Check context before returning cached value

The key manager caches the value of barbican client to be reused,
saving an extra call to keystone.  The cached value is only
applicable to the current context, so the context must be checked
before returning the cached value.

Change-Id: Ib10909a098fb2cd070129c239b6d3b95edc8fea0
Closes-Bug: #1523646

diff --git a/cinder/keymgr/barbican.py b/cinder/keymgr/barbican.py
index 10373c2af782de9fedb370f0673e107dd92a5931..9f71890b5d25268ba0876c1def3fb509271778e6 100644 (file)
--- a/cinder/keymgr/barbican.py
+++ b/cinder/keymgr/barbican.py
@@ -49,6 +49,7 @@ class BarbicanKeyManager(key_mgr.KeyManager):
         self._base_url = CONF.keymgr.encryption_api_url
         self._parse_barbican_api_url()
         self._barbican_client = None
+        self._current_context = None
 
     def _parse_barbican_api_url(self):
         """Setup member variables to reference the Barbican URL.
@@ -84,30 +85,34 @@ class BarbicanKeyManager(key_mgr.KeyManager):
                                  or project_id is None
         """
 
-        if not self._barbican_client:
-            # Confirm context is provided, if not raise not authorized
-            if not ctxt:
-                msg = _("User is not authorized to use key manager.")
-                LOG.error(msg)
-                raise exception.NotAuthorized(msg)
-
-            if not hasattr(ctxt, 'project_id') or ctxt.project_id is None:
-                msg = _("Unable to create Barbican Client without project_id.")
-                LOG.error(msg)
-                raise exception.KeyManagerError(msg)
-
-            try:
-                auth = identity.v3.Token(
-                    auth_url=CONF.keymgr.encryption_auth_url,
-                    token=ctxt.auth_token,
-                    project_id=ctxt.project_id)
-                sess = session.Session(auth=auth)
-                self._barbican_client = barbican_client.Client(
-                    session=sess,
-                    endpoint=self._barbican_endpoint)
-            except Exception:
-                with excutils.save_and_reraise_exception():
-                    LOG.exception(_LE("Error creating Barbican client."))
+        # Confirm context is provided, if not raise not authorized
+        if not ctxt:
+            msg = _("User is not authorized to use key manager.")
+            LOG.error(msg)
+            raise exception.NotAuthorized(msg)
+
+        if not hasattr(ctxt, 'project_id') or ctxt.project_id is None:
+            msg = _("Unable to create Barbican Client without project_id.")
+            LOG.error(msg)
+            raise exception.KeyManagerError(msg)
+
+        # If same context, return cached barbican client
+        if self._barbican_client and self._current_context == ctxt:
+            return self._barbican_client
+
+        try:
+            auth = identity.v3.Token(
+                auth_url=CONF.keymgr.encryption_auth_url,
+                token=ctxt.auth_token,
+                project_id=ctxt.project_id)
+            sess = session.Session(auth=auth)
+            self._barbican_client = barbican_client.Client(
+                session=sess,
+                endpoint=self._barbican_endpoint)
+            self._current_context = ctxt
+        except Exception:
+            with excutils.save_and_reraise_exception():
+                LOG.exception(_LE("Error creating Barbican client."))
 
         return self._barbican_client
 

diff --git a/cinder/tests/unit/keymgr/test_barbican.py b/cinder/tests/unit/keymgr/test_barbican.py
index 694bee6195bc6ae02b78034e09c0690bfc403d1b..77e4ed90343bcc3632cbf8ef5d4edf2afcc3c76b 100644 (file)
--- a/cinder/tests/unit/keymgr/test_barbican.py
+++ b/cinder/tests/unit/keymgr/test_barbican.py
@@ -78,6 +78,7 @@ class BarbicanKeyManagerTestCase(test_key_mgr.KeyManagerTestCase):
         self.create = self.mock_barbican.secrets.create
 
         self.key_mgr._barbican_client = self.mock_barbican
+        self.key_mgr._current_context = self.ctxt
 
     def _build_mock_symKey(self):
         self.mock_symKey = mock.Mock()