Refactor directory creation into a common place

There is a useful method in the fernet_utils.py module for creating
directories. We can reuse this for the jwt provider implementation.

This commit generalizes the logic and moves it into a common place
for fernet_utils to use. A subsequent patch introducing JWT
functionality will use the same utils.

bp json-web-tokens

Change-Id: I0e322a745683c43e8329110a165f54d2e998e0c7
This commit is contained in:
Lance Bragstad 2018-11-02 20:07:51 +00:00
parent e3c1633ea8
commit 6649144771
2 changed files with 39 additions and 23 deletions

View File

@ -17,6 +17,7 @@ import stat
from cryptography import fernet
from oslo_log import log
from keystone.common import utils
import keystone.conf
@ -74,29 +75,10 @@ class FernetUtils(object):
def create_key_directory(self, keystone_user_id=None,
keystone_group_id=None):
"""Attempt to create the key directory if it doesn't exist."""
if not os.access(self.key_repository, os.F_OK):
LOG.info(
'key_repository does not appear to exist; attempting to '
'create it')
try:
os.makedirs(self.key_repository, 0o700)
except OSError:
LOG.error(
'Failed to create key_repository: either it already '
'exists or you don\'t have sufficient permissions to '
'create it')
if keystone_user_id and keystone_group_id:
os.chown(
self.key_repository,
keystone_user_id,
keystone_group_id)
elif keystone_user_id or keystone_group_id:
LOG.warning(
'Unable to change the ownership of key_repository without '
'a keystone user ID and keystone group ID both being '
'provided: %s', self.key_repository)
utils.create_directory(
self.key_repository, keystone_user_id=keystone_user_id,
keystone_group_id=keystone_group_id
)
def _create_new_key(self, keystone_user_id, keystone_group_id):
"""Securely create a new encryption key.

View File

@ -457,3 +457,37 @@ def check_endpoint_url(url):
url.replace('$(', '%(') % substitutions
except (KeyError, TypeError, ValueError):
raise exception.URLValidationError(url)
def create_directory(directory, keystone_user_id=None, keystone_group_id=None):
"""Attempt to create a directory if it doesn't exist.
:param directory: string containing the path of the directory to create.
:param keystone_user_id: the system ID of the process running keystone.
:param keystone_group_id: the system ID of the group running keystone.
"""
if not os.access(directory, os.F_OK):
LOG.info(
'%s does not appear to exist; attempting to create it', directory
)
try:
os.makedirs(directory, 0o700)
except OSError:
LOG.error(
'Failed to create %s: either it already '
'exists or you don\'t have sufficient permissions to '
'create it', directory
)
if keystone_user_id and keystone_group_id:
os.chown(
directory,
keystone_user_id,
keystone_group_id)
elif keystone_user_id or keystone_group_id:
LOG.warning(
'Unable to change the ownership of key repository without '
'a keystone user ID and keystone group ID both being '
'provided: %s', directory)