Paul Kehrer (reaperhulk) verified that the current usage pattern for plugin managers in Barbican breaks functionality for the HSM interactions. In particular, an attempt to utilize the crypto_store.py plugin to interface to the HSM resulted in an IOError from the PKCS11 library, which then appeared to break the sockets interface from Barbican to external systems (such as the queue) thereafter. Paul has submitted a CR (https://review.openstack.org/#/c/114341/) to fix this problem utilizing a singleton approach for the HSM plugin manager.
Hence existing plugin manager implementations should implement this similar pattern. This bug is to address those places (I think currently only the secret_store.py plugin manager here: https://github.com/openstack/barbican/blob/master/barbican/plugin/interface/secret_store.py#L421).
Thanks,
John
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit a9b841c2a5ac2f7
Author: Paul Kehrer <email address hidden>
Date: Thu Aug 14 10:34:23 2014 -1000
change CryptoPluginManager to be instantiated in the module scope
Fixes an issue where SecretStore was repeatedly creating new instances
of the stevedore extension manager, which caused issues with the loaded
plugins.
Closes-Bug: 1358386
Change-Id: Icfafce0ec6fbac