def create(self, req, type_id, body=None):
        """Create encryption specs for an existing volume type."""
        context = req.environ['cinder.context']
        authorize(context)

        if self._encrypted_type_in_use(context, type_id):
            expl = _('Cannot create encryption specs. Volume type in use.')
            raise webob.exc.HTTPBadRequest(explanation=expl)

        self.assert_valid_body(body, 'encryption')

        self._check_type(context, type_id)

        encryption_specs = self._get_volume_type_encryption(context, type_id)
        if encryption_specs:
            raise exception.VolumeTypeEncryptionExists(type_id=type_id)

        encryption_specs = body['encryption']

        self._check_encryption_input(encryption_specs)

        db.volume_type_encryption_create(context, type_id, encryption_specs)
        notifier_info = dict(type_id=type_id, specs=encryption_specs)
        notifier = rpc.get_notifier('volumeTypeEncryption')
        notifier.info(context, 'volume_type_encryption.create', notifier_info)
        return body
    def create(self, req, type_id, body=None):
        """Create encryption specs for an existing volume type."""
        context = req.environ['cinder.context']
        authorize(context)

        if self._encrypted_type_in_use(context, type_id):
            expl = _('Cannot create encryption specs. Volume type in use.')
            raise webob.exc.HTTPBadRequest(explanation=expl)

        self.assert_valid_body(body, 'encryption')

        self._check_type(context, type_id)

        encryption_specs = self._get_volume_type_encryption(context, type_id)
        if encryption_specs:
            raise exception.VolumeTypeEncryptionExists(type_id=type_id)

        encryption_specs = body['encryption']

        self._check_encryption_input(encryption_specs)

        db.volume_type_encryption_create(context, type_id, encryption_specs)
        notifier_info = dict(type_id=type_id, specs=encryption_specs)
        notifier = rpc.get_notifier('volumeTypeEncryption')
        notifier.info(context, 'volume_type_encryption.create', notifier_info)
        return body
Beispiel #3
0
    def create(self, req, type_id, body):
        """Create encryption specs for an existing volume type."""
        context = req.environ['cinder.context']
        self._authorize_policy(context, policy.CREATE_ENCRYPTION_POLICY)

        key_size = body['encryption'].get('key_size')
        if key_size is not None:
            body['encryption']['key_size'] = int(key_size)

        if self._encrypted_type_in_use(context, type_id):
            expl = _('Cannot create encryption specs. Volume type in use.')
            raise webob.exc.HTTPBadRequest(explanation=expl)

        self._check_type(context, type_id)

        encryption_specs = self._get_volume_type_encryption(context, type_id)
        if encryption_specs:
            raise exception.VolumeTypeEncryptionExists(type_id=type_id)

        encryption_specs = body['encryption']

        db.volume_type_encryption_create(context, type_id, encryption_specs)
        notifier_info = dict(type_id=type_id, specs=encryption_specs)
        notifier = rpc.get_notifier('volumeTypeEncryption')
        notifier.info(context, 'volume_type_encryption.create', notifier_info)
        return body
    def test_get_volume_type_encryption(self):
        volume_type = volume_types.create(self.ctxt, "type1")
        volume_type_id = volume_type.get("id")
        encryption = {"control_location": "front-end", "provider": "fake_provider"}
        db.volume_type_encryption_create(self.ctxt, volume_type_id, encryption)

        ret = volume_types.get_volume_type_encryption(self.ctxt, volume_type_id)
        self.assertIsNotNone(ret)
Beispiel #5
0
    def test_get_volume_type_encryption(self):
        volume_type = volume_types.create(self.ctxt, "type1")
        volume_type_id = volume_type.get('id')
        encryption = {
            'control_location': 'front-end',
            'provider': 'fake_provider',
        }
        db.volume_type_encryption_create(self.ctxt, volume_type_id, encryption)

        ret = volume_types.get_volume_type_encryption(self.ctxt,
                                                      volume_type_id)
        self.assertIsNotNone(ret)
Beispiel #6
0
    def test_get_volume_type_encryption(self):
        volume_type = volume_types.create(self.ctxt, "type1")
        volume_type_id = volume_type.get('id')
        encryption = {
            'control_location': 'front-end',
            'provider': 'fake_provider',
        }
        db.volume_type_encryption_create(self.ctxt, volume_type_id,
                                         encryption)

        ret = volume_types.get_volume_type_encryption(self.ctxt,
                                                      volume_type_id)
        self.assertIsNotNone(ret)
Beispiel #7
0
 def test_create_encryption_key_encrypted(self, create_key,
                                          get_volume_type_encryption,
                                          is_encryption):
     enc_key = {
         'cipher': 'aes-xts-plain64',
         'key_size': 256,
         'provider': 'p1',
         'control_location': 'front-end',
         'encryption_id': 'uuid1'
     }
     ctxt = context.get_admin_context()
     type_ref1 = volume_types.create(ctxt, "type1")
     encryption = db.volume_type_encryption_create(ctxt, type_ref1['id'],
                                                   enc_key)
     get_volume_type_encryption.return_value = encryption
     CONF.set_override('api_class',
                       'cinder.keymgr.conf_key_mgr.ConfKeyManager',
                       group='key_manager')
     key_manager = keymgr.API()
     volume_utils.create_encryption_key(ctxt, key_manager,
                                        fake.VOLUME_TYPE_ID)
     is_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID)
     get_volume_type_encryption.assert_called_once_with(
         ctxt, fake.VOLUME_TYPE_ID)
     create_key.assert_called_once_with(ctxt, algorithm='aes', length=256)
 def test_create_encryption_key_encrypted(self, create_key,
                                          get_volume_type_encryption,
                                          is_encryption):
     enc_key = {'cipher': 'aes-xts-plain64',
                'key_size': 256,
                'provider': 'p1',
                'control_location': 'front-end',
                'encryption_id': 'uuid1'}
     ctxt = context.get_admin_context()
     type_ref1 = volume_types.create(ctxt, "type1")
     encryption = db.volume_type_encryption_create(
         ctxt, type_ref1['id'], enc_key)
     get_volume_type_encryption.return_value = encryption
     CONF.set_override(
         'api_class',
         'cinder.keymgr.conf_key_mgr.ConfKeyManager',
         group='key_manager')
     key_manager = keymgr.API()
     volume_utils.create_encryption_key(ctxt,
                                        key_manager,
                                        fake.VOLUME_TYPE_ID)
     is_encryption.assert_called_once_with(ctxt,
                                           fake.VOLUME_TYPE_ID)
     get_volume_type_encryption.assert_called_once_with(
         ctxt,
         fake.VOLUME_TYPE_ID)
     create_key.assert_called_once_with(ctxt,
                                        algorithm='aes',
                                        length=256)
Beispiel #9
0
def create_encryption(ctxt, vol_type_id, testcase_instance=None, **kwargs):
    encrypt = db.volume_type_encryption_create(ctxt, vol_type_id, kwargs)

    # If we get a TestCase instance we add cleanup
    if testcase_instance:
        testcase_instance.addCleanup(db.volume_type_encryption_delete, ctxt,
                                     vol_type_id)
    return encrypt
Beispiel #10
0
def create_encryption(ctxt, vol_type_id, testcase_instance=None, **kwargs):
    encrypt = db.volume_type_encryption_create(ctxt, vol_type_id, kwargs)

    # If we get a TestCase instance we add cleanup
    if testcase_instance:
        testcase_instance.addCleanup(db.volume_type_encryption_delete, ctxt,
                                     vol_type_id)
    return encrypt
Beispiel #11
0
    def test_volume_type_encryption_delete(self):
        values = {
            "cipher": "fake_cipher",
            "key_size": 256,
            "provider": "fake_provider",
            "volume_type_id": "fake_type",
            "control_location": "front-end",
        }

        encryption = db.volume_type_encryption_create(self.ctxt, "fake_type", values)
        self._assertEqualObjects(values, encryption, self._ignored_keys)

        db.volume_type_encryption_delete(self.ctxt, encryption["volume_type_id"])
        encryption_get = db.volume_type_encryption_get(self.ctxt, encryption["volume_type_id"])
        self.assertIsNone(encryption_get)
Beispiel #12
0
 def test_create_encryption_key_encrypted(self, create_key, get_volume_type_encryption, is_encryption):
     enc_key = {
         "cipher": "aes-xts-plain64",
         "key_size": 256,
         "provider": "p1",
         "control_location": "front-end",
         "encryption_id": "uuid1",
     }
     ctxt = context.get_admin_context()
     type_ref1 = volume_types.create(ctxt, "type1")
     encryption = db.volume_type_encryption_create(ctxt, type_ref1["id"], enc_key)
     get_volume_type_encryption.return_value = encryption
     CONF.set_override("api_class", "cinder.keymgr.conf_key_mgr.ConfKeyManager", group="key_manager")
     key_manager = keymgr.API()
     volume_utils.create_encryption_key(ctxt, key_manager, fake.VOLUME_TYPE_ID)
     is_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID)
     get_volume_type_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID)
     create_key.assert_called_once_with(ctxt, algorithm="aes", length=256)
Beispiel #13
0
    def test_volume_type_encryption_delete(self):
        values = {
            'cipher': 'fake_cipher',
            'key_size': 256,
            'provider': 'fake_provider',
            'volume_type_id': 'fake_type',
            'control_location': 'front-end',
        }

        encryption = db.volume_type_encryption_create(self.ctxt, 'fake_type',
                                                      values)
        self._assertEqualObjects(values, encryption, self._ignored_keys)

        db.volume_type_encryption_delete(self.ctxt,
                                         encryption['volume_type_id'])
        encryption_get = \
            db.volume_type_encryption_get(self.ctxt,
                                          encryption['volume_type_id'])
        self.assertIsNone(encryption_get)
    def test_volume_types_diff(self):
        #type_ref 1 and 2 have the same extra_specs, while 3 has different
        keyvals1 = {"key1": "val1", "key2": "val2"}
        keyvals2 = {"key1": "val0", "key2": "val2"}
        type_ref1 = volume_types.create(self.ctxt, "type1", keyvals1)
        type_ref2 = volume_types.create(self.ctxt, "type2", keyvals1)
        type_ref3 = volume_types.create(self.ctxt, "type3", keyvals2)

        # Check equality with only extra_specs
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'],
                                                    type_ref2['id'])
        self.assertEqual(True, same)
        self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1'])
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'],
                                                    type_ref3['id'])
        self.assertEqual(False, same)
        self.assertEqual(('val1', 'val0'), diff['extra_specs']['key1'])

        #qos_ref 1 and 2 have the same specs, while 3 has different
        qos_keyvals1 = {'k1': 'v1', 'k2': 'v2', 'k3': 'v3'}
        qos_keyvals2 = {'k1': 'v0', 'k2': 'v2', 'k3': 'v3'}
        qos_ref1 = qos_specs.create(self.ctxt, 'qos-specs-1', qos_keyvals1)
        qos_ref2 = qos_specs.create(self.ctxt, 'qos-specs-2', qos_keyvals1)
        qos_ref3 = qos_specs.create(self.ctxt, 'qos-specs-3', qos_keyvals2)

        # Check equality with qos specs too
        qos_specs.associate_qos_with_type(self.ctxt, qos_ref1['id'],
                                          type_ref1['id'])
        qos_specs.associate_qos_with_type(self.ctxt, qos_ref2['id'],
                                          type_ref2['id'])
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'],
                                                    type_ref2['id'])
        self.assertEqual(True, same)
        self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1'])
        self.assertEqual(('v1', 'v1'), diff['qos_specs']['k1'])
        qos_specs.disassociate_qos_specs(self.ctxt, qos_ref2['id'],
                                         type_ref2['id'])
        qos_specs.associate_qos_with_type(self.ctxt, qos_ref3['id'],
                                          type_ref2['id'])
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'],
                                                    type_ref2['id'])
        self.assertEqual(False, same)
        self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1'])
        self.assertEqual(('v1', 'v0'), diff['qos_specs']['k1'])
        qos_specs.disassociate_qos_specs(self.ctxt, qos_ref3['id'],
                                         type_ref2['id'])
        qos_specs.associate_qos_with_type(self.ctxt, qos_ref2['id'],
                                          type_ref2['id'])

        # And add encryption for good measure
        enc_keyvals1 = {'cipher': 'c1', 'key_size': 256, 'provider': 'p1',
                        'control_location': 'front-end'}
        enc_keyvals2 = {'cipher': 'c1', 'key_size': 128, 'provider': 'p1',
                        'control_location': 'front-end'}
        db.volume_type_encryption_create(self.ctxt, type_ref1['id'],
                                         enc_keyvals1)
        db.volume_type_encryption_create(self.ctxt, type_ref2['id'],
                                         enc_keyvals2)
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'],
                                                    type_ref2['id'])
        self.assertEqual(False, same)
        self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1'])
        self.assertEqual(('v1', 'v1'), diff['qos_specs']['k1'])
        self.assertEqual((256, 128), diff['encryption']['key_size'])
Beispiel #15
0
    def test_volume_types_diff(self):
        # type_ref 1 and 2 have the same extra_specs, while 3 has different
        keyvals1 = {"key1": "val1", "key2": "val2"}
        keyvals2 = {"key1": "val0", "key2": "val2"}
        type_ref1 = volume_types.create(self.ctxt, "type1", keyvals1)
        type_ref2 = volume_types.create(self.ctxt, "type2", keyvals1)
        type_ref3 = volume_types.create(self.ctxt, "type3", keyvals2)

        # Check equality with only extra_specs
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1["id"], type_ref2["id"])
        self.assertTrue(same)
        self.assertEqual(diff["extra_specs"]["key1"], ("val1", "val1"))
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1["id"], type_ref3["id"])
        self.assertFalse(same)
        self.assertEqual(diff["extra_specs"]["key1"], ("val1", "val0"))

        # qos_ref 1 and 2 have the same specs, while 3 has different
        qos_keyvals1 = {"k1": "v1", "k2": "v2", "k3": "v3"}
        qos_keyvals2 = {"k1": "v0", "k2": "v2", "k3": "v3"}
        qos_ref1 = qos_specs.create(self.ctxt, "qos-specs-1", qos_keyvals1)
        qos_ref2 = qos_specs.create(self.ctxt, "qos-specs-2", qos_keyvals1)
        qos_ref3 = qos_specs.create(self.ctxt, "qos-specs-3", qos_keyvals2)

        # Check equality with qos specs too
        qos_specs.associate_qos_with_type(self.ctxt, qos_ref1["id"], type_ref1["id"])
        qos_specs.associate_qos_with_type(self.ctxt, qos_ref2["id"], type_ref2["id"])
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1["id"], type_ref2["id"])
        self.assertTrue(same)
        self.assertEqual(diff["extra_specs"]["key1"], ("val1", "val1"))
        self.assertEqual(diff["qos_specs"]["k1"], ("v1", "v1"))
        qos_specs.disassociate_qos_specs(self.ctxt, qos_ref2["id"], type_ref2["id"])
        qos_specs.associate_qos_with_type(self.ctxt, qos_ref3["id"], type_ref2["id"])
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1["id"], type_ref2["id"])
        self.assertFalse(same)
        self.assertEqual(diff["extra_specs"]["key1"], ("val1", "val1"))
        self.assertEqual(diff["qos_specs"]["k1"], ("v1", "v0"))
        qos_specs.disassociate_qos_specs(self.ctxt, qos_ref3["id"], type_ref2["id"])
        qos_specs.associate_qos_with_type(self.ctxt, qos_ref2["id"], type_ref2["id"])

        # And add encryption for good measure
        enc_keyvals1 = {
            "cipher": "c1",
            "key_size": 256,
            "provider": "p1",
            "control_location": "front-end",
            "encryption_id": "uuid1",
        }
        enc_keyvals2 = {
            "cipher": "c1",
            "key_size": 128,
            "provider": "p1",
            "control_location": "front-end",
            "encryption_id": "uuid2",
        }
        db.volume_type_encryption_create(self.ctxt, type_ref1["id"], enc_keyvals1)
        db.volume_type_encryption_create(self.ctxt, type_ref2["id"], enc_keyvals2)
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1["id"], type_ref2["id"])
        self.assertFalse(same)
        self.assertEqual(diff["extra_specs"]["key1"], ("val1", "val1"))
        self.assertEqual(diff["qos_specs"]["k1"], ("v1", "v1"))
        self.assertEqual(diff["encryption"]["key_size"], (256, 128))

        # Check diff equals type specs when one type is None
        diff, same = volume_types.volume_types_diff(self.ctxt, None, type_ref1["id"])
        self.assertFalse(same)
        self.assertEqual(diff["extra_specs"], {"key1": (None, "val1"), "key2": (None, "val2")})
        self.assertEqual(
            diff["qos_specs"],
            {"consumer": (None, "back-end"), "k1": (None, "v1"), "k2": (None, "v2"), "k3": (None, "v3")},
        )
        self.assertEqual(
            diff["encryption"],
            {
                "cipher": (None, "c1"),
                "control_location": (None, "front-end"),
                "deleted": (None, False),
                "key_size": (None, 256),
                "provider": (None, "p1"),
                "encryption_id": (None, "uuid1"),
            },
        )
Beispiel #16
0
 def setUp(self):
     super(DBAPIEncryptionTestCase, self).setUp()
     self.created = [
         db.volume_type_encryption_create(self.ctxt, values["volume_type_id"], values)
         for values in self._get_values()
     ]
Beispiel #17
0
 def setUp(self):
     super(DBAPIEncryptionTestCase, self).setUp()
     self.created = \
         [db.volume_type_encryption_create(self.ctxt,
                                           values['volume_type_id'], values)
          for values in self._get_values()]
    def test_volume_types_diff(self):
        # type_ref 1 and 2 have the same extra_specs, while 3 has different
        keyvals1 = {"key1": "val1", "key2": "val2"}
        keyvals2 = {"key1": "val0", "key2": "val2"}
        type_ref1 = volume_types.create(self.ctxt, "type1", keyvals1)
        type_ref2 = volume_types.create(self.ctxt, "type2", keyvals1)
        type_ref3 = volume_types.create(self.ctxt, "type3", keyvals2)

        # Check equality with only extra_specs
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'],
                                                    type_ref2['id'])
        self.assertTrue(same)
        self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1'])
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'],
                                                    type_ref3['id'])
        self.assertFalse(same)
        self.assertEqual(('val1', 'val0'), diff['extra_specs']['key1'])

        # qos_ref 1 and 2 have the same specs, while 3 has different
        qos_keyvals1 = {'k1': 'v1', 'k2': 'v2', 'k3': 'v3'}
        qos_keyvals2 = {'k1': 'v0', 'k2': 'v2', 'k3': 'v3'}
        qos_ref1 = qos_specs.create(self.ctxt, 'qos-specs-1', qos_keyvals1)
        qos_ref2 = qos_specs.create(self.ctxt, 'qos-specs-2', qos_keyvals1)
        qos_ref3 = qos_specs.create(self.ctxt, 'qos-specs-3', qos_keyvals2)

        # Check equality with qos specs too
        qos_specs.associate_qos_with_type(self.ctxt, qos_ref1['id'],
                                          type_ref1['id'])
        qos_specs.associate_qos_with_type(self.ctxt, qos_ref2['id'],
                                          type_ref2['id'])
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'],
                                                    type_ref2['id'])
        self.assertTrue(same)
        self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1'])
        self.assertEqual(('v1', 'v1'), diff['qos_specs']['k1'])
        qos_specs.disassociate_qos_specs(self.ctxt, qos_ref2['id'],
                                         type_ref2['id'])
        qos_specs.associate_qos_with_type(self.ctxt, qos_ref3['id'],
                                          type_ref2['id'])
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'],
                                                    type_ref2['id'])
        self.assertFalse(same)
        self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1'])
        self.assertEqual(('v1', 'v0'), diff['qos_specs']['k1'])
        qos_specs.disassociate_qos_specs(self.ctxt, qos_ref3['id'],
                                         type_ref2['id'])
        qos_specs.associate_qos_with_type(self.ctxt, qos_ref2['id'],
                                          type_ref2['id'])

        # And add encryption for good measure
        enc_keyvals1 = {'cipher': 'c1', 'key_size': 256, 'provider': 'p1',
                        'control_location': 'front-end',
                        'encryption_id': 'uuid1'}
        enc_keyvals2 = {'cipher': 'c1', 'key_size': 128, 'provider': 'p1',
                        'control_location': 'front-end',
                        'encryption_id': 'uuid2'}
        db.volume_type_encryption_create(self.ctxt, type_ref1['id'],
                                         enc_keyvals1)
        db.volume_type_encryption_create(self.ctxt, type_ref2['id'],
                                         enc_keyvals2)
        diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'],
                                                    type_ref2['id'])
        self.assertFalse(same)
        self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1'])
        self.assertEqual(('v1', 'v1'), diff['qos_specs']['k1'])
        self.assertEqual((256, 128), diff['encryption']['key_size'])

        # Check diff equals type specs when one type is None
        diff, same = volume_types.volume_types_diff(self.ctxt, None,
                                                    type_ref1['id'])
        self.assertFalse(same)
        self.assertEqual({'key1': (None, 'val1'), 'key2': (None, 'val2')},
                         diff['extra_specs'])
        self.assertEqual({'consumer': (None, 'back-end'),
                          'k1': (None, 'v1'),
                          'k2': (None, 'v2'),
                          'k3': (None, 'v3')}, diff['qos_specs'])
        self.assertEqual({'cipher': (None, 'c1'),
                          'control_location': (None, 'front-end'),
                          'deleted': (None, False),
                          'key_size': (None, 256),
                          'provider': (None, 'p1'),
                          'encryption_id': (None, 'uuid1')},
                         diff['encryption'])