From: Brianna Poulos Date: Fri, 13 Feb 2015 20:12:11 +0000 (-0500) Subject: Add project_id to barbican keymgr wrapper X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=7dac025cbc6d277d22478e0ee2a7141dcdffd39b;p=openstack-build%2Fcinder-build.git Add project_id to barbican keymgr wrapper Currently, the barbican keymgr wrapper does not provide the project_id to barbican. As a result, all key operations done in cinder with a barbican backend are stored in the barbican database with a NULL external project_id. This patch adds the project_id to the auth plugin created using the auth token, so that barbican has access to the project_id and uses the external project_id with all key operations. Change-Id: Ia5f6cdd5177893d2f13f181e1ced278d49f9d910 Closes-Bug: #1421795 --- diff --git a/cinder/keymgr/barbican.py b/cinder/keymgr/barbican.py index 34c6d79bc..0d63f4ccb 100644 --- a/cinder/keymgr/barbican.py +++ b/cinder/keymgr/barbican.py @@ -54,6 +54,8 @@ class BarbicanKeyManager(key_mgr.KeyManager): :param ctxt: the user context for authentication :return: a Barbican Client object :throws NotAuthorized: if the ctxt is None + :throws KeyManagerError: if ctxt is missing project_id + or project_id is None """ if not self._barbican_client: @@ -63,10 +65,16 @@ class BarbicanKeyManager(key_mgr.KeyManager): LOG.error(msg) raise exception.NotAuthorized(msg) + if not hasattr(ctxt, 'project_id') or ctxt.project_id is None: + msg = _("Unable to create Barbican Client without project_id.") + LOG.error(msg) + raise exception.KeyManagerError(msg) + try: auth = identity.v3.Token( auth_url=CONF.keymgr.encryption_auth_url, - token=ctxt.auth_token) + token=ctxt.auth_token, + project_id=ctxt.project_id) sess = session.Session(auth=auth) self._barbican_client = barbican_client.Client( session=sess, diff --git a/cinder/tests/keymgr/test_barbican.py b/cinder/tests/keymgr/test_barbican.py index ef8577f1e..f3382115e 100644 --- a/cinder/tests/keymgr/test_barbican.py +++ b/cinder/tests/keymgr/test_barbican.py @@ -45,6 +45,7 @@ class BarbicanKeyManagerTestCase(test_key_mgr.KeyManagerTestCase): # Create fake auth_token self.ctxt = mock.Mock() self.ctxt.auth_token = "fake_token" + self.ctxt.project_id = "fake_project_id" # Create mock barbican client self._build_mock_barbican() @@ -229,3 +230,44 @@ class BarbicanKeyManagerTestCase(test_key_mgr.KeyManagerTestCase): self.key_mgr._barbican_client = None self.assertRaises(exception.NotAuthorized, self.key_mgr.store_key, None, None) + + def test_null_project_id(self): + self.key_mgr._barbican_client = None + self.ctxt.project_id = None + self.assertRaises(exception.KeyManagerError, + self.key_mgr.create_key, self.ctxt) + + def test_ctxt_without_project_id(self): + self.key_mgr._barbican_client = None + del self.ctxt.project_id + self.assertRaises(exception.KeyManagerError, + self.key_mgr.create_key, self.ctxt) + + @mock.patch('cinder.keymgr.barbican.identity.v3.Token') + @mock.patch('cinder.keymgr.barbican.session.Session') + @mock.patch('cinder.keymgr.barbican.barbican_client.Client') + def test_ctxt_with_project_id(self, mock_client, mock_session, + mock_token): + # set client to None so that client creation will occur + self.key_mgr._barbican_client = None + + # mock the return values + mock_auth = mock.Mock() + mock_token.return_value = mock_auth + mock_sess = mock.Mock() + mock_session.return_value = mock_sess + + # mock the endpoint + mock_endpoint = mock.Mock() + self.key_mgr._barbican_endpoint = mock_endpoint + + self.key_mgr.create_key(self.ctxt) + + # assert proper calls occured, including with project_id + mock_token.assert_called_once_with( + auth_url=CONF.keymgr.encryption_auth_url, + token=self.ctxt.auth_token, + project_id=self.ctxt.project_id) + mock_session.assert_called_once_with(auth=mock_auth) + mock_client.assert_called_once_with(session=mock_sess, + endpoint=mock_endpoint)