Properly instantiate FernetUtils

The FernetUtils object had kwargs for the key_repository,
max_active_keys, and the config_group. The credential API uses an
instance of the FernetUtils object to encrypt and decrypt credentials,
but the object wasn't instantiated with the config_group set. This
resulted in an error message like:

  Either [None] key_repository does...

When the credential key repository wasn't configured. We should be
setting the config_group so that we provide a more useful error
message instead of a random `None`.

All of the arguments are now made mandatory, since this is how
they are called in all but this one place.
Co-Authored-By: Grzegorz Grasza <xek@redhat.com>
Change-Id: Ia32cc12121ee243a003e5eb2fc832cc6a33ef499

keystone/common/fernet_utils.py

@@ -36,8 +36,8 @@ NULL_KEY = base64.urlsafe_b64encode(b'\x00' * 32)
 
 class FernetUtils(object):
 
-    def __init__(self, key_repository=None, max_active_keys=None,
-                 config_group=None):
+    def __init__(self, key_repository, max_active_keys,
+                 config_group):
         self.key_repository = key_repository
         self.max_active_keys = max_active_keys
         self.config_group = config_group

keystone/credential/providers/fernet/core.py

@@ -97,7 +97,7 @@ class Provider(core.Provider):
         :returns: a decrypted credential
         """
         key_utils = fernet_utils.FernetUtils(
-            CONF.credential.key_repository, MAX_ACTIVE_KEYS)
+            CONF.credential.key_repository, MAX_ACTIVE_KEYS, 'credential')
         keys = key_utils.load_keys(use_null_key=True)
         fernet_keys = [fernet.Fernet(key) for key in keys]
         crypto = fernet.MultiFernet(fernet_keys)