def test_deprecated_barbican_key_manager(self):
self.config.set_override('api_class',
'cinder.keymgr.barbican.BarbicanKeyManager',
group='key_manager')
kmgr = keymgr.API(self.config)
self.assertEqual(type(kmgr),
key_manager.barbican_key_manager.BarbicanKeyManager)
def _save_vol_base_meta(self, container, volume_id):
"""Save base volume metadata to container.
This will fetch all fields from the db Volume object for volume_id and
save them in the provided container dictionary.
"""
type_tag = self.TYPE_TAG_VOL_BASE_META
LOG.debug("Getting metadata type '%s'" % type_tag)
meta = self.db.volume_get(self.context, volume_id)
if meta:
container[type_tag] = {}
for key, value in meta:
# Exclude fields that are "not JSON serializable"
if not self._is_serializable(value):
LOG.info(_LI("Unable to serialize field '%s' - excluding "
"from backup") % (key))
continue
# Copy the encryption key uuid for backup
if key is 'encryption_key_id' and value is not None:
value = keymgr.API().copy_key(self.context, value)
LOG.debug("Copying encryption key uuid for backup.")
container[type_tag][key] = value
LOG.debug("Completed fetching metadata type '%s'" % type_tag)
else:
LOG.debug("No metadata type '%s' available" % type_tag)
def test_create_encryption_key_encrypted(self, create_key,
get_volume_type_encryption,
is_encryption):
enc_key = {
'cipher': 'aes-xts-plain64',
'key_size': 256,
'provider': 'p1',
'control_location': 'front-end',
'encryption_id': 'uuid1'
}
ctxt = context.get_admin_context()
type_ref1 = volume_types.create(ctxt, "type1")
encryption = db.volume_type_encryption_create(ctxt, type_ref1['id'],
enc_key)
get_volume_type_encryption.return_value = encryption
CONF.set_override('api_class',
'cinder.keymgr.conf_key_mgr.ConfKeyManager',
group='key_manager')
key_manager = keymgr.API()
volume_utils.create_encryption_key(ctxt, key_manager,
fake.VOLUME_TYPE_ID)
is_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID)
get_volume_type_encryption.assert_called_once_with(
ctxt, fake.VOLUME_TYPE_ID)
create_key.assert_called_once_with(ctxt, algorithm='aes', length=256)
def test_set_conf_key_manager(self):
self.config.set_override(
'backend',
'cinder.keymgr.conf_key_mgr.ConfKeyManager',
group='key_manager')
kmgr = keymgr.API(self.config)
self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager)
def __init__(self, db_driver=None, image_service=None):
self.image_service = (image_service
or glance.get_default_image_service())
self.scheduler_rpcapi = scheduler_rpcapi.SchedulerAPI()
self.volume_rpcapi = volume_rpcapi.VolumeAPI()
self.availability_zone_names = ()
self.key_manager = keymgr.API()
super(API, self).__init__(db_driver)
def brick_get_encryptor(connection_info, *args, **kwargs):
"""Wrapper to get a brick encryptor object."""
root_helper = get_root_helper()
key_manager = keymgr.API()
return encryptors.get_volume_encryptor(root_helper=root_helper,
connection_info=connection_info,
keymgr=key_manager,
*args, **kwargs)
def test_deprecated_mock_key_manager(self):
self.config.set_override(
'api_class',
'cinder.tests.unit.keymgr.mock_key_mgr.MockKeyManager',
group='key_manager')
kmgr = keymgr.API(self.config)
self.assertEqual(
type(kmgr),
castellan.tests.unit.key_manager.mock_key_manager.MockKeyManager)
def _create_encrypted_volume_db_entry(self, id, type_id, encrypted):
if encrypted:
key_id = key_manager.API().key_id
vol = {
'id': id,
'size': 1,
'status': 'available',
'volume_type_id': type_id,
'encryption_key_id': key_id
}
else:
vol = {
'id': id,
'size': 1,
'status': 'available',
'volume_type_id': type_id,
'encryption_key_id': None
}
return db.volume_create(self.ctxt, vol)['id']
def _key_manager(self):
# Allows for lazy initialization of the key manager
if self._key_mgr is None:
self._key_mgr = keymgr.API(CONF)
return self._key_mgr
def test_blank_config(self):
kmgr = keymgr.API(self.config)
self.assertEqual(type(kmgr), keymgr.conf_key_mgr.ConfKeyManager)
def test_barbican_backend(self):
self.config.set_override('backend', 'barbican', group='key_manager')
kmgr = keymgr.API(self.config)
self.assertEqual(type(kmgr), barbican_key_manager.BarbicanKeyManager)