Properly instantiate FernetUtils

The FernetUtils object had kwargs for the key_repository, max_active_keys, and the config_group. The credential API uses an instance of the FernetUtils object to encrypt and decrypt credentials, but the object wasn't instantiated with the config_group set. This resulted in an error message like: Either [None] key_repository does... When the credential key repository wasn't configured. We should be setting the config_group so that we provide a more useful error message instead of a random `None`. All of the arguments are now made mandatory, since this is how they are called in all but this one place. Co-Authored-By: Grzegorz Grasza <xek@redhat.com> Change-Id: Ia32cc12121ee243a003e5eb2fc832cc6a33ef499
2019-12-05 19:49:37 -06:00 · 2019-12-05 19:49:37 -06:00 · d023b103e5
commit d023b103e5
parent 72cbaa91ff
2 changed files with 3 additions and 3 deletions
--- a/keystone/common/fernet_utils.py
+++ b/keystone/common/fernet_utils.py
@ -36,8 +36,8 @@ NULL_KEY = base64.urlsafe_b64encode(b'\x00' * 32)
 class FernetUtils(object):
-    def __init__(self, key_repository=None, max_active_keys=None,
+    def __init__(self, key_repository, max_active_keys,
-                 config_group=None):
+                 config_group):
        self.key_repository = key_repository
        self.max_active_keys = max_active_keys
        self.config_group = config_group
--- a/keystone/credential/providers/fernet/core.py
+++ b/keystone/credential/providers/fernet/core.py
@ -97,7 +97,7 @@ class Provider(core.Provider):
        :returns: a decrypted credential
        """
        key_utils = fernet_utils.FernetUtils(
-            CONF.credential.key_repository, MAX_ACTIVE_KEYS)
+            CONF.credential.key_repository, MAX_ACTIVE_KEYS, 'credential')
        keys = key_utils.load_keys(use_null_key=True)
        fernet_keys = [fernet.Fernet(key) for key in keys]
        crypto = fernet.MultiFernet(fernet_keys)