diff --git a/etc/keymaster.conf-sample b/etc/keymaster.conf-sample index 56f069f52e..c3ace4f009 100644 --- a/etc/keymaster.conf-sample +++ b/etc/keymaster.conf-sample @@ -51,11 +51,10 @@ # Instead of the project name, the project id may also be used. # project_id = changeme -# The Keystone URL to authenticate to. The value of auth_url may be +# The Keystone URL to authenticate to. The value of auth_endpoint may be # set according to the value of auth_uri in [filter:authtoken] in -# proxy-server.conf. Currently, the only supported version of the Identity API -# is v3, which requires that the url end in "/v3". -# auth_endpoint = http://keystonehost:5000/v3 +# proxy-server.conf. +# auth_endpoint = http://keystonehost/identity # The project and user domain names may optionally be specified. If they are # not specified, the default values of 'Default' (for *_domain_name) and diff --git a/setup.cfg b/setup.cfg index 945de78c5f..bae8258594 100644 --- a/setup.cfg +++ b/setup.cfg @@ -65,7 +65,7 @@ scripts = [extras] kms_keymaster = oslo.config>=4.0.0,!=4.3.0,!=4.4.0 # Apache-2.0 - castellan>=0.7.0 # Apache-2.0 + castellan>=0.13.0 # Apache-2.0 [entry_points] paste.app_factory = diff --git a/swift/common/middleware/crypto/kms_keymaster.py b/swift/common/middleware/crypto/kms_keymaster.py index 383953d809..4c4395d86d 100644 --- a/swift/common/middleware/crypto/kms_keymaster.py +++ b/swift/common/middleware/crypto/kms_keymaster.py @@ -59,6 +59,7 @@ class KmsKeyMaster(KeyMaster): set(keymaster_opts).intersection(conf)))) conf = readconf(self.keymaster_config_path, 'kms_keymaster') ctxt = keystone_password.KeystonePassword( + auth_url=conf.get('auth_endpoint'), username=conf.get('username'), password=conf.get('password'), project_name=conf.get('project_name'), diff --git a/test/unit/common/middleware/crypto/test_kms_keymaster.py b/test/unit/common/middleware/crypto/test_kms_keymaster.py index a2c2206e4f..6cf342724b 100644 --- a/test/unit/common/middleware/crypto/test_kms_keymaster.py +++ b/test/unit/common/middleware/crypto/test_kms_keymaster.py @@ -78,15 +78,16 @@ def mock_config_opts_side_effect(*args, **kwargs): return dict() -def mock_keystone_password_side_effect(username, password, project_name, - user_domain_name, project_domain_name, - user_id, user_domain_id, trust_id, +def mock_keystone_password_side_effect(auth_url, username, password, + project_name, user_domain_name, + project_domain_name, user_id, + user_domain_id, trust_id, domain_id, domain_name, project_id, project_domain_id, reauthenticate): - return MockPassword(username, password, project_name, user_domain_name, - project_domain_name, user_id, user_domain_id, trust_id, - domain_id, domain_name, project_id, project_domain_id, - reauthenticate) + return MockPassword(auth_url, username, password, project_name, + user_domain_name, project_domain_name, user_id, + user_domain_id, trust_id, domain_id, domain_name, + project_id, project_domain_id, reauthenticate) ERR_MESSAGE_SECRET_INCORRECTLY_SPECIFIED = 'Secret incorrectly specified.' ERR_MESSAGE_KEY_UUID_NOT_FOUND = 'Key not found, uuid: ' @@ -154,10 +155,11 @@ class MockBarbicanKey(object): class MockPassword(object): - def __init__(self, username, password, project_name, user_domain_name, - project_domain_name, user_id, user_domain_id, trust_id, - domain_id, domain_name, project_id, project_domain_id, - reauthenticate): + def __init__(self, auth_url, username, password, project_name, + user_domain_name, project_domain_name, user_id, + user_domain_id, trust_id, domain_id, domain_name, project_id, + project_domain_id, reauthenticate): + self.auth_url = auth_url self.password = password self.username = username self.user_domain_name = user_domain_name