Fix duplicate registration of barbican options

Currently the barbican options are registered every time but this is quite redundant and likely causes duplication error. Change-Id: Id56816606205f4a40bcffc85d07e37d5756d40cf Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
2025-09-02 20:12:00 +09:00
parent 3d8fbfe7bf
commit 756d5f1200
2 changed files with 19 additions and 43 deletions
--- a/manila/keymgr/init.py
+++ b/manila/keymgr/init.py
@@ -1,18 +0,0 @@
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from castellan import options as castellan_opts
-from oslo_config import cfg
-
-CONF = cfg.CONF
-
-castellan_opts.set_defaults(CONF)
--- a/manila/keymgr/barbican.py
+++ b/manila/keymgr/barbican.py
@@ -34,6 +34,23 @@ BARBICAN_GROUP = 'barbican'
 CONF = cfg.CONF
 LOG = logging.getLogger(__name__)

+castellan_options.set_defaults(CONF)
+ks_loading.register_auth_conf_options(CONF, BARBICAN_GROUP)
+
+
+def _require_barbican_key_manager_backend(conf):
+    backend = conf.key_manager.backend
+    if backend is None:
+        LOG.warning("The BarbicanKeyManager backend should be explicitly "
+                    "used for share encryption.")
+        raise exception.ManilaBarbicanACLError()
+
+    backend = backend.split('.')[-1]
+    if backend not in ('barbican', 'BarbicanKeyManager'):
+        LOG.warning("The '%s' key_manager backend is not supported. Please"
+                    " use barbican as key_manager.", backend)
+        raise exception.ManilaBarbicanACLError()
+

 class BarbicanSecretACL(object):
    def __init__(self, conf):
@@ -41,15 +58,7 @@ class BarbicanSecretACL(object):

    def get_client_and_href(self, context, secret_ref):
        """Get user barbican client and a secret href"""
-
-        castellan_options.set_defaults(self.conf)
-        backend = self.conf.key_manager.backend or ''
-
-        backend = backend.split('.')[-1]
-        if backend not in ('barbican', 'BarbicanKeyManager'):
-            LOG.warning("The '%s' key_manager backend is not supported. Please"
-                        " use barbican as key_manager.", backend)
-            raise exception.ManilaBarbicanACLError()
+        _require_barbican_key_manager_backend(self.conf)

        if not getattr(self.conf, 'barbican', None) or \
           not getattr(self.conf.barbican, 'auth_endpoint', None):
@@ -86,7 +95,6 @@ class BarbicanSecretACL(object):
        try:
            user_barbican_client, secret_href = self.get_client_and_href(
                context, secret_ref)
-            ks_loading.register_auth_conf_options(self.conf, BARBICAN_GROUP)
            barbican_auth = ks_loading.load_auth_from_conf_options(
                self.conf, BARBICAN_GROUP)
            barbican_sess = ks_session.Session(auth=barbican_auth)
@@ -106,7 +114,6 @@ class BarbicanSecretACL(object):
        try:
            user_barbican_client, secret_href = self.get_client_and_href(
                context, secret_ref)
-            ks_loading.register_auth_conf_options(self.conf, BARBICAN_GROUP)
            barbican_auth = ks_loading.load_auth_from_conf_options(
                self.conf, BARBICAN_GROUP)
            barbican_sess = ks_session.Session(auth=barbican_auth)
@@ -194,20 +201,7 @@ class BarbicanUserAppCreds(object):
        return self.get_client()

    def get_client(self):
-        castellan_options.set_defaults(self.conf)
-        backend = self.conf.key_manager.backend or ''
-
-        backend = backend.split('.')[-1]
-        if backend not in ('barbican', 'BarbicanKeyManager'):
-            LOG.warning("The '%s' key_manager backend is not supported. Please"
-                        " use barbican key_manager backend.", backend)
-
-        if not getattr(self.conf, 'barbican', None) or \
-           not getattr(self.conf.barbican, 'auth_endpoint', None):
-            LOG.error("Missing auth_endpoint for barbican connection")
-            raise exception.ManilaBarbicanACLError()
-
-        ks_loading.register_auth_conf_options(self.conf, BARBICAN_GROUP)
+        _require_barbican_key_manager_backend(self.conf)
        auth = ks_loading.load_auth_from_conf_options(self.conf,
                                                      BARBICAN_GROUP)
        sess = ks_session.Session(auth=auth)