Check context before returning cached value
The key manager caches the value of barbican client to be reused, saving an extra call to keystone. The cached value is only applicable to the current context, so the context must be checked before returning the cached value. Change-Id: Ib10909a098fb2cd070129c239b6d3b95edc8fea0 Closes-Bug: #1523646
This commit is contained in:
parent
ef08af9112
commit
0832a03553
@ -49,6 +49,7 @@ class BarbicanKeyManager(key_mgr.KeyManager):
|
|||||||
self._base_url = CONF.keymgr.encryption_api_url
|
self._base_url = CONF.keymgr.encryption_api_url
|
||||||
self._parse_barbican_api_url()
|
self._parse_barbican_api_url()
|
||||||
self._barbican_client = None
|
self._barbican_client = None
|
||||||
|
self._current_context = None
|
||||||
|
|
||||||
def _parse_barbican_api_url(self):
|
def _parse_barbican_api_url(self):
|
||||||
"""Setup member variables to reference the Barbican URL.
|
"""Setup member variables to reference the Barbican URL.
|
||||||
@ -84,30 +85,34 @@ class BarbicanKeyManager(key_mgr.KeyManager):
|
|||||||
or project_id is None
|
or project_id is None
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if not self._barbican_client:
|
# Confirm context is provided, if not raise not authorized
|
||||||
# Confirm context is provided, if not raise not authorized
|
if not ctxt:
|
||||||
if not ctxt:
|
msg = _("User is not authorized to use key manager.")
|
||||||
msg = _("User is not authorized to use key manager.")
|
LOG.error(msg)
|
||||||
LOG.error(msg)
|
raise exception.NotAuthorized(msg)
|
||||||
raise exception.NotAuthorized(msg)
|
|
||||||
|
|
||||||
if not hasattr(ctxt, 'project_id') or ctxt.project_id is None:
|
if not hasattr(ctxt, 'project_id') or ctxt.project_id is None:
|
||||||
msg = _("Unable to create Barbican Client without project_id.")
|
msg = _("Unable to create Barbican Client without project_id.")
|
||||||
LOG.error(msg)
|
LOG.error(msg)
|
||||||
raise exception.KeyManagerError(msg)
|
raise exception.KeyManagerError(msg)
|
||||||
|
|
||||||
try:
|
# If same context, return cached barbican client
|
||||||
auth = identity.v3.Token(
|
if self._barbican_client and self._current_context == ctxt:
|
||||||
auth_url=CONF.keymgr.encryption_auth_url,
|
return self._barbican_client
|
||||||
token=ctxt.auth_token,
|
|
||||||
project_id=ctxt.project_id)
|
try:
|
||||||
sess = session.Session(auth=auth)
|
auth = identity.v3.Token(
|
||||||
self._barbican_client = barbican_client.Client(
|
auth_url=CONF.keymgr.encryption_auth_url,
|
||||||
session=sess,
|
token=ctxt.auth_token,
|
||||||
endpoint=self._barbican_endpoint)
|
project_id=ctxt.project_id)
|
||||||
except Exception:
|
sess = session.Session(auth=auth)
|
||||||
with excutils.save_and_reraise_exception():
|
self._barbican_client = barbican_client.Client(
|
||||||
LOG.exception(_LE("Error creating Barbican client."))
|
session=sess,
|
||||||
|
endpoint=self._barbican_endpoint)
|
||||||
|
self._current_context = ctxt
|
||||||
|
except Exception:
|
||||||
|
with excutils.save_and_reraise_exception():
|
||||||
|
LOG.exception(_LE("Error creating Barbican client."))
|
||||||
|
|
||||||
return self._barbican_client
|
return self._barbican_client
|
||||||
|
|
||||||
|
@ -78,6 +78,7 @@ class BarbicanKeyManagerTestCase(test_key_mgr.KeyManagerTestCase):
|
|||||||
self.create = self.mock_barbican.secrets.create
|
self.create = self.mock_barbican.secrets.create
|
||||||
|
|
||||||
self.key_mgr._barbican_client = self.mock_barbican
|
self.key_mgr._barbican_client = self.mock_barbican
|
||||||
|
self.key_mgr._current_context = self.ctxt
|
||||||
|
|
||||||
def _build_mock_symKey(self):
|
def _build_mock_symKey(self):
|
||||||
self.mock_symKey = mock.Mock()
|
self.mock_symKey = mock.Mock()
|
||||||
|
Loading…
Reference in New Issue
Block a user