openstack/manila
Code Issues Proposed changes

Fix duplicate registration of barbican options

Browse Source 
Currently the barbican options are registered every time but this is
quite redundant and likely causes duplication error.

Change-Id: Id56816606205f4a40bcffc85d07e37d5756d40cf
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This commit is contained in:
Takashi Kajinami
2025-09-02 20:12:00 +09:00
parent 3d8fbfe7bf
commit 756d5f1200
2 changed files with 19 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
manila/keymgr/__init__.py
View File

@@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from castellan import options as castellan_opts
from oslo_config import cfg
CONF = cfg.CONF
castellan_opts.set_defaults(CONF)

44
manila/keymgr/barbican.py
View File

@@ -34,6 +34,23 @@ BARBICAN_GROUP = 'barbican'
CONF = cfg.CONF CONF = cfg.CONF
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
castellan_options.set_defaults(CONF)
ks_loading.register_auth_conf_options(CONF, BARBICAN_GROUP)
def _require_barbican_key_manager_backend(conf):
backend = conf.key_manager.backend
if backend is None:
LOG.warning("The BarbicanKeyManager backend should be explicitly "
"used for share encryption.")
raise exception.ManilaBarbicanACLError()
backend = backend.split('.')[-1]
if backend not in ('barbican', 'BarbicanKeyManager'):
LOG.warning("The '%s' key_manager backend is not supported. Please"
" use barbican as key_manager.", backend)
raise exception.ManilaBarbicanACLError()
class BarbicanSecretACL(object): class BarbicanSecretACL(object):
def __init__(self, conf): def __init__(self, conf):
@@ -41,15 +58,7 @@ class BarbicanSecretACL(object):
def get_client_and_href(self, context, secret_ref): def get_client_and_href(self, context, secret_ref):
"""Get user barbican client and a secret href""" """Get user barbican client and a secret href"""
_require_barbican_key_manager_backend(self.conf)
castellan_options.set_defaults(self.conf)
backend = self.conf.key_manager.backend or ''
backend = backend.split('.')[-1]
if backend not in ('barbican', 'BarbicanKeyManager'):
LOG.warning("The '%s' key_manager backend is not supported. Please"
" use barbican as key_manager.", backend)
raise exception.ManilaBarbicanACLError()
if not getattr(self.conf, 'barbican', None) or \ if not getattr(self.conf, 'barbican', None) or \
not getattr(self.conf.barbican, 'auth_endpoint', None): not getattr(self.conf.barbican, 'auth_endpoint', None):
@@ -86,7 +95,6 @@ class BarbicanSecretACL(object):
try: try:
user_barbican_client, secret_href = self.get_client_and_href( user_barbican_client, secret_href = self.get_client_and_href(
context, secret_ref) context, secret_ref)
ks_loading.register_auth_conf_options(self.conf, BARBICAN_GROUP)
barbican_auth = ks_loading.load_auth_from_conf_options( barbican_auth = ks_loading.load_auth_from_conf_options(
self.conf, BARBICAN_GROUP) self.conf, BARBICAN_GROUP)
barbican_sess = ks_session.Session(auth=barbican_auth) barbican_sess = ks_session.Session(auth=barbican_auth)
@@ -106,7 +114,6 @@ class BarbicanSecretACL(object):
try: try:
user_barbican_client, secret_href = self.get_client_and_href( user_barbican_client, secret_href = self.get_client_and_href(
context, secret_ref) context, secret_ref)
ks_loading.register_auth_conf_options(self.conf, BARBICAN_GROUP)
barbican_auth = ks_loading.load_auth_from_conf_options( barbican_auth = ks_loading.load_auth_from_conf_options(
self.conf, BARBICAN_GROUP) self.conf, BARBICAN_GROUP)
barbican_sess = ks_session.Session(auth=barbican_auth) barbican_sess = ks_session.Session(auth=barbican_auth)
@@ -194,20 +201,7 @@ class BarbicanUserAppCreds(object):
return self.get_client() return self.get_client()
def get_client(self): def get_client(self):
castellan_options.set_defaults(self.conf) _require_barbican_key_manager_backend(self.conf)
backend = self.conf.key_manager.backend or ''
backend = backend.split('.')[-1]
if backend not in ('barbican', 'BarbicanKeyManager'):
LOG.warning("The '%s' key_manager backend is not supported. Please"
" use barbican key_manager backend.", backend)
if not getattr(self.conf, 'barbican', None) or \
not getattr(self.conf.barbican, 'auth_endpoint', None):
LOG.error("Missing auth_endpoint for barbican connection")
raise exception.ManilaBarbicanACLError()
ks_loading.register_auth_conf_options(self.conf, BARBICAN_GROUP)
auth = ks_loading.load_auth_from_conf_options(self.conf, auth = ks_loading.load_auth_from_conf_options(self.conf,
BARBICAN_GROUP) BARBICAN_GROUP)
sess = ks_session.Session(auth=auth) sess = ks_session.Session(auth=auth)