Refactor directory creation into a common place
There is a useful method in the fernet_utils.py module for creating directories. We can reuse this for the jwt provider implementation. This commit generalizes the logic and moves it into a common place for fernet_utils to use. A subsequent patch introducing JWT functionality will use the same utils. bp json-web-tokens Change-Id: I0e322a745683c43e8329110a165f54d2e998e0c7
This commit is contained in:
parent
e3c1633ea8
commit
6649144771
@ -17,6 +17,7 @@ import stat
|
|||||||
from cryptography import fernet
|
from cryptography import fernet
|
||||||
from oslo_log import log
|
from oslo_log import log
|
||||||
|
|
||||||
|
from keystone.common import utils
|
||||||
import keystone.conf
|
import keystone.conf
|
||||||
|
|
||||||
|
|
||||||
@ -74,29 +75,10 @@ class FernetUtils(object):
|
|||||||
def create_key_directory(self, keystone_user_id=None,
|
def create_key_directory(self, keystone_user_id=None,
|
||||||
keystone_group_id=None):
|
keystone_group_id=None):
|
||||||
"""Attempt to create the key directory if it doesn't exist."""
|
"""Attempt to create the key directory if it doesn't exist."""
|
||||||
if not os.access(self.key_repository, os.F_OK):
|
utils.create_directory(
|
||||||
LOG.info(
|
self.key_repository, keystone_user_id=keystone_user_id,
|
||||||
'key_repository does not appear to exist; attempting to '
|
keystone_group_id=keystone_group_id
|
||||||
'create it')
|
)
|
||||||
|
|
||||||
try:
|
|
||||||
os.makedirs(self.key_repository, 0o700)
|
|
||||||
except OSError:
|
|
||||||
LOG.error(
|
|
||||||
'Failed to create key_repository: either it already '
|
|
||||||
'exists or you don\'t have sufficient permissions to '
|
|
||||||
'create it')
|
|
||||||
|
|
||||||
if keystone_user_id and keystone_group_id:
|
|
||||||
os.chown(
|
|
||||||
self.key_repository,
|
|
||||||
keystone_user_id,
|
|
||||||
keystone_group_id)
|
|
||||||
elif keystone_user_id or keystone_group_id:
|
|
||||||
LOG.warning(
|
|
||||||
'Unable to change the ownership of key_repository without '
|
|
||||||
'a keystone user ID and keystone group ID both being '
|
|
||||||
'provided: %s', self.key_repository)
|
|
||||||
|
|
||||||
def _create_new_key(self, keystone_user_id, keystone_group_id):
|
def _create_new_key(self, keystone_user_id, keystone_group_id):
|
||||||
"""Securely create a new encryption key.
|
"""Securely create a new encryption key.
|
||||||
|
@ -457,3 +457,37 @@ def check_endpoint_url(url):
|
|||||||
url.replace('$(', '%(') % substitutions
|
url.replace('$(', '%(') % substitutions
|
||||||
except (KeyError, TypeError, ValueError):
|
except (KeyError, TypeError, ValueError):
|
||||||
raise exception.URLValidationError(url)
|
raise exception.URLValidationError(url)
|
||||||
|
|
||||||
|
|
||||||
|
def create_directory(directory, keystone_user_id=None, keystone_group_id=None):
|
||||||
|
"""Attempt to create a directory if it doesn't exist.
|
||||||
|
|
||||||
|
:param directory: string containing the path of the directory to create.
|
||||||
|
:param keystone_user_id: the system ID of the process running keystone.
|
||||||
|
:param keystone_group_id: the system ID of the group running keystone.
|
||||||
|
|
||||||
|
"""
|
||||||
|
if not os.access(directory, os.F_OK):
|
||||||
|
LOG.info(
|
||||||
|
'%s does not appear to exist; attempting to create it', directory
|
||||||
|
)
|
||||||
|
|
||||||
|
try:
|
||||||
|
os.makedirs(directory, 0o700)
|
||||||
|
except OSError:
|
||||||
|
LOG.error(
|
||||||
|
'Failed to create %s: either it already '
|
||||||
|
'exists or you don\'t have sufficient permissions to '
|
||||||
|
'create it', directory
|
||||||
|
)
|
||||||
|
|
||||||
|
if keystone_user_id and keystone_group_id:
|
||||||
|
os.chown(
|
||||||
|
directory,
|
||||||
|
keystone_user_id,
|
||||||
|
keystone_group_id)
|
||||||
|
elif keystone_user_id or keystone_group_id:
|
||||||
|
LOG.warning(
|
||||||
|
'Unable to change the ownership of key repository without '
|
||||||
|
'a keystone user ID and keystone group ID both being '
|
||||||
|
'provided: %s', directory)
|
||||||
|
Loading…
Reference in New Issue
Block a user