diff --git a/cinder/keymgr/__init__.py b/cinder/keymgr/__init__.py index 640ba0917a8..e7111afd21e 100644 --- a/cinder/keymgr/__init__.py +++ b/cinder/keymgr/__init__.py @@ -16,7 +16,6 @@ from castellan import options as castellan_opts from oslo_config import cfg from oslo_log import log as logging -from oslo_log import versionutils from oslo_utils import importutils LOG = logging.getLogger(__name__) @@ -26,55 +25,6 @@ CONF = cfg.CONF castellan_opts.set_defaults(CONF) -def log_deprecated_warning(deprecated_value, castellan): - versionutils.deprecation_warning(deprecated_value, - versionutils.deprecated.NEWTON, - in_favor_of=castellan, logger=LOG) - - -# NOTE(kfarr): this method is for backwards compatibility, it is deprecated -# for removal -def set_overrides(conf): - api_class = None - should_override = False - try: - api_class = conf.key_manager.api_class - except cfg.NoSuchOptError: - LOG.warning("key_manager.api_class is not set, will use deprecated" - " option keymgr.api_class if set") - try: - api_class = CONF.keymgr.api_class - should_override = True - except cfg.NoSuchOptError: - LOG.warning("keymgr.api_class is not set") - - deprecated_barbican = 'cinder.keymgr.barbican.BarbicanKeyManager' - barbican = 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager' - deprecated_mock = 'cinder.tests.unit.keymgr.mock_key_mgr.MockKeyManager' - castellan_mock = ('castellan.tests.unit.key_manager.mock_key_manager.' - 'MockKeyManager') - - if api_class == deprecated_barbican: - should_override = True - log_deprecated_warning(deprecated_barbican, barbican) - api_class = barbican - elif api_class == deprecated_mock: - should_override = True - log_deprecated_warning(deprecated_mock, castellan_mock) - api_class = castellan_mock - elif api_class is None: - should_override = True - # TODO(kfarr): key_manager.api_class should be set in DevStack, and - # this block can be removed - LOG.warning("key manager not set, using insecure default %s", - castellan_mock) - api_class = castellan_mock - - if should_override: - conf.set_override('api_class', api_class, 'key_manager') - - def API(conf=CONF): - set_overrides(conf) - cls = importutils.import_class(conf.key_manager.api_class) + cls = importutils.import_class(conf.key_manager.backend) return cls(conf) diff --git a/cinder/tests/unit/conf_fixture.py b/cinder/tests/unit/conf_fixture.py index 22464ee18bf..2e19b82e1b0 100644 --- a/cinder/tests/unit/conf_fixture.py +++ b/cinder/tests/unit/conf_fixture.py @@ -26,7 +26,7 @@ CONF.import_opt('policy_file', 'cinder.policy', group='oslo_policy') CONF.import_opt('volume_driver', 'cinder.volume.manager', group=configuration.SHARED_CONF_GROUP) CONF.import_opt('backup_driver', 'cinder.backup.manager') -CONF.import_opt('api_class', 'cinder.keymgr', group='key_manager') +CONF.import_opt('backend', 'cinder.keymgr', group='key_manager') CONF.import_opt('fixed_key', 'cinder.keymgr.conf_key_mgr', group='key_manager') CONF.import_opt('scheduler_driver', 'cinder.scheduler.manager') @@ -45,7 +45,7 @@ def set_defaults(conf): conf.set_default('policy_file', 'cinder.tests.unit/policy.json', group='oslo_policy') conf.set_default('backup_driver', 'cinder.tests.unit.backup.fake_service') - conf.set_default('api_class', + conf.set_default('backend', 'cinder.keymgr.conf_key_mgr.ConfKeyManager', group='key_manager') conf.set_default('fixed_key', default='0' * 64, group='key_manager') diff --git a/cinder/tests/unit/keymgr/test_init.py b/cinder/tests/unit/keymgr/test_init.py index b74c91dc731..7f87edb14d7 100644 --- a/cinder/tests/unit/keymgr/test_init.py +++ b/cinder/tests/unit/keymgr/test_init.py @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -import castellan -from castellan import key_manager from castellan import options as castellan_opts from oslo_config import cfg @@ -28,7 +26,7 @@ class InitTestCase(test.TestCase): super(InitTestCase, self).setUp() self.config = cfg.ConfigOpts() castellan_opts.set_defaults(self.config) - self.config.set_default('api_class', + self.config.set_default('backend', 'cinder.keymgr.conf_key_mgr.ConfKeyManager', group='key_manager') @@ -36,50 +34,10 @@ class InitTestCase(test.TestCase): kmgr = keymgr.API(self.config) self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager) - def test_set_barbican_key_manager(self): - self.config.set_override( - 'api_class', - 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager', - group='key_manager') - kmgr = keymgr.API(self.config) - self.assertEqual( - type(kmgr), - key_manager.barbican_key_manager.BarbicanKeyManager) - - def test_set_mock_key_manager(self): - self.config.set_override( - 'api_class', - 'castellan.tests.unit.key_manager.mock_key_manager.MockKeyManager', - group='key_manager') - kmgr = keymgr.API(self.config) - self.assertEqual( - type(kmgr), - castellan.tests.unit.key_manager.mock_key_manager.MockKeyManager) - def test_set_conf_key_manager(self): self.config.set_override( - 'api_class', + 'backend', 'cinder.keymgr.conf_key_mgr.ConfKeyManager', group='key_manager') kmgr = keymgr.API(self.config) self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager) - - def test_deprecated_barbican_key_manager(self): - self.config.set_override( - 'api_class', - 'cinder.keymgr.barbican.BarbicanKeyManager', - group='key_manager') - kmgr = keymgr.API(self.config) - self.assertEqual( - type(kmgr), - key_manager.barbican_key_manager.BarbicanKeyManager) - - def test_deprecated_mock_key_manager(self): - self.config.set_override( - 'api_class', - 'cinder.tests.unit.keymgr.mock_key_mgr.MockKeyManager', - group='key_manager') - kmgr = keymgr.API(self.config) - self.assertEqual( - type(kmgr), - castellan.tests.unit.key_manager.mock_key_manager.MockKeyManager) diff --git a/cinder/tests/unit/test_volume_utils.py b/cinder/tests/unit/test_volume_utils.py index 67028a9c796..47810508c2c 100644 --- a/cinder/tests/unit/test_volume_utils.py +++ b/cinder/tests/unit/test_volume_utils.py @@ -991,7 +991,7 @@ class VolumeUtilsTestCase(test.TestCase): ctxt, type_ref1['id'], enc_key) get_volume_type_encryption.return_value = encryption CONF.set_override( - 'api_class', + 'backend', 'cinder.keymgr.conf_key_mgr.ConfKeyManager', group='key_manager') key_manager = keymgr.API() diff --git a/doc/source/configuration/tables/cinder-common.inc b/doc/source/configuration/tables/cinder-common.inc index 6f77c02f3aa..26e20f2e2bc 100644 --- a/doc/source/configuration/tables/cinder-common.inc +++ b/doc/source/configuration/tables/cinder-common.inc @@ -156,7 +156,7 @@ - (String) DEPRECATED: The path to respond to healtcheck requests on. * - **[key_manager]** - - * - ``api_class`` = ``castellan.key_manager.barbican_key_manager.BarbicanKeyManager`` + * - ``backend`` = ``castellan.key_manager.barbican_key_manager.BarbicanKeyManager`` - (String) The full class name of the key manager API class * - ``fixed_key`` = ``None`` - (String) Fixed key returned by key manager, specified in hex diff --git a/releasenotes/notes/castellan-backend-0c49591a54821c45.yaml b/releasenotes/notes/castellan-backend-0c49591a54821c45.yaml new file mode 100644 index 00000000000..5913d88bd4c --- /dev/null +++ b/releasenotes/notes/castellan-backend-0c49591a54821c45.yaml @@ -0,0 +1,13 @@ +--- +upgrade: + - | + The support for ``cinder.keymgr.barbican.BarbicanKeyManager`` and the + ``[keymgr]`` config section has now been removed. All configs should now be + switched to use + ``castellan.key_manager.barbican_key_manager.BarbicanKeyManager`` and the + ``[key_manager]`` config section. +deprecations: + - | + The Castellan library used for encryption has deprecated the ``api_class`` + config option. Configuration files using this should now be updated to use + the ``backend`` option instead.