"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "swift/common/middleware/crypto/kmip_keymaster.py" between
swift-2.19.0.tar.gz and swift-2.19.1.tar.gz

About: OpenStack swift is software for creating redundant, scalable object storage using clusters of commodity servers to store terabytes or even petabytes of accessible data (now supporting storage policies).
The "Rocky" series (latest release).

kmip_keymaster.py  (swift-2.19.0):kmip_keymaster.py  (swift-2.19.1)
skipping to change at line 20 skipping to change at line 20
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, # distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied. # implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
import logging import logging
import os import os
from swift.common.middleware.crypto import keymaster from swift.common.middleware.crypto import keymaster
from swift.common.utils import LogLevelFilter
from kmip.pie.client import ProxyKmipClient from kmip.pie.client import ProxyKmipClient
""" """
This middleware enables Swift to fetch a root secret from a KMIP service. This middleware enables Swift to fetch a root secret from a KMIP service.
The root secret is expected to have been previously created in the KMIP service The root secret is expected to have been previously created in the KMIP service
and is referenced by its unique identifier. The secret should be an AES-256 and is referenced by its unique identifier. The secret should be an AES-256
symmetric key. symmetric key.
To use this middleware, edit the swift proxy-server.conf to insert the To use this middleware, edit the swift proxy-server.conf to insert the
skipping to change at line 122 skipping to change at line 123
if os.path.isdir(conf['__file__']): if os.path.isdir(conf['__file__']):
raise ValueError( raise ValueError(
'KmipKeyMaster config cannot be read from conf dir %s. Use ' 'KmipKeyMaster config cannot be read from conf dir %s. Use '
'keymaster_config_path option in the proxy server config to ' 'keymaster_config_path option in the proxy server config to '
'specify a config file.') 'specify a config file.')
kmip_logger = logging.getLogger('kmip') kmip_logger = logging.getLogger('kmip')
for handler in self.logger.logger.handlers: for handler in self.logger.logger.handlers:
kmip_logger.addHandler(handler) kmip_logger.addHandler(handler)
debug_filter = LogLevelFilter(logging.DEBUG)
for name in (
# The kmip_protocol logger includes hex-encoded data off the
# wire, which may include key material!! We *NEVER* want that
# enabled.
'kmip.services.server.kmip_protocol',
# The config_helper logger includes any password that may be
# provided, which doesn't seem great either.
'kmip.core.config_helper',
):
logging.getLogger(name).addFilter(debug_filter)
multikey_opts = self._load_multikey_opts(conf, 'key_id') multikey_opts = self._load_multikey_opts(conf, 'key_id')
if not multikey_opts: if not multikey_opts:
raise ValueError('key_id option is required') raise ValueError('key_id option is required')
kmip_to_secret = {} kmip_to_secret = {}
root_secrets = {} root_secrets = {}
with ProxyKmipClient( with ProxyKmipClient(
config=section, config=section,
config_file=conf['__file__'] config_file=conf['__file__']
) as client: ) as client:
for opt, secret_id, kmip_id in multikey_opts: for opt, secret_id, kmip_id in multikey_opts:
 End of changes. 2 change blocks. 
0 lines changed or deleted 13 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)