Overview

File 0001-Create-signing_dir-upon-first-usage.patch of Package python-keystonemiddleware

From 0f426e7f9e86385cab698f73d6ecb1d8e6b4898a Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen@gazlene.net>
Date: Mon, 11 Apr 2016 10:38:34 -0700
Subject: [PATCH] Create signing_dir upon first usage

Without this patch, if a signing_dir value is not provided in the
keystone_authtoken section for a given service, keystonemiddleware will
create a secure temporary directory upon startup. For users not using
the 'pki' pr 'pkiz' token providers, this is unnecessary and causes
/tmp to fill up needlessly. This patch moves the directory
creation out of SigningDirectory.__init__ and into
SigningDirectory.calc_path, so that the first time calc_path is called,
the directory is created. If the user has provided the directory name,
we still log that and verify the directory at __init__. If the temp
directory must be created, we log and verify that only once at the time
of creation.

Change-Id: I501d96d35bcf0039d2f5c5987471f496fc830f61
Closes-bug: #1533724
---
 keystonemiddleware/auth_token/_signing_dir.py      | 21 ++++++++++-----
 .../tests/unit/auth_token/test_signing_dir.py      | 30 ++++++++++++++--------
 2 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/keystonemiddleware/auth_token/_signing_dir.py b/keystonemiddleware/auth_token/_signing_dir.py
index f8b1a41..3ef53ac 100644
--- a/keystonemiddleware/auth_token/_signing_dir.py
+++ b/keystonemiddleware/auth_token/_signing_dir.py
@@ -28,14 +28,12 @@ class SigningDirectory(object):
     def __init__(self, directory_name=None, log=None):
         self._log = log or _LOG
 
-        if directory_name is None:
-            directory_name = tempfile.mkdtemp(prefix='keystone-signing-')
-        self._log.info(
-            _LI('Using %s as cache directory for signing certificate'),
-            directory_name)
         self._directory_name = directory_name
-
-        self._verify_signing_dir()
+        if self._directory_name:
+            self._log.info(
+                _LI('Using %s as cache directory for signing certificate'),
+                self._directory_name)
+            self._verify_signing_dir()
 
     def write_file(self, file_name, new_contents):
 
@@ -63,8 +61,17 @@ class SigningDirectory(object):
             return f.read()
 
     def calc_path(self, file_name):
+        self._lazy_create_signing_dir()
         return os.path.join(self._directory_name, file_name)
 
+    def _lazy_create_signing_dir(self):
+        if self._directory_name is None:
+            self._directory_name = tempfile.mkdtemp(prefix='keystone-signing-')
+            self._log.info(
+                _LI('Using %s as cache directory for signing certificate'),
+                self._directory_name)
+            self._verify_signing_dir()
+
     def _verify_signing_dir(self):
         if os.path.isdir(self._directory_name):
             if not os.access(self._directory_name, os.W_OK):
diff --git a/keystonemiddleware/tests/unit/auth_token/test_signing_dir.py b/keystonemiddleware/tests/unit/auth_token/test_signing_dir.py
index b2ef95d..5664d7d 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_signing_dir.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_signing_dir.py
@@ -53,12 +53,13 @@ class SigningDirectoryTests(utils.BaseTestCase):
         # write_file when the file doesn't exist creates the file.
 
         signing_directory = _signing_dir.SigningDirectory()
-        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
 
         file_name = self.getUniqueString()
         contents = self.getUniqueString()
         signing_directory.write_file(file_name, contents)
 
+        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
+
         file_path = signing_directory.calc_path(file_name)
         with open(file_path) as f:
             actual_contents = f.read()
@@ -69,12 +70,13 @@ class SigningDirectoryTests(utils.BaseTestCase):
         # write_file when the file already exists overwrites it.
 
         signing_directory = _signing_dir.SigningDirectory()
-        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
 
         file_name = self.getUniqueString()
         orig_contents = self.getUniqueString()
         signing_directory.write_file(file_name, orig_contents)
 
+        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
+
         new_contents = self.getUniqueString()
         signing_directory.write_file(file_name, new_contents)
 
@@ -89,28 +91,32 @@ class SigningDirectoryTests(utils.BaseTestCase):
         # is written.
 
         signing_directory = _signing_dir.SigningDirectory()
+        original_file_name = self.getUniqueString()
+        original_contents = self.getUniqueString()
+        signing_directory.write_file(original_file_name, original_contents)
+
         self.addCleanup(shutil.rmtree, signing_directory._directory_name)
 
         # Delete the directory.
         shutil.rmtree(signing_directory._directory_name)
 
-        file_name = self.getUniqueString()
-        contents = self.getUniqueString()
-        signing_directory.write_file(file_name, contents)
+        new_file_name = self.getUniqueString()
+        new_contents = self.getUniqueString()
+        signing_directory.write_file(new_file_name, new_contents)
 
-        actual_contents = signing_directory.read_file(file_name)
-        self.assertEqual(contents, actual_contents)
+        actual_contents = signing_directory.read_file(new_file_name)
+        self.assertEqual(new_contents, actual_contents)
 
     def test_read_file(self):
         # Can read a file that was written.
 
         signing_directory = _signing_dir.SigningDirectory()
-        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
-
         file_name = self.getUniqueString()
         contents = self.getUniqueString()
         signing_directory.write_file(file_name, contents)
 
+        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
+
         actual_contents = signing_directory.read_file(file_name)
 
         self.assertEqual(contents, actual_contents)
@@ -119,19 +125,21 @@ class SigningDirectoryTests(utils.BaseTestCase):
         # Show what happens when try to read a file that wasn't written.
 
         signing_directory = _signing_dir.SigningDirectory()
-        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
 
         file_name = self.getUniqueString()
         self.assertRaises(IOError, signing_directory.read_file, file_name)
+        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
 
     def test_calc_path(self):
         # calc_path returns the actual filename built from the directory name.
 
         signing_directory = _signing_dir.SigningDirectory()
-        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
 
         file_name = self.getUniqueString()
         actual_path = signing_directory.calc_path(file_name)
+
+        self.addCleanup(shutil.rmtree, signing_directory._directory_name)
+
         expected_path = os.path.join(signing_directory._directory_name,
                                      file_name)
         self.assertEqual(expected_path, actual_path)
-- 
2.12.2
openSUSE Build Service is sponsored by
Places