Revert "Rename fernet_utils to token_utils"
This reverts commit 03ba867327
.
Because of the introduction of auth receipts we will be
using fernet for more than just tokens. Lets make this a
generic util for fernet key handling.
Change-Id: I3a870a63239491f84db3350178bd2313eeccdbf3
This commit is contained in:
parent
104717d458
commit
45d724f535
@ -29,9 +29,9 @@ import pbr.version
|
||||
from keystone.cmd import bootstrap
|
||||
from keystone.cmd import doctor
|
||||
from keystone.common import driver_hints
|
||||
from keystone.common import fernet_utils
|
||||
from keystone.common import sql
|
||||
from keystone.common.sql import upgrades
|
||||
from keystone.common import token_utils
|
||||
from keystone.common import utils
|
||||
import keystone.conf
|
||||
from keystone.credential.providers import fernet as credential_fernet
|
||||
@ -395,16 +395,16 @@ class FernetSetup(BasePermissionsSetup):
|
||||
|
||||
@classmethod
|
||||
def main(cls):
|
||||
tutils = token_utils.TokenUtils(
|
||||
futils = fernet_utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
)
|
||||
|
||||
keystone_user_id, keystone_group_id = cls.get_user_group()
|
||||
tutils.create_key_directory(keystone_user_id, keystone_group_id)
|
||||
if tutils.validate_key_repository(requires_write=True):
|
||||
tutils.initialize_key_repository(
|
||||
futils.create_key_directory(keystone_user_id, keystone_group_id)
|
||||
if futils.validate_key_repository(requires_write=True):
|
||||
futils.initialize_key_repository(
|
||||
keystone_user_id, keystone_group_id)
|
||||
|
||||
|
||||
@ -430,15 +430,15 @@ class FernetRotate(BasePermissionsSetup):
|
||||
|
||||
@classmethod
|
||||
def main(cls):
|
||||
tutils = token_utils.TokenUtils(
|
||||
futils = fernet_utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
)
|
||||
|
||||
keystone_user_id, keystone_group_id = cls.get_user_group()
|
||||
if tutils.validate_key_repository(requires_write=True):
|
||||
tutils.rotate_keys(keystone_user_id, keystone_group_id)
|
||||
if futils.validate_key_repository(requires_write=True):
|
||||
futils.rotate_keys(keystone_user_id, keystone_group_id)
|
||||
|
||||
|
||||
class TokenSetup(BasePermissionsSetup):
|
||||
@ -454,7 +454,7 @@ class TokenSetup(BasePermissionsSetup):
|
||||
|
||||
@classmethod
|
||||
def main(cls):
|
||||
tutils = token_utils.TokenUtils(
|
||||
futils = fernet_utils.FernetUtils(
|
||||
# TODO(gagehugo) Change this to CONF.token
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
@ -462,9 +462,9 @@ class TokenSetup(BasePermissionsSetup):
|
||||
)
|
||||
|
||||
keystone_user_id, keystone_group_id = cls.get_user_group()
|
||||
tutils.create_key_directory(keystone_user_id, keystone_group_id)
|
||||
if tutils.validate_key_repository(requires_write=True):
|
||||
tutils.initialize_key_repository(
|
||||
futils.create_key_directory(keystone_user_id, keystone_group_id)
|
||||
if futils.validate_key_repository(requires_write=True):
|
||||
futils.initialize_key_repository(
|
||||
keystone_user_id, keystone_group_id)
|
||||
|
||||
|
||||
@ -490,7 +490,7 @@ class TokenRotate(BasePermissionsSetup):
|
||||
|
||||
@classmethod
|
||||
def main(cls):
|
||||
tutils = token_utils.TokenUtils(
|
||||
futils = fernet_utils.FernetUtils(
|
||||
# TODO(gagehugo) Change this to CONF.token
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
@ -498,8 +498,8 @@ class TokenRotate(BasePermissionsSetup):
|
||||
)
|
||||
|
||||
keystone_user_id, keystone_group_id = cls.get_user_group()
|
||||
if tutils.validate_key_repository(requires_write=True):
|
||||
tutils.rotate_keys(keystone_user_id, keystone_group_id)
|
||||
if futils.validate_key_repository(requires_write=True):
|
||||
futils.rotate_keys(keystone_user_id, keystone_group_id)
|
||||
|
||||
|
||||
class CredentialSetup(BasePermissionsSetup):
|
||||
@ -515,16 +515,16 @@ class CredentialSetup(BasePermissionsSetup):
|
||||
|
||||
@classmethod
|
||||
def main(cls):
|
||||
tutils = token_utils.TokenUtils(
|
||||
futils = fernet_utils.FernetUtils(
|
||||
CONF.credential.key_repository,
|
||||
credential_fernet.MAX_ACTIVE_KEYS,
|
||||
'credential'
|
||||
)
|
||||
|
||||
keystone_user_id, keystone_group_id = cls.get_user_group()
|
||||
tutils.create_key_directory(keystone_user_id, keystone_group_id)
|
||||
if tutils.validate_key_repository(requires_write=True):
|
||||
tutils.initialize_key_repository(
|
||||
futils.create_key_directory(keystone_user_id, keystone_group_id)
|
||||
if futils.validate_key_repository(requires_write=True):
|
||||
futils.initialize_key_repository(
|
||||
keystone_user_id,
|
||||
keystone_group_id
|
||||
)
|
||||
@ -587,17 +587,17 @@ class CredentialRotate(BasePermissionsSetup):
|
||||
|
||||
@classmethod
|
||||
def main(cls):
|
||||
tutils = token_utils.TokenUtils(
|
||||
futils = fernet_utils.FernetUtils(
|
||||
CONF.credential.key_repository,
|
||||
credential_fernet.MAX_ACTIVE_KEYS,
|
||||
'credential'
|
||||
)
|
||||
|
||||
keystone_user_id, keystone_group_id = cls.get_user_group()
|
||||
if tutils.validate_key_repository(requires_write=True):
|
||||
if futils.validate_key_repository(requires_write=True):
|
||||
klass = cls()
|
||||
klass.validate_primary_key()
|
||||
tutils.rotate_keys(keystone_user_id, keystone_group_id)
|
||||
futils.rotate_keys(keystone_user_id, keystone_group_id)
|
||||
|
||||
|
||||
class CredentialMigrate(BasePermissionsSetup):
|
||||
@ -647,12 +647,12 @@ class CredentialMigrate(BasePermissionsSetup):
|
||||
@classmethod
|
||||
def main(cls):
|
||||
# Check to make sure we have a repository that works...
|
||||
tutils = token_utils.TokenUtils(
|
||||
futils = fernet_utils.FernetUtils(
|
||||
CONF.credential.key_repository,
|
||||
credential_fernet.MAX_ACTIVE_KEYS,
|
||||
'credential'
|
||||
)
|
||||
tutils.validate_key_repository(requires_write=True)
|
||||
futils.validate_key_repository(requires_write=True)
|
||||
klass = cls()
|
||||
klass.migrate_credentials()
|
||||
|
||||
|
@ -12,7 +12,7 @@
|
||||
|
||||
import keystone.conf
|
||||
|
||||
from keystone.common import token_utils as utils
|
||||
from keystone.common import fernet_utils as utils
|
||||
from keystone.credential.providers import fernet as credential_fernet
|
||||
|
||||
|
||||
@ -47,14 +47,14 @@ def symptom_usability_of_credential_fernet_key_repository():
|
||||
running keystone, but not world-readable, because it contains
|
||||
security sensitive secrets.
|
||||
"""
|
||||
token_utils = utils.TokenUtils(
|
||||
fernet_utils = utils.FernetUtils(
|
||||
CONF.credential.key_repository,
|
||||
credential_fernet.MAX_ACTIVE_KEYS,
|
||||
'credential'
|
||||
)
|
||||
return (
|
||||
'fernet' in CONF.credential.provider
|
||||
and not token_utils.validate_key_repository())
|
||||
and not fernet_utils.validate_key_repository())
|
||||
|
||||
|
||||
def symptom_keys_in_credential_fernet_key_repository():
|
||||
@ -65,11 +65,11 @@ def symptom_keys_in_credential_fernet_key_repository():
|
||||
key repository with keys, and periodically rotate your keys with
|
||||
`keystone-manage credential_rotate`.
|
||||
"""
|
||||
token_utils = utils.TokenUtils(
|
||||
fernet_utils = utils.FernetUtils(
|
||||
CONF.credential.key_repository,
|
||||
credential_fernet.MAX_ACTIVE_KEYS,
|
||||
'credential'
|
||||
)
|
||||
return (
|
||||
'fernet' in CONF.credential.provider
|
||||
and not token_utils.load_keys())
|
||||
and not fernet_utils.load_keys())
|
||||
|
@ -12,7 +12,7 @@
|
||||
|
||||
import keystone.conf
|
||||
|
||||
from keystone.common import token_utils as utils
|
||||
from keystone.common import fernet_utils as utils
|
||||
|
||||
|
||||
CONF = keystone.conf.CONF
|
||||
@ -25,14 +25,14 @@ def symptom_usability_of_Fernet_key_repository():
|
||||
keystone, but not world-readable, because it contains security-sensitive
|
||||
secrets.
|
||||
"""
|
||||
token_utils = utils.TokenUtils(
|
||||
fernet_utils = utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
)
|
||||
return (
|
||||
'fernet' in CONF.token.provider
|
||||
and not token_utils.validate_key_repository())
|
||||
and not fernet_utils.validate_key_repository())
|
||||
|
||||
|
||||
def symptom_keys_in_Fernet_key_repository():
|
||||
@ -43,11 +43,11 @@ def symptom_keys_in_Fernet_key_repository():
|
||||
with keys, and periodically rotate your keys with `keystone-manage
|
||||
fernet_rotate`.
|
||||
"""
|
||||
token_utils = utils.TokenUtils(
|
||||
fernet_utils = utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
)
|
||||
return (
|
||||
'fernet' in CONF.token.provider
|
||||
and not token_utils.load_keys())
|
||||
and not fernet_utils.load_keys())
|
||||
|
@ -33,7 +33,7 @@ CONF = keystone.conf.CONF
|
||||
NULL_KEY = base64.urlsafe_b64encode(b'\x00' * 32)
|
||||
|
||||
|
||||
class TokenUtils(object):
|
||||
class FernetUtils(object):
|
||||
|
||||
def __init__(self, key_repository=None, max_active_keys=None,
|
||||
config_group=None):
|
@ -16,7 +16,7 @@ from cryptography import fernet
|
||||
from oslo_log import log
|
||||
import six
|
||||
|
||||
from keystone.common import token_utils
|
||||
from keystone.common import fernet_utils
|
||||
import keystone.conf
|
||||
from keystone.credential.providers import core
|
||||
from keystone import exception
|
||||
@ -36,13 +36,13 @@ LOG = log.getLogger(__name__)
|
||||
# could remove a key used to encrypt credentials, leaving them recoverable.
|
||||
# This also means that we don't need to expose a `[credential] max_active_keys`
|
||||
# option through configuration. Instead we will use a global configuration and
|
||||
# share that across all places that need to use TokenUtils for credential
|
||||
# share that across all places that need to use FernetUtils for credential
|
||||
# encryption.
|
||||
MAX_ACTIVE_KEYS = 3
|
||||
|
||||
|
||||
def get_multi_fernet_keys():
|
||||
key_utils = token_utils.TokenUtils(
|
||||
key_utils = fernet_utils.FernetUtils(
|
||||
CONF.credential.key_repository, MAX_ACTIVE_KEYS,
|
||||
'credential')
|
||||
keys = key_utils.load_keys(use_null_key=True)
|
||||
@ -73,7 +73,7 @@ class Provider(core.Provider):
|
||||
"""
|
||||
crypto, keys = get_multi_fernet_keys()
|
||||
|
||||
if keys[0] == token_utils.NULL_KEY:
|
||||
if keys[0] == fernet_utils.NULL_KEY:
|
||||
LOG.warning(
|
||||
'Encrypting credentials with the null key. Please properly '
|
||||
'encrypt credentials using `keystone-manage credential_setup`,'
|
||||
@ -95,7 +95,7 @@ class Provider(core.Provider):
|
||||
:param credential: an encrypted credential string
|
||||
:returns: a decrypted credential
|
||||
"""
|
||||
key_utils = token_utils.TokenUtils(
|
||||
key_utils = fernet_utils.FernetUtils(
|
||||
CONF.credential.key_repository, MAX_ACTIVE_KEYS)
|
||||
keys = key_utils.load_keys(use_null_key=True)
|
||||
fernet_keys = [fernet.Fernet(key) for key in keys]
|
||||
|
@ -20,7 +20,7 @@ from oslo_config import fixture as config_fixture
|
||||
from oslo_log import log
|
||||
import six
|
||||
|
||||
from keystone.common import token_utils
|
||||
from keystone.common import fernet_utils
|
||||
from keystone.common import utils as common_utils
|
||||
import keystone.conf
|
||||
from keystone.credential.providers import fernet as credential_fernet
|
||||
@ -258,10 +258,10 @@ class ServiceHelperTests(unit.BaseTestCase):
|
||||
self.assertRaises(unit.UnexpectedExit, self._do_test)
|
||||
|
||||
|
||||
class TokenUtilsTestCase(unit.BaseTestCase):
|
||||
class FernetUtilsTestCase(unit.BaseTestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(TokenUtilsTestCase, self).setUp()
|
||||
super(FernetUtilsTestCase, self).setUp()
|
||||
self.config_fixture = self.useFixture(config_fixture.Config(CONF))
|
||||
|
||||
def test_debug_message_logged_when_loading_fernet_token_keys(self):
|
||||
@ -273,7 +273,7 @@ class TokenUtilsTestCase(unit.BaseTestCase):
|
||||
)
|
||||
)
|
||||
logging_fixture = self.useFixture(fixtures.FakeLogger(level=log.DEBUG))
|
||||
fernet_utilities = token_utils.TokenUtils(
|
||||
fernet_utilities = fernet_utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
@ -296,7 +296,7 @@ class TokenUtilsTestCase(unit.BaseTestCase):
|
||||
)
|
||||
)
|
||||
logging_fixture = self.useFixture(fixtures.FakeLogger(level=log.DEBUG))
|
||||
fernet_utilities = token_utils.TokenUtils(
|
||||
fernet_utilities = fernet_utils.FernetUtils(
|
||||
CONF.credential.key_repository,
|
||||
credential_fernet.MAX_ACTIVE_KEYS,
|
||||
'credential'
|
||||
|
@ -16,7 +16,7 @@ import uuid
|
||||
|
||||
from oslo_log import log
|
||||
|
||||
from keystone.common import token_utils
|
||||
from keystone.common import fernet_utils
|
||||
from keystone.credential.providers import fernet as credential_fernet
|
||||
from keystone.tests import unit
|
||||
from keystone.tests.unit import ksfixtures
|
||||
@ -63,7 +63,7 @@ class TestFernetCredentialProviderWithNullKey(unit.TestCase):
|
||||
)
|
||||
|
||||
def test_encryption_with_null_key(self):
|
||||
null_key = token_utils.NULL_KEY
|
||||
null_key = fernet_utils.NULL_KEY
|
||||
# NOTE(lhinds) This is marked as #nosec since bandit will see SHA1
|
||||
# which is marked insecure. Keystone uses SHA1 in this case as part of
|
||||
# HMAC-SHA1 which is currently not insecure but will still get
|
||||
|
@ -12,7 +12,7 @@
|
||||
|
||||
import fixtures
|
||||
|
||||
from keystone.common import token_utils as utils
|
||||
from keystone.common import fernet_utils as utils
|
||||
|
||||
|
||||
class KeyRepository(fixtures.Fixture):
|
||||
@ -28,10 +28,10 @@ class KeyRepository(fixtures.Fixture):
|
||||
self.config_fixture.config(group=self.key_group,
|
||||
key_repository=directory)
|
||||
|
||||
token_utils = utils.TokenUtils(
|
||||
fernet_utils = utils.FernetUtils(
|
||||
directory,
|
||||
self.max_active_keys,
|
||||
self.key_group
|
||||
)
|
||||
token_utils.create_key_directory()
|
||||
token_utils.initialize_key_repository()
|
||||
fernet_utils.create_key_directory()
|
||||
fernet_utils.initialize_key_repository()
|
||||
|
@ -841,7 +841,7 @@ class CredentialDoctorTests(unit.TestCase):
|
||||
def test_usability_of_cred_fernet_key_repo_raised(self, mock_utils):
|
||||
# Symptom Detected: credential fernet key repository is world readable
|
||||
self.config_fixture.config(group='credential', provider='fernet')
|
||||
mock_utils.TokenUtils().validate_key_repository.return_value = False
|
||||
mock_utils.FernetUtils().validate_key_repository.return_value = False
|
||||
self.assertTrue(
|
||||
credential.symptom_usability_of_credential_fernet_key_repository())
|
||||
|
||||
@ -849,13 +849,13 @@ class CredentialDoctorTests(unit.TestCase):
|
||||
def test_usability_of_cred_fernet_key_repo_not_raised(self, mock_utils):
|
||||
# No Symptom Detected: Custom driver is used
|
||||
self.config_fixture.config(group='credential', provider='my-driver')
|
||||
mock_utils.TokenUtils().validate_key_repository.return_value = True
|
||||
mock_utils.FernetUtils().validate_key_repository.return_value = True
|
||||
self.assertFalse(
|
||||
credential.symptom_usability_of_credential_fernet_key_repository())
|
||||
|
||||
# No Symptom Detected: key repository is not world readable
|
||||
self.config_fixture.config(group='credential', provider='fernet')
|
||||
mock_utils.TokenUtils().validate_key_repository.return_value = True
|
||||
mock_utils.FernetUtils().validate_key_repository.return_value = True
|
||||
self.assertFalse(
|
||||
credential.symptom_usability_of_credential_fernet_key_repository())
|
||||
|
||||
@ -863,7 +863,7 @@ class CredentialDoctorTests(unit.TestCase):
|
||||
def test_keys_in_credential_fernet_key_repository_raised(self, mock_utils):
|
||||
# Symptom Detected: Key repo is empty
|
||||
self.config_fixture.config(group='credential', provider='fernet')
|
||||
mock_utils.TokenUtils().load_keys.return_value = False
|
||||
mock_utils.FernetUtils().load_keys.return_value = False
|
||||
self.assertTrue(
|
||||
credential.symptom_keys_in_credential_fernet_key_repository())
|
||||
|
||||
@ -872,13 +872,13 @@ class CredentialDoctorTests(unit.TestCase):
|
||||
self, mock_utils):
|
||||
# No Symptom Detected: Custom driver is used
|
||||
self.config_fixture.config(group='credential', provider='my-driver')
|
||||
mock_utils.TokenUtils().load_keys.return_value = True
|
||||
mock_utils.FernetUtils().load_keys.return_value = True
|
||||
self.assertFalse(
|
||||
credential.symptom_keys_in_credential_fernet_key_repository())
|
||||
|
||||
# No Symptom Detected: Key repo is not empty, fernet is current driver
|
||||
self.config_fixture.config(group='credential', provider='fernet')
|
||||
mock_utils.TokenUtils().load_keys.return_value = True
|
||||
mock_utils.FernetUtils().load_keys.return_value = True
|
||||
self.assertFalse(
|
||||
credential.symptom_keys_in_credential_fernet_key_repository())
|
||||
|
||||
@ -1262,7 +1262,7 @@ class TokenFernetDoctorTests(unit.TestCase):
|
||||
def test_usability_of_Fernet_key_repository_raised(self, mock_utils):
|
||||
# Symptom Detected: Fernet key repo is world readable
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
mock_utils.TokenUtils().validate_key_repository.return_value = False
|
||||
mock_utils.FernetUtils().validate_key_repository.return_value = False
|
||||
self.assertTrue(
|
||||
tokens_fernet.symptom_usability_of_Fernet_key_repository())
|
||||
|
||||
@ -1270,14 +1270,14 @@ class TokenFernetDoctorTests(unit.TestCase):
|
||||
def test_usability_of_Fernet_key_repository_not_raised(self, mock_utils):
|
||||
# No Symptom Detected: UUID is used instead of fernet
|
||||
self.config_fixture.config(group='token', provider='uuid')
|
||||
mock_utils.TokenUtils().validate_key_repository.return_value = False
|
||||
mock_utils.FernetUtils().validate_key_repository.return_value = False
|
||||
self.assertFalse(
|
||||
tokens_fernet.symptom_usability_of_Fernet_key_repository())
|
||||
|
||||
# No Symptom Detected: configs set properly, key repo is not world
|
||||
# readable but is user readable
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
mock_utils.TokenUtils().validate_key_repository.return_value = True
|
||||
mock_utils.FernetUtils().validate_key_repository.return_value = True
|
||||
self.assertFalse(
|
||||
tokens_fernet.symptom_usability_of_Fernet_key_repository())
|
||||
|
||||
@ -1285,7 +1285,7 @@ class TokenFernetDoctorTests(unit.TestCase):
|
||||
def test_keys_in_Fernet_key_repository_raised(self, mock_utils):
|
||||
# Symptom Detected: Fernet key repository is empty
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
mock_utils.TokenUtils().load_keys.return_value = False
|
||||
mock_utils.FernetUtils().load_keys.return_value = False
|
||||
self.assertTrue(
|
||||
tokens_fernet.symptom_keys_in_Fernet_key_repository())
|
||||
|
||||
@ -1293,14 +1293,14 @@ class TokenFernetDoctorTests(unit.TestCase):
|
||||
def test_keys_in_Fernet_key_repository_not_raised(self, mock_utils):
|
||||
# No Symptom Detected: UUID is used instead of fernet
|
||||
self.config_fixture.config(group='token', provider='uuid')
|
||||
mock_utils.TokenUtils().load_keys.return_value = True
|
||||
mock_utils.FernetUtils().load_keys.return_value = True
|
||||
self.assertFalse(
|
||||
tokens_fernet.symptom_usability_of_Fernet_key_repository())
|
||||
|
||||
# No Symptom Detected: configs set properly, key repo has been
|
||||
# populated with keys
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
mock_utils.TokenUtils().load_keys.return_value = True
|
||||
mock_utils.FernetUtils().load_keys.return_value = True
|
||||
self.assertFalse(
|
||||
tokens_fernet.symptom_usability_of_Fernet_key_repository())
|
||||
|
||||
|
@ -21,8 +21,8 @@ from oslo_utils import timeutils
|
||||
import six
|
||||
|
||||
from keystone import auth
|
||||
from keystone.common import fernet_utils
|
||||
from keystone.common import provider_api
|
||||
from keystone.common import token_utils
|
||||
from keystone.common import utils
|
||||
import keystone.conf
|
||||
from keystone import exception
|
||||
@ -499,7 +499,7 @@ class TestFernetKeyRotation(unit.TestCase):
|
||||
|
||||
"""
|
||||
# Load the keys into a list, keys is list of six.text_type.
|
||||
key_utils = token_utils.TokenUtils(
|
||||
key_utils = fernet_utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
@ -567,7 +567,7 @@ class TestFernetKeyRotation(unit.TestCase):
|
||||
|
||||
# Rotate the keys just enough times to fully populate the key
|
||||
# repository.
|
||||
key_utils = token_utils.TokenUtils(
|
||||
key_utils = fernet_utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
@ -585,7 +585,7 @@ class TestFernetKeyRotation(unit.TestCase):
|
||||
|
||||
# Rotate an additional number of times to ensure that we maintain
|
||||
# the desired number of active keys.
|
||||
key_utils = token_utils.TokenUtils(
|
||||
key_utils = fernet_utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
@ -603,7 +603,7 @@ class TestFernetKeyRotation(unit.TestCase):
|
||||
# Make sure that the init key repository contains 2 keys
|
||||
self.assertRepositoryState(expected_size=2)
|
||||
|
||||
key_utils = token_utils.TokenUtils(
|
||||
key_utils = fernet_utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
@ -614,13 +614,13 @@ class TestFernetKeyRotation(unit.TestCase):
|
||||
file_handle = mock_open()
|
||||
file_handle.flush.side_effect = IOError('disk full')
|
||||
|
||||
with mock.patch('keystone.common.token_utils.open', mock_open):
|
||||
with mock.patch('keystone.common.fernet_utils.open', mock_open):
|
||||
self.assertRaises(IOError, key_utils.rotate_keys)
|
||||
|
||||
# Assert that the key repository is unchanged
|
||||
self.assertEqual(self.key_repository_size, 2)
|
||||
|
||||
with mock.patch('keystone.common.token_utils.open', mock_open):
|
||||
with mock.patch('keystone.common.fernet_utils.open', mock_open):
|
||||
self.assertRaises(IOError, key_utils.rotate_keys)
|
||||
|
||||
# Assert that the key repository is still unchanged, even after
|
||||
@ -640,7 +640,7 @@ class TestFernetKeyRotation(unit.TestCase):
|
||||
empty_file = os.path.join(CONF.fernet_tokens.key_repository, '2')
|
||||
with open(empty_file, 'w'):
|
||||
pass
|
||||
key_utils = token_utils.TokenUtils(
|
||||
key_utils = fernet_utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
@ -656,7 +656,7 @@ class TestFernetKeyRotation(unit.TestCase):
|
||||
evil_file = os.path.join(CONF.fernet_tokens.key_repository, '99.bak')
|
||||
with open(evil_file, 'w'):
|
||||
pass
|
||||
key_utils = token_utils.TokenUtils(
|
||||
key_utils = fernet_utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
@ -683,7 +683,7 @@ class TestLoadKeys(unit.TestCase):
|
||||
evil_file = os.path.join(CONF.fernet_tokens.key_repository, '~1')
|
||||
with open(evil_file, 'w'):
|
||||
pass
|
||||
key_utils = token_utils.TokenUtils(
|
||||
key_utils = fernet_utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
@ -696,7 +696,7 @@ class TestLoadKeys(unit.TestCase):
|
||||
empty_file = os.path.join(CONF.fernet_tokens.key_repository, '2')
|
||||
with open(empty_file, 'w'):
|
||||
pass
|
||||
key_utils = token_utils.TokenUtils(
|
||||
key_utils = fernet_utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
|
@ -23,7 +23,7 @@ import six
|
||||
from six.moves import map
|
||||
|
||||
from keystone.auth import plugins as auth_plugins
|
||||
from keystone.common import token_utils as utils
|
||||
from keystone.common import fernet_utils as utils
|
||||
from keystone.common import utils as ks_utils
|
||||
import keystone.conf
|
||||
from keystone import exception
|
||||
@ -55,12 +55,12 @@ class TokenFormatter(object):
|
||||
``encrypt(plaintext)`` and ``decrypt(ciphertext)``.
|
||||
|
||||
"""
|
||||
token_utils = utils.TokenUtils(
|
||||
fernet_utils = utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys,
|
||||
'fernet_tokens'
|
||||
)
|
||||
keys = token_utils.load_keys()
|
||||
keys = fernet_utils.load_keys()
|
||||
|
||||
if not keys:
|
||||
raise exception.KeysNotFound()
|
||||
|
Loading…
Reference in New Issue
Block a user