Key manager is always overridden to ConfKeyManager

Bug #1621109 reported by Kaitlin Farr on 2016-09-07
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Cinder
High
Kaitlin Farr
puppet-openstack-integration
High
Unassigned

Bug Description

When key_manager.api_class is set in the cinder config file, the changes will not be reflected in the service and the service will always try to use ConfKeyManager.

cinder/keymgr/__init__.py includes some logic to maintain backwards compatibility, and sets the key manager to be ConfKeyManager if none is set. This code worked correctly at first because it used oslo config objects that had been properly initialized with values from the config file. However, as the key manager code was used in other areas of the project, it seems as though the logic to handle backwards compatibility is called on config objects too early in the service initialization process. Using a python debugger, it seems as though the first time the key manager initialization is called, the oslo config object passed in to the does not yet have the api_class option read in from the config file, and so the key manager initialization will override the option with the ConfKeyManager.

Changed in cinder:
assignee: nobody → Kaitlin Farr (kaitlin-farr)
Changed in cinder:
status: New → In Progress
Changed in puppet-openstack-integration:
status: New → Confirmed
importance: Undecided → High
Eric Harney (eharney) wrote :
Changed in cinder:
importance: Undecided → High
milestone: none → newton-rc1
Sean McGinnis (sean-mcginnis) wrote :

Didn't get linked for some reason - here is the Cinder review:

https://review.openstack.org/#/c/366750/

Sean McGinnis (sean-mcginnis) wrote :

Must have had a stale view from that last comment.

Changed in cinder:
milestone: newton-rc1 → ocata-1

Reviewed: https://review.openstack.org/366750
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=b66d4d997cf371d4d451aa9e57d351f4e045fc8d
Submitter: Jenkins
Branch: master

commit b66d4d997cf371d4d451aa9e57d351f4e045fc8d
Author: Kaitlin Farr <email address hidden>
Date: Wed Sep 7 13:21:33 2016 -0400

    Modifies override logic for key_manager

    Makes the logic for overriding config options for the key_manager
    more robust.

    Before this patch, the override logic seemed to be called before the global
    CONF object has been populated with values from the configuration file.
    ConfKeyManager, the default for if no value had been specified, would be
    used to override the value for api_class. Then when CONF was populated
    with the actual values, the ConfKeyManager override value would still be
    set.

    This patch makes the logic a little bit more robust so that the value
    is only overriden if explicitly passed into the function, not at the
    global scope outside of the function.

    SecurityImpact

    Closes-Bug: 1621109
    Change-Id: Id5f83f69fd3a877459fab924c005047e55f98c7b

Changed in cinder:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/376992
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=96948e48b140a9a47d26bf805230df41a44c9c00
Submitter: Jenkins
Branch: stable/newton

commit 96948e48b140a9a47d26bf805230df41a44c9c00
Author: Kaitlin Farr <email address hidden>
Date: Wed Sep 7 13:21:33 2016 -0400

    Modifies override logic for key_manager

    Makes the logic for overriding config options for the key_manager
    more robust.

    Before this patch, the override logic seemed to be called before the global
    CONF object has been populated with values from the configuration file.
    ConfKeyManager, the default for if no value had been specified, would be
    used to override the value for api_class. Then when CONF was populated
    with the actual values, the ConfKeyManager override value would still be
    set.

    This patch makes the logic a little bit more robust so that the value
    is only overriden if explicitly passed into the function, not at the
    global scope outside of the function.

    SecurityImpact

    Closes-Bug: 1621109
    Change-Id: Id5f83f69fd3a877459fab924c005047e55f98c7b
    (cherry picked from commit b66d4d997cf371d4d451aa9e57d351f4e045fc8d)

tags: added: in-stable-newton

This issue was fixed in the openstack/cinder 9.1.0 release.

This issue was fixed in the openstack/cinder 10.0.0.0b1 development milestone.

This issue was fixed in the openstack/cinder 9.1.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers