From c7ccad4a0241fe16cf86603f38615a200d2ff100 Mon Sep 17 00:00:00 2001
From: Kaitlin Farr <kaitlin.farr@jhuapl.edu>
Date: Thu, 21 Apr 2016 14:58:46 -0400
Subject: [PATCH] Replace key manager with Castellan

Because key manager code is duplicated across several projects, a key
manager interface was moved into its own library. This patch goes back
to replace the old code with the new library.

Change-Id: Ib563b0ea4b8b4bc1833bf52bf49a68546c384996
Implements: blueprint use-castellan-key-manager
---
 nova/conf/__init__.py                                |  4 ++--
 nova/tests/unit/volume/encryptors/test_cryptsetup.py | 11 ++++-------
 nova/volume/encryptors/cryptsetup.py                 |  3 ++-
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/nova/conf/__init__.py b/nova/conf/__init__.py
index 5026cbaed..cd45e3270 100644
--- a/nova/conf/__init__.py
+++ b/nova/conf/__init__.py
@@ -50,7 +50,7 @@ from nova.conf import hyperv
 from nova.conf import image_file_url
 from nova.conf import ipv6
 from nova.conf import ironic
-from nova.conf import keymgr
+from nova.conf import key_manager
 # from nova.conf import keystone_authtoken
 # from nova.conf import libvirt
 from nova.conf import mks
@@ -120,7 +120,7 @@ mks.register_opts(CONF)
 image_file_url.register_opts(CONF)
 ipv6.register_opts(CONF)
 ironic.register_opts(CONF)
-keymgr.register_opts(CONF)
+key_manager.register_opts(CONF)
 # keystone_authtoken.register_opts(CONF)
 # libvirt.register_opts(CONF)
 # matchmaker_redis.register_opts(CONF)
diff --git a/nova/tests/unit/volume/encryptors/test_cryptsetup.py b/nova/tests/unit/volume/encryptors/test_cryptsetup.py
index 175c88fd4..0d8957d93 100644
--- a/nova/tests/unit/volume/encryptors/test_cryptsetup.py
+++ b/nova/tests/unit/volume/encryptors/test_cryptsetup.py
@@ -14,24 +14,21 @@
 #    under the License.
 
 
-import array
-import codecs
+import binascii
 
+from castellan.common.objects import symmetric_key as key
 import mock
 import six
 
 from nova import exception
-from nova.keymgr import key
 from nova.tests.unit.volume.encryptors import test_base
 from nova.volume.encryptors import cryptsetup
 
-decode_hex = codecs.getdecoder("hex_codec")
-
 
 def fake__get_key(context):
-    raw = array.array('B', decode_hex('0' * 64)[0]).tolist()
+    raw = bytes(binascii.unhexlify('0' * 32))
 
-    symmetric_key = key.SymmetricKey('AES', raw)
+    symmetric_key = key.SymmetricKey('AES', len(raw) * 8, raw)
     return symmetric_key
 
 
diff --git a/nova/volume/encryptors/cryptsetup.py b/nova/volume/encryptors/cryptsetup.py
index 692b20f4c..72cdd183e 100644
--- a/nova/volume/encryptors/cryptsetup.py
+++ b/nova/volume/encryptors/cryptsetup.py
@@ -14,6 +14,7 @@
 #    under the License.
 
 
+import binascii
 import os
 
 from oslo_log import log as logging
@@ -54,7 +55,7 @@ class CryptsetupEncryptor(base.VolumeEncryptor):
 
     def _get_passphrase(self, key):
         """Convert raw key to string."""
-        return ''.join(hex(x).replace('0x', '') for x in key)
+        return binascii.hexlify(key).decode('utf-8')
 
     def _open_volume(self, passphrase, **kwargs):
         """Opens the LUKS partition on the volume using the specified