def test_create_encryption_key_encrypted(self, create_key,
get_volume_type_encryption,
is_encryption):
enc_key = {'cipher': 'aes-xts-plain64',
'key_size': 256,
'provider': 'p1',
'control_location': 'front-end',
'encryption_id': 'uuid1'}
ctxt = context.get_admin_context()
type_ref1 = volume_types.create(ctxt, "type1")
encryption = db.volume_type_encryption_create(
ctxt, type_ref1['id'], enc_key)
get_volume_type_encryption.return_value = encryption
CONF.set_override(
'api_class',
'cinder.keymgr.conf_key_mgr.ConfKeyManager',
group='key_manager')
key_manager = keymgr.API()
volume_utils.create_encryption_key(ctxt,
key_manager,
fake.VOLUME_TYPE_ID)
is_encryption.assert_called_once_with(ctxt,
fake.VOLUME_TYPE_ID)
get_volume_type_encryption.assert_called_once_with(
ctxt,
fake.VOLUME_TYPE_ID)
create_key.assert_called_once_with(ctxt,
algorithm='aes',
length=256)
def test_create_encryption_key_encrypted(self, create_key,
get_volume_type_encryption,
is_encryption):
enc_key = {
'cipher': 'aes-xts-plain64',
'key_size': 256,
'provider': 'p1',
'control_location': 'front-end',
'encryption_id': 'uuid1'
}
ctxt = context.get_admin_context()
type_ref1 = volume_types.create(ctxt, "type1")
encryption = db.volume_type_encryption_create(ctxt, type_ref1['id'],
enc_key)
get_volume_type_encryption.return_value = encryption
CONF.set_override('api_class',
'cinder.keymgr.conf_key_mgr.ConfKeyManager',
group='key_manager')
key_manager = keymgr.API()
volume_utils.create_encryption_key(ctxt, key_manager,
fake.VOLUME_TYPE_ID)
is_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID)
get_volume_type_encryption.assert_called_once_with(
ctxt, fake.VOLUME_TYPE_ID)
create_key.assert_called_once_with(ctxt, algorithm='aes', length=256)
def _get_encryption_key_id(self, key_manager, context, volume_type_id,
snapshot, source_volume,
image_metadata):
encryption_key_id = None
if volume_types.is_encrypted(context, volume_type_id):
if snapshot is not None: # creating from snapshot
encryption_key_id = snapshot['encryption_key_id']
elif source_volume is not None: # cloning volume
encryption_key_id = source_volume['encryption_key_id']
elif image_metadata is not None:
# creating from image
encryption_key_id = image_metadata.get(
'cinder_encryption_key_id')
# NOTE(joel-coffman): References to the encryption key should *not*
# be copied because the key is deleted when the volume is deleted.
# Clone the existing key and associate a separate -- but
# identical -- key with each volume.
if encryption_key_id is not None:
encryption_key_id = vol_utils.clone_encryption_key(
context,
key_manager,
encryption_key_id)
else:
encryption_key_id = vol_utils.create_encryption_key(
context,
key_manager,
volume_type_id)
return encryption_key_id
def _get_encryption_key_id(self, key_manager, context, volume_type_id,
snapshot, source_volume,
image_metadata):
encryption_key_id = None
if volume_types.is_encrypted(context, volume_type_id):
if snapshot is not None: # creating from snapshot
encryption_key_id = snapshot['encryption_key_id']
elif source_volume is not None: # cloning volume
encryption_key_id = source_volume['encryption_key_id']
elif image_metadata is not None:
# creating from image
encryption_key_id = image_metadata.get(
'cinder_encryption_key_id')
# NOTE(joel-coffman): References to the encryption key should *not*
# be copied because the key is deleted when the volume is deleted.
# Clone the existing key and associate a separate -- but
# identical -- key with each volume.
if encryption_key_id is not None:
encryption_key_id = vol_utils.clone_encryption_key(
context,
key_manager,
encryption_key_id)
else:
encryption_key_id = vol_utils.create_encryption_key(
context,
key_manager,
volume_type_id)
return encryption_key_id
def test_create_encryption_key_encrypted(self, create_key, get_volume_type_encryption, is_encryption):
enc_key = {
"cipher": "aes-xts-plain64",
"key_size": 256,
"provider": "p1",
"control_location": "front-end",
"encryption_id": "uuid1",
}
ctxt = context.get_admin_context()
type_ref1 = volume_types.create(ctxt, "type1")
encryption = db.volume_type_encryption_create(ctxt, type_ref1["id"], enc_key)
get_volume_type_encryption.return_value = encryption
CONF.set_override("api_class", "cinder.keymgr.conf_key_mgr.ConfKeyManager", group="key_manager")
key_manager = keymgr.API()
volume_utils.create_encryption_key(ctxt, key_manager, fake.VOLUME_TYPE_ID)
is_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID)
get_volume_type_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID)
create_key.assert_called_once_with(ctxt, algorithm="aes", length=256)
def test_create_encryption_key_unencrypted(self, is_encrypted):
result = volume_utils.create_encryption_key(mock.ANY, mock.ANY,
fake.VOLUME_TYPE_ID)
self.assertIsNone(result)
def test_create_encryption_key_unencrypted(self, is_encrypted):
result = volume_utils.create_encryption_key(mock.ANY,
mock.ANY,
fake.VOLUME_TYPE_ID)
self.assertIsNone(result)
