Barbican

Crypto plugins enabled config is ignored

Bug #1404978 reported by John Wood
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Barbican
Fix Released
High
John Wood
Barbican 2015.1.0 "kilo"

Bug Description

The list of enabled crypto plugins is controlled via the following entry in the /etc/barbican/barbican-api.conf file:

enabled_crypto_plugins = <put the list of plugins here>

This configured list appears to be ignored when the crypto plugin is selected for secret operations, with the 'simple_crypto' plugin always used.

----

The problem is that the barbican/plugin/crypto/manager.py module is loaded (via a chain of imports from the boot app.py module)d, which includes a line to create the _CryptoPluginManager() manager used to load crypto plugins. This loading/creating process occurs *before* the oslo configuration mechanism is initiated (later in app.py). Hence only the default list of enabled plugins (which is just the simple crypto one) is loaded and searched. Any configured plugins are thus ignored.

----
Suggested fix is to lazy create the _CryptoPluginManager() instance.

John Wood (john-wood-w)
Changed in barbican:
assignee: nobody → John Wood (john-wood-w)
Revision history for this message
John Wood (john-wood-w) wrote :

Ugh, this was fixed here: https://github.com/openstack/barbican/commit/81a4dbfd0eecb299c492e33b227acc16b70f9c83 But I didn't mark it correctly in the commit message

Changed in barbican:
milestone: none → next
status: New → Fix Committed
milestone: next → kilo-2
importance: Undecided → High
Thierry Carrez (ttx)
Changed in barbican:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in barbican:
milestone: kilo-2 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.