Browse Source

Remove deprecated keymgr code

The keymgr code was deprecated for removal in Newton [1]
and should now be removed.

1. Ief8885bb4ca8d62b03cf1a52c25dd0e62c835bfe

Change-Id: I87926d6c95ac82b6f74c263c7441614f80348c1e
changes/52/468252/19
Kaitlin Farr 4 years ago
parent
commit
ef2202b6ad
  1. 4
      cinder/api/contrib/volume_actions.py
  2. 16
      cinder/backup/driver.py
  3. 8
      cinder/keymgr/__init__.py
  4. 4
      cinder/tests/unit/backup/drivers/test_backup_driver_base.py
  5. 5
      cinder/tests/unit/conf_fixture.py
  6. 52
      cinder/tests/unit/keymgr/test_init.py
  7. 6
      cinder/tests/unit/test_volume_utils.py
  8. 2
      cinder/tests/unit/volume/test_volume.py
  9. 6
      cinder/utils.py
  10. 2
      cinder/volume/api.py
  11. 2
      cinder/volume/manager.py
  12. 16
      releasenotes/notes/remove-deprecated-keymgr-d11a25c620862ed6.yaml

4
cinder/api/contrib/volume_actions.py

@ -13,6 +13,7 @@
# under the License.
from castellan import key_manager
from oslo_config import cfg
import oslo_messaging as messaging
from oslo_utils import encodeutils
@ -27,7 +28,6 @@ from cinder.api.openstack import wsgi
from cinder import exception
from cinder.i18n import _
from cinder.image import image_utils
from cinder import keymgr
from cinder.policies import volume_actions as policy
from cinder import utils
from cinder import volume
@ -46,7 +46,7 @@ class VolumeActionsController(wsgi.Controller):
def _key_manager(self):
# Allows for lazy initialization of the key manager
if self._key_mgr is None:
self._key_mgr = keymgr.API(CONF)
self._key_mgr = key_manager.API(CONF)
return self._key_mgr

16
cinder/backup/driver.py

@ -17,6 +17,7 @@
import abc
from castellan import key_manager
from oslo_config import cfg
from oslo_log import log as logging
from oslo_serialization import jsonutils
@ -25,7 +26,6 @@ import six
from cinder.db import base
from cinder import exception
from cinder.i18n import _
from cinder import keymgr as key_manager
service_opts = [
cfg.IntOpt('backup_metadata_version', default=2,
@ -57,6 +57,14 @@ class BackupMetadataAPI(base.Base):
def __init__(self, context, db=None):
super(BackupMetadataAPI, self).__init__(db)
self.context = context
self._key_mgr = None
@property
def _key_manager(self):
# Allows for lazy initialization of the key manager
if self._key_mgr is None:
self._key_mgr = key_manager.API(CONF)
return self._key_mgr
@staticmethod
def _is_serializable(value):
@ -89,8 +97,10 @@ class BackupMetadataAPI(base.Base):
continue
# Copy the encryption key UUID for backup
if key is 'encryption_key_id' and value is not None:
km = key_manager.API(CONF)
value = km.store(self.context, km.get(self.context, value))
value = self._key_manager.store(
self.context,
self._key_manager.get(self.context, value)
)
LOG.debug("Copying encryption key UUID for backup.")
container[type_tag][key] = value

8
cinder/keymgr/__init__.py

@ -13,17 +13,9 @@
# License for the specific language governing permissions and limitations
# under the License.
from castellan import key_manager
from castellan import options as castellan_opts
from oslo_config import cfg
from oslo_log import log as logging
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
castellan_opts.set_defaults(CONF)
def API(conf=CONF):
return key_manager.API(conf)

4
cinder/tests/unit/backup/drivers/test_backup_driver_base.py

@ -23,7 +23,6 @@ from cinder.backup import driver
from cinder import context
from cinder import db
from cinder import exception
from cinder import keymgr as key_manager
from cinder import objects
from cinder import test
from cinder.tests.unit.backup import fake_service
@ -287,7 +286,8 @@ class BackupMetadataAPITestCase(test.TestCase):
def _create_encrypted_volume_db_entry(self, id, type_id, encrypted):
if encrypted:
key_id = key_manager.API().key_id
key_id = self.bak_meta_api._key_manager.create_key(
'context', algorithm='AES', length=256)
vol = {'id': id, 'size': 1, 'status': 'available',
'volume_type_id': type_id, 'encryption_key_id': key_id}
else:

5
cinder/tests/unit/conf_fixture.py

@ -27,7 +27,6 @@ CONF.import_opt('volume_driver', 'cinder.volume.manager',
group=configuration.SHARED_CONF_GROUP)
CONF.import_opt('backup_driver', 'cinder.backup.manager')
CONF.import_opt('backend', 'cinder.keymgr', group='key_manager')
CONF.import_opt('fixed_key', 'cinder.keymgr.conf_key_mgr', group='key_manager')
CONF.import_opt('scheduler_driver', 'cinder.scheduler.manager')
def_vol_type = 'fake_vol_type'
@ -46,9 +45,9 @@ def set_defaults(conf):
group='oslo_policy')
conf.set_default('backup_driver', 'cinder.tests.unit.backup.fake_service')
conf.set_default('backend',
'cinder.keymgr.conf_key_mgr.ConfKeyManager',
'castellan.tests.unit.key_manager.mock_key_manager.'
'MockKeyManager',
group='key_manager')
conf.set_default('fixed_key', default='0' * 64, group='key_manager')
conf.set_default('scheduler_driver',
'cinder.scheduler.filter_scheduler.FilterScheduler')
conf.set_default('state_path', os.path.abspath(

52
cinder/tests/unit/keymgr/test_init.py

@ -1,52 +0,0 @@
# Copyright (c) 2016 The Johns Hopkins University/Applied Physics Laboratory
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from castellan.key_manager import barbican_key_manager
from castellan import options as castellan_opts
from oslo_config import cfg
from cinder import keymgr
from cinder import test
class InitTestCase(test.TestCase):
def setUp(self):
super(InitTestCase, self).setUp()
self.config = cfg.ConfigOpts()
castellan_opts.set_defaults(self.config)
self.config.set_default('backend',
'cinder.keymgr.conf_key_mgr.ConfKeyManager',
group='key_manager')
def test_blank_config(self):
kmgr = keymgr.API(self.config)
self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager)
def test_barbican_backend(self):
self.config.set_override(
'backend',
'barbican',
group='key_manager')
kmgr = keymgr.API(self.config)
self.assertEqual(type(kmgr), barbican_key_manager.BarbicanKeyManager)
def test_set_conf_key_manager(self):
self.config.set_override(
'backend',
'cinder.keymgr.conf_key_mgr.ConfKeyManager',
group='key_manager')
kmgr = keymgr.API(self.config)
self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager)

6
cinder/tests/unit/test_volume_utils.py

@ -21,6 +21,7 @@ import io
import mock
import six
from castellan import key_manager
import ddt
from oslo_concurrency import processutils
from oslo_config import cfg
@ -30,7 +31,6 @@ from cinder import context
from cinder import db
from cinder.db.sqlalchemy import models
from cinder import exception
from cinder import keymgr
from cinder.objects import fields
from cinder import test
from cinder.tests.unit.backup import fake_backup
@ -993,9 +993,9 @@ class VolumeUtilsTestCase(test.TestCase):
'backend',
'cinder.keymgr.conf_key_mgr.ConfKeyManager',
group='key_manager')
key_manager = keymgr.API()
km = key_manager.API()
volume_utils.create_encryption_key(ctxt,
key_manager,
km,
fake.VOLUME_TYPE_ID)
is_encryption.assert_called_once_with(ctxt,
fake.VOLUME_TYPE_ID)

2
cinder/tests/unit/volume/test_volume.py

@ -20,6 +20,7 @@ import ddt
import time
import uuid
from castellan import key_manager
import enum
import eventlet
import mock
@ -34,7 +35,6 @@ from cinder import context
from cinder import coordination
from cinder import db
from cinder import exception
from cinder import keymgr as key_manager
from cinder import objects
from cinder.objects import fields
import cinder.policy

6
cinder/utils.py

@ -37,6 +37,7 @@ import tempfile
import time
import types
from castellan import key_manager
from os_brick import encryptors
from os_brick.initiator import connector
from oslo_concurrency import lockutils
@ -54,7 +55,6 @@ import webob.exc
from cinder import exception
from cinder.i18n import _
from cinder import keymgr
CONF = cfg.CONF
@ -501,10 +501,10 @@ def brick_get_encryptor(connection_info, *args, **kwargs):
"""Wrapper to get a brick encryptor object."""
root_helper = get_root_helper()
key_manager = keymgr.API(CONF)
km = key_manager.API(CONF)
return encryptors.get_volume_encryptor(root_helper=root_helper,
connection_info=connection_info,
keymgr=key_manager,
keymgr=km,
*args, **kwargs)

2
cinder/volume/api.py

@ -20,6 +20,7 @@ import ast
import collections
import datetime
from castellan import key_manager
from oslo_config import cfg
from oslo_log import log as logging
from oslo_utils import excutils
@ -38,7 +39,6 @@ from cinder import flow_utils
from cinder.i18n import _
from cinder.image import cache as image_cache
from cinder.image import glance
from cinder import keymgr as key_manager
from cinder import objects
from cinder.objects import base as objects_base
from cinder.objects import fields

2
cinder/volume/manager.py

@ -39,6 +39,7 @@ intact.
import requests
import time
from castellan import key_manager
from oslo_config import cfg
from oslo_log import log as logging
import oslo_messaging as messaging
@ -64,7 +65,6 @@ from cinder.i18n import _
from cinder.image import cache as image_cache
from cinder.image import glance
from cinder.image import image_utils
from cinder import keymgr as key_manager
from cinder import manager
from cinder.message import api as message_api
from cinder.message import message_field

16
releasenotes/notes/remove-deprecated-keymgr-d11a25c620862ed6.yaml

@ -0,0 +1,16 @@
---
upgrade:
- |
The old deprecated ``keymgr`` options have been removed.
Configuration options using the ``[keymgr]`` group will not be
applied anymore. Use the ``[key_manager]`` group from Castellan instead.
The Castellan ``backend`` options should also be used instead of
``api_class``, as most
of the options that lived in Cinder have migrated to Castellan.
- Instead of ``api_class`` option
``cinder.keymgr.barbican.BarbicanKeyManager``, use ``backend`` option
`barbican``
- ``cinder.keymgr.conf_key_mgr.ConfKeyManager`` still remains, but
the ``fixed_key`` configuration options should be moved to the ``[key_manager]`` section
Loading…
Cancel
Save