diff options
author | Lance Bragstad <lbragstad@gmail.com> | 2019-12-05 19:49:37 -0600 |
---|---|---|
committer | Grzegorz Grasza <xek@redhat.com> | 2022-02-04 16:38:09 +0100 |
commit | d023b103e550f8237cb3cea72b99bbcf70791413 (patch) | |
tree | d2b866de47caa1ff3e1bbb9aec68be73992c7215 | |
parent | 72cbaa91ffa6727f6400ec38331896f0a9e326c6 (diff) | |
download | keystone-d023b103e550f8237cb3cea72b99bbcf70791413.tar.gz |
Properly instantiate FernetUtils
The FernetUtils object had kwargs for the key_repository,
max_active_keys, and the config_group. The credential API uses an
instance of the FernetUtils object to encrypt and decrypt credentials,
but the object wasn't instantiated with the config_group set. This
resulted in an error message like:
Either [None] key_repository does...
When the credential key repository wasn't configured. We should be
setting the config_group so that we provide a more useful error
message instead of a random `None`.
All of the arguments are now made mandatory, since this is how
they are called in all but this one place.
Co-Authored-By: Grzegorz Grasza <xek@redhat.com>
Change-Id: Ia32cc12121ee243a003e5eb2fc832cc6a33ef499
-rw-r--r-- | keystone/common/fernet_utils.py | 4 | ||||
-rw-r--r-- | keystone/credential/providers/fernet/core.py | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/keystone/common/fernet_utils.py b/keystone/common/fernet_utils.py index 9188dfbfc..928c2488d 100644 --- a/keystone/common/fernet_utils.py +++ b/keystone/common/fernet_utils.py @@ -36,8 +36,8 @@ NULL_KEY = base64.urlsafe_b64encode(b'\x00' * 32) class FernetUtils(object): - def __init__(self, key_repository=None, max_active_keys=None, - config_group=None): + def __init__(self, key_repository, max_active_keys, + config_group): self.key_repository = key_repository self.max_active_keys = max_active_keys self.config_group = config_group diff --git a/keystone/credential/providers/fernet/core.py b/keystone/credential/providers/fernet/core.py index 5c3e43e55..411f0a406 100644 --- a/keystone/credential/providers/fernet/core.py +++ b/keystone/credential/providers/fernet/core.py @@ -97,7 +97,7 @@ class Provider(core.Provider): :returns: a decrypted credential """ key_utils = fernet_utils.FernetUtils( - CONF.credential.key_repository, MAX_ACTIVE_KEYS) + CONF.credential.key_repository, MAX_ACTIVE_KEYS, 'credential') keys = key_utils.load_keys(use_null_key=True) fernet_keys = [fernet.Fernet(key) for key in keys] crypto = fernet.MultiFernet(fernet_keys) |