def test_error_log(self, log):
encryption = {'control_location': 'front-end',
'provider': 'TestEncryptor'}
provider = 'TestEncryptor'
try:
encryptors.get_volume_encryptor(
root_helper=self.root_helper,
connection_info=self.connection_info,
keymgr=self.keymgr,
**encryption)
except Exception as e:
log.error.assert_called_once_with("Error instantiating "
"%(provider)s: "
"%(exception)s",
{'provider': provider,
'exception': e})
def attach_volume(context, client, vol, initiator):
print("Attach volume %s" % vol.id)
conn = client.volumes.initialize_connection(vol, initiator)
connector = con.InitiatorConnector.factory(
conn['driver_volume_type'], 'sudo',
use_multipath=initiator['multipath'])
vol_handle = connector.connect_volume(conn['data'])
if not connector.check_valid_device(vol_handle['path'], True):
print("check_valid_device %s fails" % vol_handle['path'])
sys.exit(-1)
try:
encryption = client.volumes.get_encryption_metadata(vol.id)
if encryption['encryption_key_id']:
# This is an encrypted volume
keymgr = key_manager.API()
conn_info = {'data': {'device_path': vol_handle['path']}}
encryptor = encryptors.get_volume_encryptor(
root_helper="sudo",
connection_info=conn_info,
keymgr=keymgr,
**encryption)
encryptor.attach_volume(context, **encryption)
except Exception as e:
connector.disconnect_volume(conn['data'], vol_handle)
client.volumes.terminate_connection(vol, initiator)
print("Failed to attach volume: %s." % e)
sys.exit(-1)
print("vol path/handle = %s" % vol_handle)
print("Succeed to attach volume.")
return vol_handle
def brick_get_encryptor(connection_info, *args, **kwargs):
"""Wrapper to get a brick encryptor object."""
root_helper = get_root_helper()
key_manager = keymgr.API(CONF)
return encryptors.get_volume_encryptor(root_helper=root_helper,
connection_info=connection_info,
keymgr=key_manager,
*args, **kwargs)
def _test_get_encryptor(self, provider, expected_provider_class):
encryption = {'control_location': 'front-end',
'provider': provider}
encryptor = encryptors.get_volume_encryptor(
root_helper=self.root_helper,
connection_info=self.connection_info,
keymgr=self.keymgr,
**encryption)
self.assertIsInstance(encryptor, expected_provider_class)
def brick_get_encryptor(connection_info, *args, **kwargs):
"""Wrapper to get a brick encryptor object."""
root_helper = get_root_helper()
km = key_manager.API(CONF)
return encryptors.get_volume_encryptor(root_helper=root_helper,
connection_info=connection_info,
keymgr=km,
*args,
**kwargs)
def test_get_encryptors(self):
root_helper = None
encryption = {'control_location': 'front-end',
'provider': 'LuksEncryptor'}
encryptor = encryptors.get_volume_encryptor(
root_helper=root_helper,
connection_info=self.connection_info,
keymgr=fake.fake_api(),
execute=self.mock_execute,
**encryption)
self.assertIsInstance(encryptor,
encryptors.luks.LuksEncryptor,
"encryptor is not an instance of LuksEncryptor")
encryption = {'control_location': 'front-end',
'provider': 'CryptsetupEncryptor'}
encryptor = encryptors.get_volume_encryptor(
root_helper=root_helper,
connection_info=self.connection_info,
keymgr=fake.fake_api(),
execute=self.mock_execute,
**encryption)
self.assertIsInstance(encryptor,
encryptors.cryptsetup.CryptsetupEncryptor,
"encryptor is not an instance of"
"CryptsetupEncryptor")
encryption = {'control_location': 'front-end',
'provider': 'NoOpEncryptor'}
encryptor = encryptors.get_volume_encryptor(
root_helper=root_helper,
connection_info=self.connection_info,
keymgr=fake.fake_api(),
execute=self.mock_execute,
**encryption)
self.assertIsInstance(encryptor,
encryptors.nop.NoOpEncryptor,
"encryptor is not an instance of NoOpEncryptor")
def test_error_log(self, log):
encryption = {
'control_location': 'front-end',
'provider': 'TestEncryptor'
}
provider = 'TestEncryptor'
try:
encryptors.get_volume_encryptor(
root_helper=self.root_helper,
connection_info=self.connection_info,
keymgr=self.keymgr,
**encryption)
except Exception as e:
log.error.assert_called_once_with(
"Error instantiating "
"%(provider)s: "
"%(exception)s", {
'provider': provider,
'exception': e
})
def test_get_missing_out_of_tree_encryptor_log(self, log):
provider = 'TestEncryptor'
encryption = {'control_location': 'front-end',
'provider': provider}
try:
encryptors.get_volume_encryptor(
root_helper=self.root_helper,
connection_info=self.connection_info,
keymgr=self.keymgr,
**encryption)
except Exception as e:
log.error.assert_called_once_with("Error instantiating "
"%(provider)s: "
"%(exception)s",
{'provider': provider,
'exception': e})
log.warning.assert_called_once_with("Use of the out of tree "
"encryptor class %(provider)s "
"will be blocked with the "
"Pike release of os-brick.",
{'provider': provider})
def test_get_missing_out_of_tree_encryptor_log(self, log):
provider = 'TestEncryptor'
encryption = {'control_location': 'front-end',
'provider': provider}
try:
encryptors.get_volume_encryptor(
root_helper=self.root_helper,
connection_info=self.connection_info,
keymgr=self.keymgr,
**encryption)
except Exception as e:
log.error.assert_called_once_with("Error instantiating "
"%(provider)s: "
"%(exception)s",
{'provider': provider,
'exception': e})
log.warning.assert_called_once_with("Use of the out of tree "
"encryptor class %(provider)s "
"will be blocked with the "
"Queens release of os-brick.",
{'provider': provider})
def detach_volume(context, client, vol, device, initiator):
conn = client.volumes.initialize_connection(vol, initiator)
connector = con.InitiatorConnector.factory(
conn['driver_volume_type'], 'sudo',
use_multipath=initiator['multipath'])
encryption = client.volumes.get_encryption_metadata(vol.id)
if encryption['encryption_key_id']:
# Detach encryptor at first
keymgr = key_manager.API(CONF)
conn_info = {'data': {'device_path': device}}
encryptor = encryptors.get_volume_encryptor(root_helper="sudo",
connection_info=conn_info,
keymgr=keymgr,
**encryption)
encryptor.detach_volume()
connector.disconnect_volume(conn['data'],
device)
client.volumes.terminate_connection(vol, initiator)
print("Succeed to detach volume.")
def test_get_direct_encryptor_log(self, log):
encryption = {
'control_location': 'front-end',
'provider': 'LuksEncryptor'
}
encryptors.get_volume_encryptor(root_helper=self.root_helper,
connection_info=self.connection_info,
keymgr=self.keymgr,
**encryption)
encryption = {
'control_location': 'front-end',
'provider': 'os_brick.encryptors.luks.LuksEncryptor'
}
encryptors.get_volume_encryptor(root_helper=self.root_helper,
connection_info=self.connection_info,
keymgr=self.keymgr,
**encryption)
encryption = {
'control_location': 'front-end',
'provider': 'nova.volume.encryptors.luks.LuksEncryptor'
}
encryptors.get_volume_encryptor(root_helper=self.root_helper,
connection_info=self.connection_info,
keymgr=self.keymgr,
**encryption)
log.warning.assert_has_calls([
mock.call(
"Use of the in tree encryptor class %(provider)s by "
"directly referencing the implementation class will be "
"blocked in the Queens release of os-brick.",
{'provider': 'LuksEncryptor'}),
mock.call(
"Use of the in tree encryptor class %(provider)s by "
"directly referencing the implementation class will be "
"blocked in the Queens release of os-brick.",
{'provider': 'os_brick.encryptors.luks.LuksEncryptor'}),
mock.call(
"Use of the in tree encryptor class %(provider)s by "
"directly referencing the implementation class will be "
"blocked in the Queens release of os-brick.",
{'provider': 'nova.volume.encryptors.luks.LuksEncryptor'})
])
def test_get_direct_encryptor_log(self, log):
encryption = {'control_location': 'front-end',
'provider': 'LuksEncryptor'}
encryptors.get_volume_encryptor(
root_helper=self.root_helper,
connection_info=self.connection_info,
keymgr=self.keymgr,
**encryption)
encryption = {'control_location': 'front-end',
'provider': 'os_brick.encryptors.luks.LuksEncryptor'}
encryptors.get_volume_encryptor(
root_helper=self.root_helper,
connection_info=self.connection_info,
keymgr=self.keymgr,
**encryption)
encryption = {'control_location': 'front-end',
'provider': 'nova.volume.encryptors.luks.LuksEncryptor'}
encryptors.get_volume_encryptor(
root_helper=self.root_helper,
connection_info=self.connection_info,
keymgr=self.keymgr,
**encryption)
log.warning.assert_has_calls([
mock.call("Use of the in tree encryptor class %(provider)s by "
"directly referencing the implementation class will be "
"blocked in the Queens release of os-brick.",
{'provider': 'LuksEncryptor'}),
mock.call("Use of the in tree encryptor class %(provider)s by "
"directly referencing the implementation class will be "
"blocked in the Queens release of os-brick.",
{'provider':
'os_brick.encryptors.luks.LuksEncryptor'}),
mock.call("Use of the in tree encryptor class %(provider)s by "
"directly referencing the implementation class will be "
"blocked in the Queens release of os-brick.",
{'provider':
'nova.volume.encryptors.luks.LuksEncryptor'})])