Remove deprecated keymgr code

The keymgr code was deprecated for removal in Newton [1]
and should now be removed.

1. Ief8885bb4ca8d62b03cf1a52c25dd0e62c835bfe

Change-Id: I87926d6c95ac82b6f74c263c7441614f80348c1e

cinder/api/contrib/volume_actions.py

@@ -13,6 +13,7 @@
 #   under the License.
 
 
+from castellan import key_manager
 from oslo_config import cfg
 import oslo_messaging as messaging
 from oslo_utils import encodeutils
@@ -27,7 +28,6 @@ from cinder.api.openstack import wsgi
 from cinder import exception
 from cinder.i18n import _
 from cinder.image import image_utils
-from cinder import keymgr
 from cinder.policies import volume_actions as policy
 from cinder import utils
 from cinder import volume
@@ -46,7 +46,7 @@ class VolumeActionsController(wsgi.Controller):
     def _key_manager(self):
         # Allows for lazy initialization of the key manager
         if self._key_mgr is None:
-            self._key_mgr = keymgr.API(CONF)
+            self._key_mgr = key_manager.API(CONF)
 
         return self._key_mgr
 

cinder/backup/driver.py

@@ -17,6 +17,7 @@
 
 import abc
 
+from castellan import key_manager
 from oslo_config import cfg
 from oslo_log import log as logging
 from oslo_serialization import jsonutils
@@ -25,7 +26,6 @@ import six
 from cinder.db import base
 from cinder import exception
 from cinder.i18n import _
-from cinder import keymgr as key_manager
 
 service_opts = [
     cfg.IntOpt('backup_metadata_version', default=2,
@@ -57,6 +57,14 @@ class BackupMetadataAPI(base.Base):
     def __init__(self, context, db=None):
         super(BackupMetadataAPI, self).__init__(db)
         self.context = context
+        self._key_mgr = None
+
+    @property
+    def _key_manager(self):
+        # Allows for lazy initialization of the key manager
+        if self._key_mgr is None:
+            self._key_mgr = key_manager.API(CONF)
+        return self._key_mgr
 
     @staticmethod
     def _is_serializable(value):
@@ -89,8 +97,10 @@ class BackupMetadataAPI(base.Base):
                     continue
                 # Copy the encryption key UUID for backup
                 if key is 'encryption_key_id' and value is not None:
-                    km = key_manager.API(CONF)
+                    value = self._key_manager.store(
-                    value = km.store(self.context, km.get(self.context, value))
+                        self.context,
+                        self._key_manager.get(self.context, value)
+                    )
                     LOG.debug("Copying encryption key UUID for backup.")
                 container[type_tag][key] = value
 

cinder/keymgr/__init__.py

@@ -13,17 +13,9 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from castellan import key_manager
 from castellan import options as castellan_opts
 from oslo_config import cfg
-from oslo_log import log as logging
-
-LOG = logging.getLogger(__name__)
 
 CONF = cfg.CONF
 
 castellan_opts.set_defaults(CONF)
-
-
-def API(conf=CONF):
-    return key_manager.API(conf)

cinder/tests/unit/backup/drivers/test_backup_driver_base.py

@@ -23,7 +23,6 @@ from cinder.backup import driver
 from cinder import context
 from cinder import db
 from cinder import exception
-from cinder import keymgr as key_manager
 from cinder import objects
 from cinder import test
 from cinder.tests.unit.backup import fake_service
@@ -287,7 +286,8 @@ class BackupMetadataAPITestCase(test.TestCase):
 
     def _create_encrypted_volume_db_entry(self, id, type_id, encrypted):
         if encrypted:
-            key_id = key_manager.API().key_id
+            key_id = self.bak_meta_api._key_manager.create_key(
+                'context', algorithm='AES', length=256)
             vol = {'id': id, 'size': 1, 'status': 'available',
                    'volume_type_id': type_id, 'encryption_key_id': key_id}
         else:

cinder/tests/unit/conf_fixture.py

@@ -27,7 +27,6 @@ CONF.import_opt('volume_driver', 'cinder.volume.manager',
                 group=configuration.SHARED_CONF_GROUP)
 CONF.import_opt('backup_driver', 'cinder.backup.manager')
 CONF.import_opt('backend', 'cinder.keymgr', group='key_manager')
-CONF.import_opt('fixed_key', 'cinder.keymgr.conf_key_mgr', group='key_manager')
 CONF.import_opt('scheduler_driver', 'cinder.scheduler.manager')
 
 def_vol_type = 'fake_vol_type'
@@ -46,9 +45,9 @@ def set_defaults(conf):
                      group='oslo_policy')
     conf.set_default('backup_driver', 'cinder.tests.unit.backup.fake_service')
     conf.set_default('backend',
-                     'cinder.keymgr.conf_key_mgr.ConfKeyManager',
+                     'castellan.tests.unit.key_manager.mock_key_manager.'
+                     'MockKeyManager',
                      group='key_manager')
-    conf.set_default('fixed_key', default='0' * 64, group='key_manager')
     conf.set_default('scheduler_driver',
                      'cinder.scheduler.filter_scheduler.FilterScheduler')
     conf.set_default('state_path', os.path.abspath(

cinder/tests/unit/keymgr/test_init.py

@@ -1,52 +0,0 @@
-# Copyright (c) 2016 The Johns Hopkins University/Applied Physics Laboratory
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from castellan.key_manager import barbican_key_manager
-from castellan import options as castellan_opts
-
-from oslo_config import cfg
-
-from cinder import keymgr
-from cinder import test
-
-
-class InitTestCase(test.TestCase):
-    def setUp(self):
-        super(InitTestCase, self).setUp()
-        self.config = cfg.ConfigOpts()
-        castellan_opts.set_defaults(self.config)
-        self.config.set_default('backend',
-                                'cinder.keymgr.conf_key_mgr.ConfKeyManager',
-                                group='key_manager')
-
-    def test_blank_config(self):
-        kmgr = keymgr.API(self.config)
-        self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager)
-
-    def test_barbican_backend(self):
-        self.config.set_override(
-            'backend',
-            'barbican',
-            group='key_manager')
-        kmgr = keymgr.API(self.config)
-        self.assertEqual(type(kmgr), barbican_key_manager.BarbicanKeyManager)
-
-    def test_set_conf_key_manager(self):
-        self.config.set_override(
-            'backend',
-            'cinder.keymgr.conf_key_mgr.ConfKeyManager',
-            group='key_manager')
-        kmgr = keymgr.API(self.config)
-        self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager)

cinder/tests/unit/test_volume_utils.py

@@ -21,6 +21,7 @@ import io
 import mock
 import six
 
+from castellan import key_manager
 import ddt
 from oslo_concurrency import processutils
 from oslo_config import cfg
@@ -30,7 +31,6 @@ from cinder import context
 from cinder import db
 from cinder.db.sqlalchemy import models
 from cinder import exception
-from cinder import keymgr
 from cinder.objects import fields
 from cinder import test
 from cinder.tests.unit.backup import fake_backup
@@ -993,9 +993,9 @@ class VolumeUtilsTestCase(test.TestCase):
             'backend',
             'cinder.keymgr.conf_key_mgr.ConfKeyManager',
             group='key_manager')
-        key_manager = keymgr.API()
+        km = key_manager.API()
         volume_utils.create_encryption_key(ctxt,
-                                           key_manager,
+                                           km,
                                            fake.VOLUME_TYPE_ID)
         is_encryption.assert_called_once_with(ctxt,
                                               fake.VOLUME_TYPE_ID)

cinder/tests/unit/volume/test_volume.py

@@ -20,6 +20,7 @@ import ddt
 import time
 import uuid
 
+from castellan import key_manager
 import enum
 import eventlet
 import mock
@@ -34,7 +35,6 @@ from cinder import context
 from cinder import coordination
 from cinder import db
 from cinder import exception
-from cinder import keymgr as key_manager
 from cinder import objects
 from cinder.objects import fields
 import cinder.policy

cinder/utils.py

@@ -37,6 +37,7 @@ import tempfile
 import time
 import types
 
+from castellan import key_manager
 from os_brick import encryptors
 from os_brick.initiator import connector
 from oslo_concurrency import lockutils
@@ -54,7 +55,6 @@ import webob.exc
 
 from cinder import exception
 from cinder.i18n import _
-from cinder import keymgr
 
 
 CONF = cfg.CONF
@@ -501,10 +501,10 @@ def brick_get_encryptor(connection_info, *args, **kwargs):
     """Wrapper to get a brick encryptor object."""
 
     root_helper = get_root_helper()
-    key_manager = keymgr.API(CONF)
+    km = key_manager.API(CONF)
     return encryptors.get_volume_encryptor(root_helper=root_helper,
                                            connection_info=connection_info,
-                                           keymgr=key_manager,
+                                           keymgr=km,
                                            *args, **kwargs)
 
 

cinder/volume/api.py

@@ -20,6 +20,7 @@ import ast
 import collections
 import datetime
 
+from castellan import key_manager
 from oslo_config import cfg
 from oslo_log import log as logging
 from oslo_utils import excutils
@@ -38,7 +39,6 @@ from cinder import flow_utils
 from cinder.i18n import _
 from cinder.image import cache as image_cache
 from cinder.image import glance
-from cinder import keymgr as key_manager
 from cinder import objects
 from cinder.objects import base as objects_base
 from cinder.objects import fields

cinder/volume/manager.py

@@ -39,6 +39,7 @@ intact.
 import requests
 import time
 
+from castellan import key_manager
 from oslo_config import cfg
 from oslo_log import log as logging
 import oslo_messaging as messaging
@@ -64,7 +65,6 @@ from cinder.i18n import _
 from cinder.image import cache as image_cache
 from cinder.image import glance
 from cinder.image import image_utils
-from cinder import keymgr as key_manager
 from cinder import manager
 from cinder.message import api as message_api
 from cinder.message import message_field

releasenotes/notes/remove-deprecated-keymgr-d11a25c620862ed6.yaml

@@ -0,0 +1,16 @@
+---
+upgrade:
+  - |
+    The old deprecated ``keymgr`` options have been removed.
+    Configuration options using the ``[keymgr]`` group will not be
+    applied anymore. Use the ``[key_manager]`` group from Castellan instead.
+    The Castellan ``backend`` options should also be used instead of
+    ``api_class``, as most
+    of the options that lived in Cinder have migrated to Castellan.
+
+    - Instead of ``api_class`` option
+      ``cinder.keymgr.barbican.BarbicanKeyManager``, use ``backend`` option
+      `barbican``
+    - ``cinder.keymgr.conf_key_mgr.ConfKeyManager`` still remains, but
+      the ``fixed_key`` configuration options should be moved to the ``[key_manager]`` section
+