This changes over to use backend (the library will still recognize api_class as an option) and removed some of the key manager code deprecated in Newton. Depends-on: I112f7a4654a65c3291526b408838d7b1c175b069 Closes-bug: #1718468 Change-Id: I8d3638a69f4efcc52053269c51c01667fb810172
2017-09-20 12:12:25 -05:00 · 2017-09-20 12:12:25 -05:00 · e75be5d905
commit e75be5d905
parent 6c236bca3d
6 changed files with 20 additions and 99 deletions
--- a/cinder/keymgr/init.py
+++ b/cinder/keymgr/init.py
@ -16,7 +16,6 @@
 from castellan import options as castellan_opts
 from oslo_config import cfg
 from oslo_log import log as logging
-from oslo_log import versionutils
 from oslo_utils import importutils

 LOG = logging.getLogger(__name__)
@ -26,55 +25,6 @@ CONF = cfg.CONF
 castellan_opts.set_defaults(CONF)


-def log_deprecated_warning(deprecated_value, castellan):
-    versionutils.deprecation_warning(deprecated_value,
-                                     versionutils.deprecated.NEWTON,
-                                     in_favor_of=castellan, logger=LOG)
-
-
-# NOTE(kfarr): this method is for backwards compatibility, it is deprecated
-# for removal
-def set_overrides(conf):
-    api_class = None
-    should_override = False
-    try:
-        api_class = conf.key_manager.api_class
-    except cfg.NoSuchOptError:
-        LOG.warning("key_manager.api_class is not set, will use deprecated"
-                    " option keymgr.api_class if set")
-        try:
-            api_class = CONF.keymgr.api_class
-            should_override = True
-        except cfg.NoSuchOptError:
-            LOG.warning("keymgr.api_class is not set")
-
-    deprecated_barbican = 'cinder.keymgr.barbican.BarbicanKeyManager'
-    barbican = 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
-    deprecated_mock = 'cinder.tests.unit.keymgr.mock_key_mgr.MockKeyManager'
-    castellan_mock = ('castellan.tests.unit.key_manager.mock_key_manager.'
-                      'MockKeyManager')
-
-    if api_class == deprecated_barbican:
-        should_override = True
-        log_deprecated_warning(deprecated_barbican, barbican)
-        api_class = barbican
-    elif api_class == deprecated_mock:
-        should_override = True
-        log_deprecated_warning(deprecated_mock, castellan_mock)
-        api_class = castellan_mock
-    elif api_class is None:
-        should_override = True
-        # TODO(kfarr): key_manager.api_class should be set in DevStack, and
-        # this block can be removed
-        LOG.warning("key manager not set, using insecure default %s",
-                    castellan_mock)
-        api_class = castellan_mock
-
-    if should_override:
-        conf.set_override('api_class', api_class, 'key_manager')
-
-
 def API(conf=CONF):
-    set_overrides(conf)
-    cls = importutils.import_class(conf.key_manager.api_class)
+    cls = importutils.import_class(conf.key_manager.backend)
    return cls(conf)
--- a/cinder/tests/unit/conf_fixture.py
+++ b/cinder/tests/unit/conf_fixture.py
@ -26,7 +26,7 @@ CONF.import_opt('policy_file', 'cinder.policy', group='oslo_policy')
 CONF.import_opt('volume_driver', 'cinder.volume.manager',
                group=configuration.SHARED_CONF_GROUP)
 CONF.import_opt('backup_driver', 'cinder.backup.manager')
-CONF.import_opt('api_class', 'cinder.keymgr', group='key_manager')
+CONF.import_opt('backend', 'cinder.keymgr', group='key_manager')
 CONF.import_opt('fixed_key', 'cinder.keymgr.conf_key_mgr', group='key_manager')
 CONF.import_opt('scheduler_driver', 'cinder.scheduler.manager')

@ -45,7 +45,7 @@ def set_defaults(conf):
    conf.set_default('policy_file', 'cinder.tests.unit/policy.json',
                     group='oslo_policy')
    conf.set_default('backup_driver', 'cinder.tests.unit.backup.fake_service')
-    conf.set_default('api_class',
+    conf.set_default('backend',
                     'cinder.keymgr.conf_key_mgr.ConfKeyManager',
                     group='key_manager')
    conf.set_default('fixed_key', default='0' * 64, group='key_manager')
--- a/cinder/tests/unit/keymgr/test_init.py
+++ b/cinder/tests/unit/keymgr/test_init.py
@ -13,8 +13,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-import castellan
-from castellan import key_manager
 from castellan import options as castellan_opts

 from oslo_config import cfg
@ -28,7 +26,7 @@ class InitTestCase(test.TestCase):
        super(InitTestCase, self).setUp()
        self.config = cfg.ConfigOpts()
        castellan_opts.set_defaults(self.config)
-        self.config.set_default('api_class',
+        self.config.set_default('backend',
                                'cinder.keymgr.conf_key_mgr.ConfKeyManager',
                                group='key_manager')

@ -36,50 +34,10 @@ class InitTestCase(test.TestCase):
        kmgr = keymgr.API(self.config)
        self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager)

-    def test_set_barbican_key_manager(self):
-        self.config.set_override(
-            'api_class',
-            'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
-            group='key_manager')
-        kmgr = keymgr.API(self.config)
-        self.assertEqual(
-            type(kmgr),
-            key_manager.barbican_key_manager.BarbicanKeyManager)
-
-    def test_set_mock_key_manager(self):
-        self.config.set_override(
-            'api_class',
-            'castellan.tests.unit.key_manager.mock_key_manager.MockKeyManager',
-            group='key_manager')
-        kmgr = keymgr.API(self.config)
-        self.assertEqual(
-            type(kmgr),
-            castellan.tests.unit.key_manager.mock_key_manager.MockKeyManager)
-
    def test_set_conf_key_manager(self):
        self.config.set_override(
-            'api_class',
+            'backend',
            'cinder.keymgr.conf_key_mgr.ConfKeyManager',
            group='key_manager')
        kmgr = keymgr.API(self.config)
        self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager)
-
-    def test_deprecated_barbican_key_manager(self):
-        self.config.set_override(
-            'api_class',
-            'cinder.keymgr.barbican.BarbicanKeyManager',
-            group='key_manager')
-        kmgr = keymgr.API(self.config)
-        self.assertEqual(
-            type(kmgr),
-            key_manager.barbican_key_manager.BarbicanKeyManager)
-
-    def test_deprecated_mock_key_manager(self):
-        self.config.set_override(
-            'api_class',
-            'cinder.tests.unit.keymgr.mock_key_mgr.MockKeyManager',
-            group='key_manager')
-        kmgr = keymgr.API(self.config)
-        self.assertEqual(
-            type(kmgr),
-            castellan.tests.unit.key_manager.mock_key_manager.MockKeyManager)
--- a/cinder/tests/unit/test_volume_utils.py
+++ b/cinder/tests/unit/test_volume_utils.py
@ -991,7 +991,7 @@ class VolumeUtilsTestCase(test.TestCase):
            ctxt, type_ref1['id'], enc_key)
        get_volume_type_encryption.return_value = encryption
        CONF.set_override(
-            'api_class',
+            'backend',
            'cinder.keymgr.conf_key_mgr.ConfKeyManager',
            group='key_manager')
        key_manager = keymgr.API()
--- a/doc/source/configuration/tables/cinder-common.inc
+++ b/doc/source/configuration/tables/cinder-common.inc
@ -156,7 +156,7 @@
     - (String) DEPRECATED: The path to respond to healtcheck requests on.
   * - **[key_manager]**
     -
-   * - ``api_class`` = ``castellan.key_manager.barbican_key_manager.BarbicanKeyManager``
+   * - ``backend`` = ``castellan.key_manager.barbican_key_manager.BarbicanKeyManager``
     - (String) The full class name of the key manager API class
   * - ``fixed_key`` = ``None``
     - (String) Fixed key returned by key manager, specified in hex
--- a/releasenotes/notes/castellan-backend-0c49591a54821c45.yaml
+++ b/releasenotes/notes/castellan-backend-0c49591a54821c45.yaml
@ -0,0 +1,13 @@
+---
+upgrade:
+  - |
+    The support for ``cinder.keymgr.barbican.BarbicanKeyManager`` and the
+    ``[keymgr]`` config section has now been removed. All configs should now be
+    switched to use
+    ``castellan.key_manager.barbican_key_manager.BarbicanKeyManager`` and the
+    ``[key_manager]`` config section.
+deprecations:
+  - |
+    The Castellan library used for encryption has deprecated the ``api_class``
+    config option. Configuration files using this should now be updated to use
+    the ``backend`` option instead.