def test_error_log(self, log): encryption = {'control_location': 'front-end', 'provider': 'TestEncryptor'} provider = 'TestEncryptor' try: encryptors.get_volume_encryptor( root_helper=self.root_helper, connection_info=self.connection_info, keymgr=self.keymgr, **encryption) except Exception as e: log.error.assert_called_once_with("Error instantiating " "%(provider)s: " "%(exception)s", {'provider': provider, 'exception': e})
def attach_volume(context, client, vol, initiator): print("Attach volume %s" % vol.id) conn = client.volumes.initialize_connection(vol, initiator) connector = con.InitiatorConnector.factory( conn['driver_volume_type'], 'sudo', use_multipath=initiator['multipath']) vol_handle = connector.connect_volume(conn['data']) if not connector.check_valid_device(vol_handle['path'], True): print("check_valid_device %s fails" % vol_handle['path']) sys.exit(-1) try: encryption = client.volumes.get_encryption_metadata(vol.id) if encryption['encryption_key_id']: # This is an encrypted volume keymgr = key_manager.API() conn_info = {'data': {'device_path': vol_handle['path']}} encryptor = encryptors.get_volume_encryptor( root_helper="sudo", connection_info=conn_info, keymgr=keymgr, **encryption) encryptor.attach_volume(context, **encryption) except Exception as e: connector.disconnect_volume(conn['data'], vol_handle) client.volumes.terminate_connection(vol, initiator) print("Failed to attach volume: %s." % e) sys.exit(-1) print("vol path/handle = %s" % vol_handle) print("Succeed to attach volume.") return vol_handle
def brick_get_encryptor(connection_info, *args, **kwargs): """Wrapper to get a brick encryptor object.""" root_helper = get_root_helper() key_manager = keymgr.API(CONF) return encryptors.get_volume_encryptor(root_helper=root_helper, connection_info=connection_info, keymgr=key_manager, *args, **kwargs)
def _test_get_encryptor(self, provider, expected_provider_class): encryption = {'control_location': 'front-end', 'provider': provider} encryptor = encryptors.get_volume_encryptor( root_helper=self.root_helper, connection_info=self.connection_info, keymgr=self.keymgr, **encryption) self.assertIsInstance(encryptor, expected_provider_class)
def brick_get_encryptor(connection_info, *args, **kwargs): """Wrapper to get a brick encryptor object.""" root_helper = get_root_helper() km = key_manager.API(CONF) return encryptors.get_volume_encryptor(root_helper=root_helper, connection_info=connection_info, keymgr=km, *args, **kwargs)
def test_get_encryptors(self): root_helper = None encryption = {'control_location': 'front-end', 'provider': 'LuksEncryptor'} encryptor = encryptors.get_volume_encryptor( root_helper=root_helper, connection_info=self.connection_info, keymgr=fake.fake_api(), execute=self.mock_execute, **encryption) self.assertIsInstance(encryptor, encryptors.luks.LuksEncryptor, "encryptor is not an instance of LuksEncryptor") encryption = {'control_location': 'front-end', 'provider': 'CryptsetupEncryptor'} encryptor = encryptors.get_volume_encryptor( root_helper=root_helper, connection_info=self.connection_info, keymgr=fake.fake_api(), execute=self.mock_execute, **encryption) self.assertIsInstance(encryptor, encryptors.cryptsetup.CryptsetupEncryptor, "encryptor is not an instance of" "CryptsetupEncryptor") encryption = {'control_location': 'front-end', 'provider': 'NoOpEncryptor'} encryptor = encryptors.get_volume_encryptor( root_helper=root_helper, connection_info=self.connection_info, keymgr=fake.fake_api(), execute=self.mock_execute, **encryption) self.assertIsInstance(encryptor, encryptors.nop.NoOpEncryptor, "encryptor is not an instance of NoOpEncryptor")
def test_error_log(self, log): encryption = { 'control_location': 'front-end', 'provider': 'TestEncryptor' } provider = 'TestEncryptor' try: encryptors.get_volume_encryptor( root_helper=self.root_helper, connection_info=self.connection_info, keymgr=self.keymgr, **encryption) except Exception as e: log.error.assert_called_once_with( "Error instantiating " "%(provider)s: " "%(exception)s", { 'provider': provider, 'exception': e })
def test_get_missing_out_of_tree_encryptor_log(self, log): provider = 'TestEncryptor' encryption = {'control_location': 'front-end', 'provider': provider} try: encryptors.get_volume_encryptor( root_helper=self.root_helper, connection_info=self.connection_info, keymgr=self.keymgr, **encryption) except Exception as e: log.error.assert_called_once_with("Error instantiating " "%(provider)s: " "%(exception)s", {'provider': provider, 'exception': e}) log.warning.assert_called_once_with("Use of the out of tree " "encryptor class %(provider)s " "will be blocked with the " "Pike release of os-brick.", {'provider': provider})
def test_get_missing_out_of_tree_encryptor_log(self, log): provider = 'TestEncryptor' encryption = {'control_location': 'front-end', 'provider': provider} try: encryptors.get_volume_encryptor( root_helper=self.root_helper, connection_info=self.connection_info, keymgr=self.keymgr, **encryption) except Exception as e: log.error.assert_called_once_with("Error instantiating " "%(provider)s: " "%(exception)s", {'provider': provider, 'exception': e}) log.warning.assert_called_once_with("Use of the out of tree " "encryptor class %(provider)s " "will be blocked with the " "Queens release of os-brick.", {'provider': provider})
def detach_volume(context, client, vol, device, initiator): conn = client.volumes.initialize_connection(vol, initiator) connector = con.InitiatorConnector.factory( conn['driver_volume_type'], 'sudo', use_multipath=initiator['multipath']) encryption = client.volumes.get_encryption_metadata(vol.id) if encryption['encryption_key_id']: # Detach encryptor at first keymgr = key_manager.API(CONF) conn_info = {'data': {'device_path': device}} encryptor = encryptors.get_volume_encryptor(root_helper="sudo", connection_info=conn_info, keymgr=keymgr, **encryption) encryptor.detach_volume() connector.disconnect_volume(conn['data'], device) client.volumes.terminate_connection(vol, initiator) print("Succeed to detach volume.")
def test_get_direct_encryptor_log(self, log): encryption = { 'control_location': 'front-end', 'provider': 'LuksEncryptor' } encryptors.get_volume_encryptor(root_helper=self.root_helper, connection_info=self.connection_info, keymgr=self.keymgr, **encryption) encryption = { 'control_location': 'front-end', 'provider': 'os_brick.encryptors.luks.LuksEncryptor' } encryptors.get_volume_encryptor(root_helper=self.root_helper, connection_info=self.connection_info, keymgr=self.keymgr, **encryption) encryption = { 'control_location': 'front-end', 'provider': 'nova.volume.encryptors.luks.LuksEncryptor' } encryptors.get_volume_encryptor(root_helper=self.root_helper, connection_info=self.connection_info, keymgr=self.keymgr, **encryption) log.warning.assert_has_calls([ mock.call( "Use of the in tree encryptor class %(provider)s by " "directly referencing the implementation class will be " "blocked in the Queens release of os-brick.", {'provider': 'LuksEncryptor'}), mock.call( "Use of the in tree encryptor class %(provider)s by " "directly referencing the implementation class will be " "blocked in the Queens release of os-brick.", {'provider': 'os_brick.encryptors.luks.LuksEncryptor'}), mock.call( "Use of the in tree encryptor class %(provider)s by " "directly referencing the implementation class will be " "blocked in the Queens release of os-brick.", {'provider': 'nova.volume.encryptors.luks.LuksEncryptor'}) ])
def test_get_direct_encryptor_log(self, log): encryption = {'control_location': 'front-end', 'provider': 'LuksEncryptor'} encryptors.get_volume_encryptor( root_helper=self.root_helper, connection_info=self.connection_info, keymgr=self.keymgr, **encryption) encryption = {'control_location': 'front-end', 'provider': 'os_brick.encryptors.luks.LuksEncryptor'} encryptors.get_volume_encryptor( root_helper=self.root_helper, connection_info=self.connection_info, keymgr=self.keymgr, **encryption) encryption = {'control_location': 'front-end', 'provider': 'nova.volume.encryptors.luks.LuksEncryptor'} encryptors.get_volume_encryptor( root_helper=self.root_helper, connection_info=self.connection_info, keymgr=self.keymgr, **encryption) log.warning.assert_has_calls([ mock.call("Use of the in tree encryptor class %(provider)s by " "directly referencing the implementation class will be " "blocked in the Queens release of os-brick.", {'provider': 'LuksEncryptor'}), mock.call("Use of the in tree encryptor class %(provider)s by " "directly referencing the implementation class will be " "blocked in the Queens release of os-brick.", {'provider': 'os_brick.encryptors.luks.LuksEncryptor'}), mock.call("Use of the in tree encryptor class %(provider)s by " "directly referencing the implementation class will be " "blocked in the Queens release of os-brick.", {'provider': 'nova.volume.encryptors.luks.LuksEncryptor'})])