Replace key manager with Castellan
Because key manager code is duplicated across several projects, a key manager interface was moved into its own library. This patch goes back to replace the old code with the new library. Change-Id: Ib563b0ea4b8b4bc1833bf52bf49a68546c384996 Implements: blueprint use-castellan-key-manager
This commit is contained in:
parent
56087a9d5b
commit
c7ccad4a02
@ -50,7 +50,7 @@ from nova.conf import hyperv
|
|||||||
from nova.conf import image_file_url
|
from nova.conf import image_file_url
|
||||||
from nova.conf import ipv6
|
from nova.conf import ipv6
|
||||||
from nova.conf import ironic
|
from nova.conf import ironic
|
||||||
from nova.conf import keymgr
|
from nova.conf import key_manager
|
||||||
# from nova.conf import keystone_authtoken
|
# from nova.conf import keystone_authtoken
|
||||||
# from nova.conf import libvirt
|
# from nova.conf import libvirt
|
||||||
from nova.conf import mks
|
from nova.conf import mks
|
||||||
@ -120,7 +120,7 @@ mks.register_opts(CONF)
|
|||||||
image_file_url.register_opts(CONF)
|
image_file_url.register_opts(CONF)
|
||||||
ipv6.register_opts(CONF)
|
ipv6.register_opts(CONF)
|
||||||
ironic.register_opts(CONF)
|
ironic.register_opts(CONF)
|
||||||
keymgr.register_opts(CONF)
|
key_manager.register_opts(CONF)
|
||||||
# keystone_authtoken.register_opts(CONF)
|
# keystone_authtoken.register_opts(CONF)
|
||||||
# libvirt.register_opts(CONF)
|
# libvirt.register_opts(CONF)
|
||||||
# matchmaker_redis.register_opts(CONF)
|
# matchmaker_redis.register_opts(CONF)
|
||||||
|
@ -14,24 +14,21 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
import array
|
import binascii
|
||||||
import codecs
|
|
||||||
|
|
||||||
|
from castellan.common.objects import symmetric_key as key
|
||||||
import mock
|
import mock
|
||||||
import six
|
import six
|
||||||
|
|
||||||
from nova import exception
|
from nova import exception
|
||||||
from nova.keymgr import key
|
|
||||||
from nova.tests.unit.volume.encryptors import test_base
|
from nova.tests.unit.volume.encryptors import test_base
|
||||||
from nova.volume.encryptors import cryptsetup
|
from nova.volume.encryptors import cryptsetup
|
||||||
|
|
||||||
decode_hex = codecs.getdecoder("hex_codec")
|
|
||||||
|
|
||||||
|
|
||||||
def fake__get_key(context):
|
def fake__get_key(context):
|
||||||
raw = array.array('B', decode_hex('0' * 64)[0]).tolist()
|
raw = bytes(binascii.unhexlify('0' * 32))
|
||||||
|
|
||||||
symmetric_key = key.SymmetricKey('AES', raw)
|
symmetric_key = key.SymmetricKey('AES', len(raw) * 8, raw)
|
||||||
return symmetric_key
|
return symmetric_key
|
||||||
|
|
||||||
|
|
||||||
|
@ -14,6 +14,7 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
import binascii
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
@ -54,7 +55,7 @@ class CryptsetupEncryptor(base.VolumeEncryptor):
|
|||||||
|
|
||||||
def _get_passphrase(self, key):
|
def _get_passphrase(self, key):
|
||||||
"""Convert raw key to string."""
|
"""Convert raw key to string."""
|
||||||
return ''.join(hex(x).replace('0x', '') for x in key)
|
return binascii.hexlify(key).decode('utf-8')
|
||||||
|
|
||||||
def _open_volume(self, passphrase, **kwargs):
|
def _open_volume(self, passphrase, **kwargs):
|
||||||
"""Opens the LUKS partition on the volume using the specified
|
"""Opens the LUKS partition on the volume using the specified
|
||||||
|
Loading…
Reference in New Issue
Block a user