Merge "Add project_id to barbican keymgr wrapper"
This commit is contained in:
commit
b69ba44b06
@ -54,6 +54,8 @@ class BarbicanKeyManager(key_mgr.KeyManager):
|
|||||||
:param ctxt: the user context for authentication
|
:param ctxt: the user context for authentication
|
||||||
:return: a Barbican Client object
|
:return: a Barbican Client object
|
||||||
:throws NotAuthorized: if the ctxt is None
|
:throws NotAuthorized: if the ctxt is None
|
||||||
|
:throws KeyManagerError: if ctxt is missing project_id
|
||||||
|
or project_id is None
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if not self._barbican_client:
|
if not self._barbican_client:
|
||||||
@ -63,10 +65,16 @@ class BarbicanKeyManager(key_mgr.KeyManager):
|
|||||||
LOG.error(msg)
|
LOG.error(msg)
|
||||||
raise exception.NotAuthorized(msg)
|
raise exception.NotAuthorized(msg)
|
||||||
|
|
||||||
|
if not hasattr(ctxt, 'project_id') or ctxt.project_id is None:
|
||||||
|
msg = _("Unable to create Barbican Client without project_id.")
|
||||||
|
LOG.error(msg)
|
||||||
|
raise exception.KeyManagerError(msg)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
auth = identity.v3.Token(
|
auth = identity.v3.Token(
|
||||||
auth_url=CONF.keymgr.encryption_auth_url,
|
auth_url=CONF.keymgr.encryption_auth_url,
|
||||||
token=ctxt.auth_token)
|
token=ctxt.auth_token,
|
||||||
|
project_id=ctxt.project_id)
|
||||||
sess = session.Session(auth=auth)
|
sess = session.Session(auth=auth)
|
||||||
self._barbican_client = barbican_client.Client(
|
self._barbican_client = barbican_client.Client(
|
||||||
session=sess,
|
session=sess,
|
||||||
|
@ -45,6 +45,7 @@ class BarbicanKeyManagerTestCase(test_key_mgr.KeyManagerTestCase):
|
|||||||
# Create fake auth_token
|
# Create fake auth_token
|
||||||
self.ctxt = mock.Mock()
|
self.ctxt = mock.Mock()
|
||||||
self.ctxt.auth_token = "fake_token"
|
self.ctxt.auth_token = "fake_token"
|
||||||
|
self.ctxt.project_id = "fake_project_id"
|
||||||
|
|
||||||
# Create mock barbican client
|
# Create mock barbican client
|
||||||
self._build_mock_barbican()
|
self._build_mock_barbican()
|
||||||
@ -229,3 +230,44 @@ class BarbicanKeyManagerTestCase(test_key_mgr.KeyManagerTestCase):
|
|||||||
self.key_mgr._barbican_client = None
|
self.key_mgr._barbican_client = None
|
||||||
self.assertRaises(exception.NotAuthorized,
|
self.assertRaises(exception.NotAuthorized,
|
||||||
self.key_mgr.store_key, None, None)
|
self.key_mgr.store_key, None, None)
|
||||||
|
|
||||||
|
def test_null_project_id(self):
|
||||||
|
self.key_mgr._barbican_client = None
|
||||||
|
self.ctxt.project_id = None
|
||||||
|
self.assertRaises(exception.KeyManagerError,
|
||||||
|
self.key_mgr.create_key, self.ctxt)
|
||||||
|
|
||||||
|
def test_ctxt_without_project_id(self):
|
||||||
|
self.key_mgr._barbican_client = None
|
||||||
|
del self.ctxt.project_id
|
||||||
|
self.assertRaises(exception.KeyManagerError,
|
||||||
|
self.key_mgr.create_key, self.ctxt)
|
||||||
|
|
||||||
|
@mock.patch('cinder.keymgr.barbican.identity.v3.Token')
|
||||||
|
@mock.patch('cinder.keymgr.barbican.session.Session')
|
||||||
|
@mock.patch('cinder.keymgr.barbican.barbican_client.Client')
|
||||||
|
def test_ctxt_with_project_id(self, mock_client, mock_session,
|
||||||
|
mock_token):
|
||||||
|
# set client to None so that client creation will occur
|
||||||
|
self.key_mgr._barbican_client = None
|
||||||
|
|
||||||
|
# mock the return values
|
||||||
|
mock_auth = mock.Mock()
|
||||||
|
mock_token.return_value = mock_auth
|
||||||
|
mock_sess = mock.Mock()
|
||||||
|
mock_session.return_value = mock_sess
|
||||||
|
|
||||||
|
# mock the endpoint
|
||||||
|
mock_endpoint = mock.Mock()
|
||||||
|
self.key_mgr._barbican_endpoint = mock_endpoint
|
||||||
|
|
||||||
|
self.key_mgr.create_key(self.ctxt)
|
||||||
|
|
||||||
|
# assert proper calls occured, including with project_id
|
||||||
|
mock_token.assert_called_once_with(
|
||||||
|
auth_url=CONF.keymgr.encryption_auth_url,
|
||||||
|
token=self.ctxt.auth_token,
|
||||||
|
project_id=self.ctxt.project_id)
|
||||||
|
mock_session.assert_called_once_with(auth=mock_auth)
|
||||||
|
mock_client.assert_called_once_with(session=mock_sess,
|
||||||
|
endpoint=mock_endpoint)
|
||||||
|
Loading…
Reference in New Issue
Block a user