openstack/swift
Code Issues Proposed changes

fix barbican integration

Browse Source 
Added auth_url to the context we pass to castellan
library. In a change [1] intended to deprecate the use
of auth_endpoint passed as the oslo config, it actually
completely removed the use of it[2], so this change became
necessary or the integration is broken.

[1] - https://review.openstack.org/#/c/483457
[2] - https://review.openstack.org/#/c/483457/6/castellan/key_manager/barbican_key_manager.py@143

Change-Id: I933367fa46aa0a3dc9aedf078b1be715bfa8c054
This commit is contained in:
Thiago da Silva 2018-01-11 07:15:48 -05:00
parent b0242f4fdc
commit a9964a7fc3
4 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
etc/keymaster.conf-sample
View File

@ -51,11 +51,10 @@
# Instead of the project name, the project id may also be used. # Instead of the project name, the project id may also be used.
# project_id = changeme # project_id = changeme
# The Keystone URL to authenticate to. The value of auth_url may be # The Keystone URL to authenticate to. The value of auth_endpoint may be
# set according to the value of auth_uri in [filter:authtoken] in # set according to the value of auth_uri in [filter:authtoken] in
# proxy-server.conf. Currently, the only supported version of the Identity API # proxy-server.conf.
# is v3, which requires that the url end in "/v3". # auth_endpoint = http://keystonehost/identity
# auth_endpoint = http://keystonehost:5000/v3
# The project and user domain names may optionally be specified. If they are # The project and user domain names may optionally be specified. If they are
# not specified, the default values of 'Default' (for *_domain_name) and # not specified, the default values of 'Default' (for *_domain_name) and

2
setup.cfg
View File

@ -65,7 +65,7 @@ scripts =
[extras] [extras]
kms_keymaster = kms_keymaster =
oslo.config>=4.0.0,!=4.3.0,!=4.4.0 # Apache-2.0 oslo.config>=4.0.0,!=4.3.0,!=4.4.0 # Apache-2.0
castellan>=0.7.0 # Apache-2.0 castellan>=0.13.0 # Apache-2.0
[entry_points] [entry_points]
paste.app_factory = paste.app_factory =

1
swift/common/middleware/crypto/kms_keymaster.py
View File

@ -59,6 +59,7 @@ class KmsKeyMaster(KeyMaster):
set(keymaster_opts).intersection(conf)))) set(keymaster_opts).intersection(conf))))
conf = readconf(self.keymaster_config_path, 'kms_keymaster') conf = readconf(self.keymaster_config_path, 'kms_keymaster')
ctxt = keystone_password.KeystonePassword( ctxt = keystone_password.KeystonePassword(
auth_url=conf.get('auth_endpoint'),
username=conf.get('username'), username=conf.get('username'),
password=conf.get('password'), password=conf.get('password'),
project_name=conf.get('project_name'), project_name=conf.get('project_name'),

24
test/unit/common/middleware/crypto/test_kms_keymaster.py
View File

@ -78,15 +78,16 @@ def mock_config_opts_side_effect(*args, **kwargs):
return dict() return dict()
def mock_keystone_password_side_effect(username, password, project_name, def mock_keystone_password_side_effect(auth_url, username, password,
user_domain_name, project_domain_name, project_name, user_domain_name,
user_id, user_domain_id, trust_id, project_domain_name, user_id,
user_domain_id, trust_id,
domain_id, domain_name, project_id, domain_id, domain_name, project_id,
project_domain_id, reauthenticate): project_domain_id, reauthenticate):
return MockPassword(username, password, project_name, user_domain_name, return MockPassword(auth_url, username, password, project_name,
project_domain_name, user_id, user_domain_id, trust_id, user_domain_name, project_domain_name, user_id,
domain_id, domain_name, project_id, project_domain_id, user_domain_id, trust_id, domain_id, domain_name,
reauthenticate) project_id, project_domain_id, reauthenticate)
ERR_MESSAGE_SECRET_INCORRECTLY_SPECIFIED = 'Secret incorrectly specified.' ERR_MESSAGE_SECRET_INCORRECTLY_SPECIFIED = 'Secret incorrectly specified.'
ERR_MESSAGE_KEY_UUID_NOT_FOUND = 'Key not found, uuid: ' ERR_MESSAGE_KEY_UUID_NOT_FOUND = 'Key not found, uuid: '
@ -154,10 +155,11 @@ class MockBarbicanKey(object):
class MockPassword(object): class MockPassword(object):
def __init__(self, username, password, project_name, user_domain_name, def __init__(self, auth_url, username, password, project_name,
project_domain_name, user_id, user_domain_id, trust_id, user_domain_name, project_domain_name, user_id,
domain_id, domain_name, project_id, project_domain_id, user_domain_id, trust_id, domain_id, domain_name, project_id,
reauthenticate): project_domain_id, reauthenticate):
self.auth_url = auth_url
self.password = password self.password = password
self.username = username self.username = username
self.user_domain_name = user_domain_name self.user_domain_name = user_domain_name