Check context before returning cached value
The key manager caches the value of barbican client to be reused,
saving an extra call to keystone. The cached value is only
applicable to the current context, so the context must be checked
before returning the cached value.
Change-Id: Ib10909a098fb2cd070129c239b6d3b95edc8fea0
Closes-Bug: #1523646
(cherry picked from commit 0832a03553
)
This commit is contained in:
parent
0f5ef09516
commit
aa2fdfc47a
|
@ -47,6 +47,7 @@ class BarbicanKeyManager(key_mgr.KeyManager):
|
|||
# the barbican endpoint can't have the '/v1' on the end
|
||||
self._barbican_endpoint = self._base_url.rpartition('/')[0]
|
||||
self._barbican_client = None
|
||||
self._current_context = None
|
||||
|
||||
def _get_barbican_client(self, ctxt):
|
||||
"""Creates a client to connect to the Barbican service.
|
||||
|
@ -58,30 +59,34 @@ class BarbicanKeyManager(key_mgr.KeyManager):
|
|||
or project_id is None
|
||||
"""
|
||||
|
||||
if not self._barbican_client:
|
||||
# Confirm context is provided, if not raise not authorized
|
||||
if not ctxt:
|
||||
msg = _("User is not authorized to use key manager.")
|
||||
LOG.error(msg)
|
||||
raise exception.NotAuthorized(msg)
|
||||
# Confirm context is provided, if not raise not authorized
|
||||
if not ctxt:
|
||||
msg = _("User is not authorized to use key manager.")
|
||||
LOG.error(msg)
|
||||
raise exception.NotAuthorized(msg)
|
||||
|
||||
if not hasattr(ctxt, 'project_id') or ctxt.project_id is None:
|
||||
msg = _("Unable to create Barbican Client without project_id.")
|
||||
LOG.error(msg)
|
||||
raise exception.KeyManagerError(msg)
|
||||
if not hasattr(ctxt, 'project_id') or ctxt.project_id is None:
|
||||
msg = _("Unable to create Barbican Client without project_id.")
|
||||
LOG.error(msg)
|
||||
raise exception.KeyManagerError(msg)
|
||||
|
||||
try:
|
||||
auth = identity.v3.Token(
|
||||
auth_url=CONF.keymgr.encryption_auth_url,
|
||||
token=ctxt.auth_token,
|
||||
project_id=ctxt.project_id)
|
||||
sess = session.Session(auth=auth)
|
||||
self._barbican_client = barbican_client.Client(
|
||||
session=sess,
|
||||
endpoint=self._barbican_endpoint)
|
||||
except Exception:
|
||||
with excutils.save_and_reraise_exception():
|
||||
LOG.exception(_LE("Error creating Barbican client."))
|
||||
# If same context, return cached barbican client
|
||||
if self._barbican_client and self._current_context == ctxt:
|
||||
return self._barbican_client
|
||||
|
||||
try:
|
||||
auth = identity.v3.Token(
|
||||
auth_url=CONF.keymgr.encryption_auth_url,
|
||||
token=ctxt.auth_token,
|
||||
project_id=ctxt.project_id)
|
||||
sess = session.Session(auth=auth)
|
||||
self._barbican_client = barbican_client.Client(
|
||||
session=sess,
|
||||
endpoint=self._barbican_endpoint)
|
||||
self._current_context = ctxt
|
||||
except Exception:
|
||||
with excutils.save_and_reraise_exception():
|
||||
LOG.exception(_LE("Error creating Barbican client."))
|
||||
|
||||
return self._barbican_client
|
||||
|
||||
|
|
|
@ -75,6 +75,7 @@ class BarbicanKeyManagerTestCase(test_key_mgr.KeyManagerTestCase):
|
|||
self.create = self.mock_barbican.secrets.create
|
||||
|
||||
self.key_mgr._barbican_client = self.mock_barbican
|
||||
self.key_mgr._current_context = self.ctxt
|
||||
|
||||
def _build_mock_symKey(self):
|
||||
self.mock_symKey = mock.Mock()
|
||||
|
|
Loading…
Reference in New Issue