From d023b103e550f8237cb3cea72b99bbcf70791413 Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Thu, 5 Dec 2019 19:49:37 -0600 Subject: [PATCH] Properly instantiate FernetUtils The FernetUtils object had kwargs for the key_repository, max_active_keys, and the config_group. The credential API uses an instance of the FernetUtils object to encrypt and decrypt credentials, but the object wasn't instantiated with the config_group set. This resulted in an error message like: Either [None] key_repository does... When the credential key repository wasn't configured. We should be setting the config_group so that we provide a more useful error message instead of a random `None`. All of the arguments are now made mandatory, since this is how they are called in all but this one place. Co-Authored-By: Grzegorz Grasza Change-Id: Ia32cc12121ee243a003e5eb2fc832cc6a33ef499 --- keystone/common/fernet_utils.py | 4 ++-- keystone/credential/providers/fernet/core.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/keystone/common/fernet_utils.py b/keystone/common/fernet_utils.py index 9188dfbfc6..928c2488d1 100644 --- a/keystone/common/fernet_utils.py +++ b/keystone/common/fernet_utils.py @@ -36,8 +36,8 @@ NULL_KEY = base64.urlsafe_b64encode(b'\x00' * 32) class FernetUtils(object): - def __init__(self, key_repository=None, max_active_keys=None, - config_group=None): + def __init__(self, key_repository, max_active_keys, + config_group): self.key_repository = key_repository self.max_active_keys = max_active_keys self.config_group = config_group diff --git a/keystone/credential/providers/fernet/core.py b/keystone/credential/providers/fernet/core.py index 5c3e43e55c..411f0a4064 100644 --- a/keystone/credential/providers/fernet/core.py +++ b/keystone/credential/providers/fernet/core.py @@ -97,7 +97,7 @@ class Provider(core.Provider): :returns: a decrypted credential """ key_utils = fernet_utils.FernetUtils( - CONF.credential.key_repository, MAX_ACTIVE_KEYS) + CONF.credential.key_repository, MAX_ACTIVE_KEYS, 'credential') keys = key_utils.load_keys(use_null_key=True) fernet_keys = [fernet.Fernet(key) for key in keys] crypto = fernet.MultiFernet(fernet_keys)