From: Eric Harney Date: Fri, 25 Jul 2014 20:52:56 +0000 (-0400) Subject: Move generate_password into volume utils X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=aad4e2437736270af7164df4fc34174bf3fb49f9;p=openstack-build%2Fcinder-build.git Move generate_password into volume utils This is only used in places where volume/utils is relevant, and moving it there reduces the amount of code that has to load the python Crypto library. Closes-Bug: #1348787 Change-Id: Id74fdd2d6f12f0196055deb1b0dd610677caff0f --- diff --git a/cinder/tests/keymgr/mock_key_mgr.py b/cinder/tests/keymgr/mock_key_mgr.py index 2b49c8b46..8bae75fe5 100644 --- a/cinder/tests/keymgr/mock_key_mgr.py +++ b/cinder/tests/keymgr/mock_key_mgr.py @@ -32,7 +32,7 @@ import uuid from cinder import exception from cinder.keymgr import key from cinder.keymgr import key_mgr -from cinder import utils +from cinder.volume import utils class MockKeyManager(key_mgr.KeyManager): diff --git a/cinder/tests/test_utils.py b/cinder/tests/test_utils.py index 75a524848..d0ee5c130 100644 --- a/cinder/tests/test_utils.py +++ b/cinder/tests/test_utils.py @@ -392,14 +392,6 @@ class GenericUtilsTestCase(test.TestCase): mock_reload.assert_called_once_with(fake_data) mock_open.assert_called_once_with(fake_file) - def test_generate_password(self): - password = utils.generate_password() - self.assertTrue([c for c in password if c in '0123456789']) - self.assertTrue([c for c in password - if c in 'abcdefghijklmnopqrstuvwxyz']) - self.assertTrue([c for c in password - if c in 'ABCDEFGHIJKLMNOPQRSTUVWXYZ']) - def test_read_file_as_root(self): def fake_execute(*args, **kwargs): if args[1] == 'bad': diff --git a/cinder/tests/test_volume_utils.py b/cinder/tests/test_volume_utils.py index a2fe38427..5a6bffc70 100644 --- a/cinder/tests/test_volume_utils.py +++ b/cinder/tests/test_volume_utils.py @@ -246,3 +246,13 @@ class BlkioCgroupTestCase(test.TestCase): execute=fake_utils_execute) self.assertEqual(['cgexec', '-g', 'blkio:' + CONF.volume_copy_blkio_cgroup_name], cmd) + + +class VolumeUtilsTestCase(test.TestCase): + def test_generate_password(self): + password = volume_utils.generate_password() + self.assertTrue([c for c in password if c in '0123456789']) + self.assertTrue([c for c in password + if c in 'abcdefghijklmnopqrstuvwxyz']) + self.assertTrue([c for c in password + if c in 'ABCDEFGHIJKLMNOPQRSTUVWXYZ']) diff --git a/cinder/utils.py b/cinder/utils.py index 440b634f9..b0b57dc2f 100644 --- a/cinder/utils.py +++ b/cinder/utils.py @@ -30,7 +30,6 @@ import stat import sys import tempfile -from Crypto.Random import random from oslo.config import cfg import six from xml.dom import minidom @@ -182,18 +181,6 @@ def cinderdir(): return os.path.abspath(cinder.__file__).split('cinder/__init__.py')[0] -# Default symbols to use for passwords. Avoids visually confusing characters. -# ~6 bits per symbol -DEFAULT_PASSWORD_SYMBOLS = ('23456789', # Removed: 0,1 - 'ABCDEFGHJKLMNPQRSTUVWXYZ', # Removed: I, O - 'abcdefghijkmnopqrstuvwxyz') # Removed: l - - -# ~5 bits per symbol -EASIER_PASSWORD_SYMBOLS = ('23456789', # Removed: 0, 1 - 'ABCDEFGHJKLMNPQRSTUVWXYZ') # Removed: I, O - - def last_completed_audit_period(unit=None): """This method gives you the most recently *completed* audit period. @@ -281,42 +268,6 @@ def last_completed_audit_period(unit=None): return (begin, end) -def generate_password(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS): - """Generate a random password from the supplied symbol groups. - - At least one symbol from each group will be included. Unpredictable - results if length is less than the number of symbol groups. - - Believed to be reasonably secure (with a reasonable password length!) - - """ - # NOTE(jerdfelt): Some password policies require at least one character - # from each group of symbols, so start off with one random character - # from each symbol group - password = [random.choice(s) for s in symbolgroups] - # If length < len(symbolgroups), the leading characters will only - # be from the first length groups. Try our best to not be predictable - # by shuffling and then truncating. - random.shuffle(password) - password = password[:length] - length -= len(password) - - # then fill with random characters from all symbol groups - symbols = ''.join(symbolgroups) - password.extend([random.choice(symbols) for _i in xrange(length)]) - - # finally shuffle to ensure first x characters aren't from a - # predictable group - random.shuffle(password) - - return ''.join(password) - - -def generate_username(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS): - # Use the same implementation as the password generation. - return generate_password(length, symbolgroups) - - class LazyPluggable(object): """A pluggable backend loaded lazily based on some value.""" diff --git a/cinder/volume/drivers/hds/iscsi.py b/cinder/volume/drivers/hds/iscsi.py index e4a4e4fe8..7685fc729 100644 --- a/cinder/volume/drivers/hds/iscsi.py +++ b/cinder/volume/drivers/hds/iscsi.py @@ -26,9 +26,9 @@ from cinder.openstack.common import excutils from cinder.openstack.common.gettextutils import _ from cinder.openstack.common import log as logging from cinder.openstack.common import units -from cinder import utils from cinder.volume import driver from cinder.volume.drivers.hds.hnas_backend import HnasBackend +from cinder.volume import utils HDS_HNAS_ISCSI_VERSION = '1.0.0' diff --git a/cinder/volume/drivers/ibm/storwize_svc/helpers.py b/cinder/volume/drivers/ibm/storwize_svc/helpers.py index a25f4831b..c007f8417 100644 --- a/cinder/volume/drivers/ibm/storwize_svc/helpers.py +++ b/cinder/volume/drivers/ibm/storwize_svc/helpers.py @@ -28,8 +28,8 @@ from cinder.openstack.common.gettextutils import _ from cinder.openstack.common import log as logging from cinder.openstack.common import loopingcall from cinder.openstack.common import strutils -from cinder import utils from cinder.volume.drivers.ibm.storwize_svc import ssh as storwize_ssh +from cinder.volume import utils from cinder.volume import volume_types LOG = logging.getLogger(__name__) diff --git a/cinder/volume/drivers/san/hp/hp_lefthand_rest_proxy.py b/cinder/volume/drivers/san/hp/hp_lefthand_rest_proxy.py index 3353811f0..e78181da2 100644 --- a/cinder/volume/drivers/san/hp/hp_lefthand_rest_proxy.py +++ b/cinder/volume/drivers/san/hp/hp_lefthand_rest_proxy.py @@ -20,8 +20,8 @@ from cinder import exception from cinder.openstack.common.gettextutils import _ from cinder.openstack.common import log as logging from cinder.openstack.common import units -from cinder import utils from cinder.volume.driver import ISCSIDriver +from cinder.volume import utils from cinder.volume import volume_types from oslo.config import cfg diff --git a/cinder/volume/iscsi.py b/cinder/volume/iscsi.py index f13eebea1..ccbbd7fd7 100644 --- a/cinder/volume/iscsi.py +++ b/cinder/volume/iscsi.py @@ -21,7 +21,7 @@ from cinder import exception from cinder.openstack.common.gettextutils import _ from cinder.openstack.common import log as logging from cinder.openstack.common import processutils as putils -from cinder import utils +from cinder.volume import utils LOG = logging.getLogger(__name__) diff --git a/cinder/volume/utils.py b/cinder/volume/utils.py index cb4c40de5..71f8520c5 100644 --- a/cinder/volume/utils.py +++ b/cinder/volume/utils.py @@ -17,6 +17,7 @@ import math +from Crypto.Random import random from oslo.config import cfg from cinder.brick.local_dev import lvm as brick_lvm @@ -268,3 +269,45 @@ def get_all_volume_groups(vg_name=None): return brick_lvm.LVM.get_all_volume_groups( utils.get_root_helper(), vg_name) + +# Default symbols to use for passwords. Avoids visually confusing characters. +# ~6 bits per symbol +DEFAULT_PASSWORD_SYMBOLS = ('23456789', # Removed: 0,1 + 'ABCDEFGHJKLMNPQRSTUVWXYZ', # Removed: I, O + 'abcdefghijkmnopqrstuvwxyz') # Removed: l + + +def generate_password(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS): + """Generate a random password from the supplied symbol groups. + + At least one symbol from each group will be included. Unpredictable + results if length is less than the number of symbol groups. + + Believed to be reasonably secure (with a reasonable password length!) + + """ + # NOTE(jerdfelt): Some password policies require at least one character + # from each group of symbols, so start off with one random character + # from each symbol group + password = [random.choice(s) for s in symbolgroups] + # If length < len(symbolgroups), the leading characters will only + # be from the first length groups. Try our best to not be predictable + # by shuffling and then truncating. + random.shuffle(password) + password = password[:length] + length -= len(password) + + # then fill with random characters from all symbol groups + symbols = ''.join(symbolgroups) + password.extend([random.choice(symbols) for _i in xrange(length)]) + + # finally shuffle to ensure first x characters aren't from a + # predictable group + random.shuffle(password) + + return ''.join(password) + + +def generate_username(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS): + # Use the same implementation as the password generation. + return generate_password(length, symbolgroups)