Check context before returning cached value

The key manager caches the value of barbican client to be reused, saving an extra call to keystone. The cached value is only applicable to the current context, so the context must be checked before returning the cached value. Closes-Bug: #1523646 Change-Id: I7cd7f1ba8a749b230c611e4fb20ccf4127354c35
author: Dave McCowan <dmccowan@cisco.com> 2015-12-07 14:28:52 -0500
committer: Dave McCowan <dmccowan@cisco.com> 2015-12-14 17:45:33 -0500
commit: 676a53ce44a5624a553e80bcff339300802d5494 (patch)
tree: e30d58fb9ad17d38e8e5cf6f80d484be415c8e45 /nova/keymgr
parent: 3f8c69b2ef3eef886e36c0b7f397b83a36a7beb8 (diff)
download: nova-676a53ce44a5624a553e80bcff339300802d5494.tar.gz
1 files changed, 51 insertions, 41 deletions
diff --git a/nova/keymgr/barbican.py b/nova/keymgr/barbican.py
index 9f68b1b536..9579ea0623 100644
--- a/nova/keymgr/barbican.py
+++ b/nova/keymgr/barbican.py
@@ -62,6 +62,7 @@ class BarbicanKeyManager(key_mgr.KeyManager):
 
     def __init__(self):
         self._barbican_client = None
+        self._current_context = None
         self._base_url = None
 
     def _get_barbican_client(self, ctxt):
@@ -72,47 +73,56 @@ class BarbicanKeyManager(key_mgr.KeyManager):
         :raises Forbidden: if the ctxt is None
         """
 
-        if not self._barbican_client:
-            # Confirm context is provided, if not raise forbidden
-            if not ctxt:
-                msg = _("User is not authorized to use key manager.")
-                LOG.error(msg)
-                raise exception.Forbidden(msg)
-
-            try:
-                _SESSION = session.Session.load_from_conf_options(
-                    CONF,
-                    BARBICAN_OPT_GROUP)
-
-                auth = ctxt.get_auth_plugin()
-                service_type, service_name, interface = (CONF.
-                                                         barbican.
-                                                         catalog_info.
-                                                         split(':'))
-                region_name = CONF.barbican.os_region_name
-                service_parameters = {'service_type': service_type,
-                                      'service_name': service_name,
-                                      'interface': interface,
-                                      'region_name': region_name}
-
-                if CONF.barbican.endpoint_template:
-                    self._base_url = (CONF.barbican.endpoint_template %
-                                      ctxt.to_dict())
-                else:
-                    self._base_url = _SESSION.get_endpoint(
-                        auth, **service_parameters)
-
-                # the barbican endpoint can't have the '/v1' on the end
-                self._barbican_endpoint = self._base_url.rpartition('/')[0]
-
-                sess = session.Session(auth=auth)
-                self._barbican_client = barbican_client.Client(
-                    session=sess,
-                    endpoint=self._barbican_endpoint)
-
-            except Exception as e:
-                with excutils.save_and_reraise_exception():
-                    LOG.error(_LE("Error creating Barbican client: %s"), e)
+        # Confirm context is provided, if not raise forbidden
+        if not ctxt:
+            msg = _("User is not authorized to use key manager.")
+            LOG.error(msg)
+            raise exception.Forbidden(msg)
+
+        if not hasattr(ctxt, 'project_id') or ctxt.project_id is None:
+            msg = _("Unable to create Barbican Client without project_id.")
+            LOG.error(msg)
+            raise exception.KeyManagerError(msg)
+
+        # If same context, return cached barbican client
+        if self._barbican_client and self._current_context == ctxt:
+            return self._barbican_client
+
+        try:
+            _SESSION = session.Session.load_from_conf_options(
+                CONF,
+                BARBICAN_OPT_GROUP)
+
+            auth = ctxt.get_auth_plugin()
+            service_type, service_name, interface = (CONF.
+                                                     barbican.
+                                                     catalog_info.
+                                                     split(':'))
+            region_name = CONF.barbican.os_region_name
+            service_parameters = {'service_type': service_type,
+                                  'service_name': service_name,
+                                  'interface': interface,
+                                  'region_name': region_name}
+
+            if CONF.barbican.endpoint_template:
+                self._base_url = (CONF.barbican.endpoint_template %
+                                  ctxt.to_dict())
+            else:
+                self._base_url = _SESSION.get_endpoint(
+                    auth, **service_parameters)
+
+            # the barbican endpoint can't have the '/v1' on the end
+            self._barbican_endpoint = self._base_url.rpartition('/')[0]
+
+            sess = session.Session(auth=auth)
+            self._barbican_client = barbican_client.Client(
+                session=sess,
+                endpoint=self._barbican_endpoint)
+            self._current_context = ctxt
+
+        except Exception as e:
+            with excutils.save_and_reraise_exception():
+                LOG.error(_LE("Error creating Barbican client: %s"), e)
 
         return self._barbican_client
author	Dave McCowan <dmccowan@cisco.com>	2015-12-07 14:28:52 -0500
committer	Dave McCowan <dmccowan@cisco.com>	2015-12-14 17:45:33 -0500
commit	676a53ce44a5624a553e80bcff339300802d5494 (patch)
tree	e30d58fb9ad17d38e8e5cf6f80d484be415c8e45 /nova/keymgr
parent	3f8c69b2ef3eef886e36c0b7f397b83a36a7beb8 (diff)
download	nova-676a53ce44a5624a553e80bcff339300802d5494.tar.gz