Refactor directory creation into a common place
There is a useful method in the fernet_utils.py module for creating directories. We can reuse this for the jwt provider implementation. This commit generalizes the logic and moves it into a common place for fernet_utils to use. A subsequent patch introducing JWT functionality will use the same utils. bp json-web-tokens Change-Id: I0e322a745683c43e8329110a165f54d2e998e0c7
This commit is contained in:
parent
e3c1633ea8
commit
6649144771
|
@ -17,6 +17,7 @@ import stat
|
|||
from cryptography import fernet
|
||||
from oslo_log import log
|
||||
|
||||
from keystone.common import utils
|
||||
import keystone.conf
|
||||
|
||||
|
||||
|
@ -74,29 +75,10 @@ class FernetUtils(object):
|
|||
def create_key_directory(self, keystone_user_id=None,
|
||||
keystone_group_id=None):
|
||||
"""Attempt to create the key directory if it doesn't exist."""
|
||||
if not os.access(self.key_repository, os.F_OK):
|
||||
LOG.info(
|
||||
'key_repository does not appear to exist; attempting to '
|
||||
'create it')
|
||||
|
||||
try:
|
||||
os.makedirs(self.key_repository, 0o700)
|
||||
except OSError:
|
||||
LOG.error(
|
||||
'Failed to create key_repository: either it already '
|
||||
'exists or you don\'t have sufficient permissions to '
|
||||
'create it')
|
||||
|
||||
if keystone_user_id and keystone_group_id:
|
||||
os.chown(
|
||||
self.key_repository,
|
||||
keystone_user_id,
|
||||
keystone_group_id)
|
||||
elif keystone_user_id or keystone_group_id:
|
||||
LOG.warning(
|
||||
'Unable to change the ownership of key_repository without '
|
||||
'a keystone user ID and keystone group ID both being '
|
||||
'provided: %s', self.key_repository)
|
||||
utils.create_directory(
|
||||
self.key_repository, keystone_user_id=keystone_user_id,
|
||||
keystone_group_id=keystone_group_id
|
||||
)
|
||||
|
||||
def _create_new_key(self, keystone_user_id, keystone_group_id):
|
||||
"""Securely create a new encryption key.
|
||||
|
|
|
@ -457,3 +457,37 @@ def check_endpoint_url(url):
|
|||
url.replace('$(', '%(') % substitutions
|
||||
except (KeyError, TypeError, ValueError):
|
||||
raise exception.URLValidationError(url)
|
||||
|
||||
|
||||
def create_directory(directory, keystone_user_id=None, keystone_group_id=None):
|
||||
"""Attempt to create a directory if it doesn't exist.
|
||||
|
||||
:param directory: string containing the path of the directory to create.
|
||||
:param keystone_user_id: the system ID of the process running keystone.
|
||||
:param keystone_group_id: the system ID of the group running keystone.
|
||||
|
||||
"""
|
||||
if not os.access(directory, os.F_OK):
|
||||
LOG.info(
|
||||
'%s does not appear to exist; attempting to create it', directory
|
||||
)
|
||||
|
||||
try:
|
||||
os.makedirs(directory, 0o700)
|
||||
except OSError:
|
||||
LOG.error(
|
||||
'Failed to create %s: either it already '
|
||||
'exists or you don\'t have sufficient permissions to '
|
||||
'create it', directory
|
||||
)
|
||||
|
||||
if keystone_user_id and keystone_group_id:
|
||||
os.chown(
|
||||
directory,
|
||||
keystone_user_id,
|
||||
keystone_group_id)
|
||||
elif keystone_user_id or keystone_group_id:
|
||||
LOG.warning(
|
||||
'Unable to change the ownership of key repository without '
|
||||
'a keystone user ID and keystone group ID both being '
|
||||
'provided: %s', directory)
|
||||
|
|
Loading…
Reference in New Issue