def test_create_encryption_key_encrypted(self, create_key, get_volume_type_encryption, is_encryption): enc_key = {'cipher': 'aes-xts-plain64', 'key_size': 256, 'provider': 'p1', 'control_location': 'front-end', 'encryption_id': 'uuid1'} ctxt = context.get_admin_context() type_ref1 = volume_types.create(ctxt, "type1") encryption = db.volume_type_encryption_create( ctxt, type_ref1['id'], enc_key) get_volume_type_encryption.return_value = encryption CONF.set_override( 'api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager', group='key_manager') key_manager = keymgr.API() volume_utils.create_encryption_key(ctxt, key_manager, fake.VOLUME_TYPE_ID) is_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID) get_volume_type_encryption.assert_called_once_with( ctxt, fake.VOLUME_TYPE_ID) create_key.assert_called_once_with(ctxt, algorithm='aes', length=256)
def test_create_encryption_key_encrypted(self, create_key, get_volume_type_encryption, is_encryption): enc_key = { 'cipher': 'aes-xts-plain64', 'key_size': 256, 'provider': 'p1', 'control_location': 'front-end', 'encryption_id': 'uuid1' } ctxt = context.get_admin_context() type_ref1 = volume_types.create(ctxt, "type1") encryption = db.volume_type_encryption_create(ctxt, type_ref1['id'], enc_key) get_volume_type_encryption.return_value = encryption CONF.set_override('api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager', group='key_manager') key_manager = keymgr.API() volume_utils.create_encryption_key(ctxt, key_manager, fake.VOLUME_TYPE_ID) is_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID) get_volume_type_encryption.assert_called_once_with( ctxt, fake.VOLUME_TYPE_ID) create_key.assert_called_once_with(ctxt, algorithm='aes', length=256)
def _get_encryption_key_id(self, key_manager, context, volume_type_id, snapshot, source_volume, image_metadata): encryption_key_id = None if volume_types.is_encrypted(context, volume_type_id): if snapshot is not None: # creating from snapshot encryption_key_id = snapshot['encryption_key_id'] elif source_volume is not None: # cloning volume encryption_key_id = source_volume['encryption_key_id'] elif image_metadata is not None: # creating from image encryption_key_id = image_metadata.get( 'cinder_encryption_key_id') # NOTE(joel-coffman): References to the encryption key should *not* # be copied because the key is deleted when the volume is deleted. # Clone the existing key and associate a separate -- but # identical -- key with each volume. if encryption_key_id is not None: encryption_key_id = vol_utils.clone_encryption_key( context, key_manager, encryption_key_id) else: encryption_key_id = vol_utils.create_encryption_key( context, key_manager, volume_type_id) return encryption_key_id
def test_create_encryption_key_encrypted(self, create_key, get_volume_type_encryption, is_encryption): enc_key = { "cipher": "aes-xts-plain64", "key_size": 256, "provider": "p1", "control_location": "front-end", "encryption_id": "uuid1", } ctxt = context.get_admin_context() type_ref1 = volume_types.create(ctxt, "type1") encryption = db.volume_type_encryption_create(ctxt, type_ref1["id"], enc_key) get_volume_type_encryption.return_value = encryption CONF.set_override("api_class", "cinder.keymgr.conf_key_mgr.ConfKeyManager", group="key_manager") key_manager = keymgr.API() volume_utils.create_encryption_key(ctxt, key_manager, fake.VOLUME_TYPE_ID) is_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID) get_volume_type_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID) create_key.assert_called_once_with(ctxt, algorithm="aes", length=256)
def test_create_encryption_key_unencrypted(self, is_encrypted): result = volume_utils.create_encryption_key(mock.ANY, mock.ANY, fake.VOLUME_TYPE_ID) self.assertIsNone(result)