def is_multiple_backends_enabled(): try: secretstore_conf = config.get_module_config('secretstore') except KeyError: # Ensure module is initialized from barbican.plugin.interface import secret_store # nopep8 secretstore_conf = config.get_module_config('secretstore') return secretstore_conf.secretstore.enable_multiple_secret_stores
def test_fail_when_stores_lookup_suffix_missing_when_enabled(self): ss_plugins = ['ss_p1', 'ss_p2', 'ss_p3'] cr_plugins = ['cr_p1', 'cr_p2', 'cr_p3'] self.init_via_conf_file(ss_plugins, cr_plugins, enabled=True, global_default_index=0) conf = config.get_module_config('secretstore') conf.set_override("stores_lookup_suffix", [], group='secretstore') self.assertRaises(exception.MultipleSecretStoreLookupFailed, multiple_backends.read_multiple_backends_config)
def init_via_conf_file(self, store_plugin_names, crypto_plugin_names, enabled=True, global_default_index=0): secretstore_conf = config.get_module_config('secretstore') setup_multiple_secret_store_plugins_conf( self, store_plugin_names=store_plugin_names, crypto_plugin_names=crypto_plugin_names, global_default_index=global_default_index, conf_instance=secretstore_conf, multiple_support_enabled=enabled) # clear globals if already set in previous tests secret_store._SECRET_STORE = None # clear secret store manager cm._PLUGIN_MANAGER = None # clear crypto manager self._mock_plugin_settings()
def test_fail_when_secretstore_section_missing(self): ss_plugins = ['ss_p1', 'ss_p2', 'ss_p3'] cr_plugins = ['cr_p1', 'cr_p2', 'cr_p3'] self.init_via_conf_file(ss_plugins, cr_plugins, enabled=True, global_default_index=-1) ss_conf = config.get_module_config('secretstore') existing_value = ss_conf.secretstore.stores_lookup_suffix existing_value.append('unknown_section') ss_conf.set_override('stores_lookup_suffix', existing_value, 'secretstore') self.assertRaises(exception.MultipleStorePluginValueMissing, multiple_backends.read_multiple_backends_config)
def __init__(self, conf=CONF, invoke_args=(), invoke_kwargs={}): ss_conf = config.get_module_config('secretstore') plugin_names = self._get_internal_plugin_names(ss_conf) super(SecretStorePluginManager, self).__init__( ss_conf.secretstore.namespace, plugin_names, invoke_on_load=False, # Defer creating plugins to utility below. invoke_args=invoke_args, invoke_kwds=invoke_kwargs, name_order=True # extensions sorted as per order of plugin names ) plugin_utils.instantiate_plugins(self, invoke_args, invoke_kwargs) multiple_backends.sync_secret_stores(self)
def test_get_applicable_store_plugins_when_multiple_backend_not_enabled( self): ss_config = config.get_module_config('secretstore') ss_plugins = ['ss_p11', 'ss_p22', 'ss_p33', 'ss_p44'] ss_conf_plugins = ['ss_p1', 'ss_p2', 'ss_p3'] cr_conf_plugins = ['cr_p1', 'cr_p2', 'cr_p3'] self.init_via_conf_file(ss_conf_plugins, cr_conf_plugins, enabled=False) ss_manager = MockedManager(ss_plugins) ss_config.set_override("enabled_secretstore_plugins", ss_plugins, group='secretstore') objs = multiple_backends.get_applicable_store_plugins(ss_manager, None, None) self.assertEqual(4, len(objs))
def __init__(self, conf=CONF, invoke_args=(), invoke_kwargs={}): """Crypto Plugin Manager Each time this class is initialized it will load a new instance of each enabled crypto plugin. This is undesirable, so rather than initializing a new instance of this class use the PLUGIN_MANAGER at the module level. """ crypto_conf = config.get_module_config('crypto') plugin_names = self._get_internal_plugin_names(crypto_conf) super(_CryptoPluginManager, self).__init__( crypto_conf.crypto.namespace, plugin_names, invoke_on_load=False, # Defer creating plugins to utility below. invoke_args=invoke_args, invoke_kwds=invoke_kwargs, name_order=True # extensions sorted as per order of plugin names ) plugin_utils.instantiate_plugins(self, invoke_args, invoke_kwargs)
def __init__(self, conf=CONF, invoke_args=(), invoke_kwargs={}): """Crypto Plugin Manager Each time this class is initialized it will load a new instance of each enabled crypto plugin. This is undesirable, so rather than initializing a new instance of this class use the PLUGIN_MANAGER at the module level. """ crypto_conf = config.get_module_config('crypto') plugin_names = self._get_internal_plugin_names(crypto_conf) super(_CryptoPluginManager, self).__init__( crypto_conf.crypto.namespace, plugin_names, invoke_on_load=False, # Defer creating plugins to utility below. invoke_args=invoke_args, invoke_kwds=invoke_kwargs, name_order=True # extensions sorted as per order of plugin names ) plugin_utils.instantiate_plugins( self, invoke_args, invoke_kwargs)
def read_multiple_backends_config(): """Reads and validates multiple backend related configuration. Multiple backends configuration is read only when multiple secret store flag is enabled. Configuration is validated to make sure that section specific to provided suffix exists in service configuration. Also validated that only one of section has global_default = True and its not missing. """ conf = config.get_module_config('secretstore') parsed_stores = None if utils.is_multiple_backends_enabled(): suffix_list = conf.secretstore.stores_lookup_suffix if not suffix_list: raise exception.MultipleSecretStoreLookupFailed() def register_options_dynamically(conf, group_name): store_opt_group = cfg.OptGroup( name=group_name, title='Plugins needed for this backend') store_opts = [ cfg.StrOpt('secret_store_plugin', default=None, help=u._('Internal name used to identify' 'secretstore_plugin')), cfg.StrOpt('crypto_plugin', default=None, help=u._('Internal name used to identify ' 'crypto_plugin.')), cfg.BoolOpt('global_default', default=False, help=u._('Flag to indicate if this plugin is ' 'global default plugin for deployment. ' 'Default is False.')), ] conf.register_group(store_opt_group) conf.register_opts(store_opts, group=store_opt_group) group_names = [] # construct group names using those suffix and dynamically register # oslo config options under that group name for suffix in suffix_list: group_name = LOOKUP_PLUGINS_PREFIX + suffix register_options_dynamically(conf, group_name) group_names.append(group_name) store_conf = collections.namedtuple( 'store_conf', ['store_plugin', 'crypto_plugin', 'global_default']) parsed_stores = [] global_default_count = 0 # Section related to group names based of suffix list are always found # as we are dynamically registering group and its options. for group_name in group_names: conf_section = getattr(conf, group_name) if conf_section.global_default: global_default_count += 1 store_plugin = conf_section.secret_store_plugin if not store_plugin: raise exception.MultipleStorePluginValueMissing(conf_section) parsed_stores.append( store_conf(store_plugin, conf_section.crypto_plugin, conf_section.global_default)) if global_default_count != 1: raise exception.MultipleStoreIncorrectGlobalDefault( global_default_count) return parsed_stores
def read_multiple_backends_config(): """Reads and validates multiple backend related configuration. Multiple backends configuration is read only when multiple secret store flag is enabled. Configuration is validated to make sure that section specific to provided suffix exists in service configuration. Also validated that only one of section has global_default = True and its not missing. """ conf = config.get_module_config('secretstore') parsed_stores = None if utils.is_multiple_backends_enabled(): suffix_list = conf.secretstore.stores_lookup_suffix if not suffix_list: raise exception.MultipleSecretStoreLookupFailed() def register_options_dynamically(conf, group_name): store_opt_group = cfg.OptGroup( name=group_name, title='Plugins needed for this backend') store_opts = [ cfg.StrOpt('secret_store_plugin', help=u._('Internal name used to identify' 'secretstore_plugin') ), cfg.StrOpt('crypto_plugin', help=u._('Internal name used to identify ' 'crypto_plugin.') ), cfg.BoolOpt('global_default', default=False, help=u._('Flag to indicate if this plugin is ' 'global default plugin for deployment. ' 'Default is False.') ), ] conf.register_group(store_opt_group) conf.register_opts(store_opts, group=store_opt_group) group_names = [] # construct group names using those suffix and dynamically register # oslo config options under that group name for suffix in suffix_list: group_name = LOOKUP_PLUGINS_PREFIX + suffix register_options_dynamically(conf, group_name) group_names.append(group_name) store_conf = collections.namedtuple('store_conf', ['store_plugin', 'crypto_plugin', 'global_default']) parsed_stores = [] global_default_count = 0 # Section related to group names based of suffix list are always found # as we are dynamically registering group and its options. for group_name in group_names: conf_section = getattr(conf, group_name) if conf_section.global_default: global_default_count += 1 store_plugin = conf_section.secret_store_plugin if not store_plugin: raise exception.MultipleStorePluginValueMissing(conf_section) parsed_stores.append(store_conf(store_plugin, conf_section.crypto_plugin, conf_section.global_default)) if global_default_count != 1: raise exception.MultipleStoreIncorrectGlobalDefault( global_default_count) return parsed_stores
def tearDown(self): super(BaseTestCase, self).tearDown() ss_conf = config.get_module_config('secretstore') ss_conf.clear_override("enable_multiple_secret_stores", group='secretstore')
def is_multiple_backends_enabled(): secretstore_conf = config.get_module_config('secretstore') return secretstore_conf.secretstore.enable_multiple_secret_stores