def create(self, req, type_id, body=None): """Create encryption specs for an existing volume type.""" context = req.environ['cinder.context'] authorize(context) if self._encrypted_type_in_use(context, type_id): expl = _('Cannot create encryption specs. Volume type in use.') raise webob.exc.HTTPBadRequest(explanation=expl) self.assert_valid_body(body, 'encryption') self._check_type(context, type_id) encryption_specs = self._get_volume_type_encryption(context, type_id) if encryption_specs: raise exception.VolumeTypeEncryptionExists(type_id=type_id) encryption_specs = body['encryption'] self._check_encryption_input(encryption_specs) db.volume_type_encryption_create(context, type_id, encryption_specs) notifier_info = dict(type_id=type_id, specs=encryption_specs) notifier = rpc.get_notifier('volumeTypeEncryption') notifier.info(context, 'volume_type_encryption.create', notifier_info) return body
def create(self, req, type_id, body): """Create encryption specs for an existing volume type.""" context = req.environ['cinder.context'] self._authorize_policy(context, policy.CREATE_ENCRYPTION_POLICY) key_size = body['encryption'].get('key_size') if key_size is not None: body['encryption']['key_size'] = int(key_size) if self._encrypted_type_in_use(context, type_id): expl = _('Cannot create encryption specs. Volume type in use.') raise webob.exc.HTTPBadRequest(explanation=expl) self._check_type(context, type_id) encryption_specs = self._get_volume_type_encryption(context, type_id) if encryption_specs: raise exception.VolumeTypeEncryptionExists(type_id=type_id) encryption_specs = body['encryption'] db.volume_type_encryption_create(context, type_id, encryption_specs) notifier_info = dict(type_id=type_id, specs=encryption_specs) notifier = rpc.get_notifier('volumeTypeEncryption') notifier.info(context, 'volume_type_encryption.create', notifier_info) return body
def test_get_volume_type_encryption(self): volume_type = volume_types.create(self.ctxt, "type1") volume_type_id = volume_type.get("id") encryption = {"control_location": "front-end", "provider": "fake_provider"} db.volume_type_encryption_create(self.ctxt, volume_type_id, encryption) ret = volume_types.get_volume_type_encryption(self.ctxt, volume_type_id) self.assertIsNotNone(ret)
def test_get_volume_type_encryption(self): volume_type = volume_types.create(self.ctxt, "type1") volume_type_id = volume_type.get('id') encryption = { 'control_location': 'front-end', 'provider': 'fake_provider', } db.volume_type_encryption_create(self.ctxt, volume_type_id, encryption) ret = volume_types.get_volume_type_encryption(self.ctxt, volume_type_id) self.assertIsNotNone(ret)
def test_create_encryption_key_encrypted(self, create_key, get_volume_type_encryption, is_encryption): enc_key = { 'cipher': 'aes-xts-plain64', 'key_size': 256, 'provider': 'p1', 'control_location': 'front-end', 'encryption_id': 'uuid1' } ctxt = context.get_admin_context() type_ref1 = volume_types.create(ctxt, "type1") encryption = db.volume_type_encryption_create(ctxt, type_ref1['id'], enc_key) get_volume_type_encryption.return_value = encryption CONF.set_override('api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager', group='key_manager') key_manager = keymgr.API() volume_utils.create_encryption_key(ctxt, key_manager, fake.VOLUME_TYPE_ID) is_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID) get_volume_type_encryption.assert_called_once_with( ctxt, fake.VOLUME_TYPE_ID) create_key.assert_called_once_with(ctxt, algorithm='aes', length=256)
def test_create_encryption_key_encrypted(self, create_key, get_volume_type_encryption, is_encryption): enc_key = {'cipher': 'aes-xts-plain64', 'key_size': 256, 'provider': 'p1', 'control_location': 'front-end', 'encryption_id': 'uuid1'} ctxt = context.get_admin_context() type_ref1 = volume_types.create(ctxt, "type1") encryption = db.volume_type_encryption_create( ctxt, type_ref1['id'], enc_key) get_volume_type_encryption.return_value = encryption CONF.set_override( 'api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager', group='key_manager') key_manager = keymgr.API() volume_utils.create_encryption_key(ctxt, key_manager, fake.VOLUME_TYPE_ID) is_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID) get_volume_type_encryption.assert_called_once_with( ctxt, fake.VOLUME_TYPE_ID) create_key.assert_called_once_with(ctxt, algorithm='aes', length=256)
def create_encryption(ctxt, vol_type_id, testcase_instance=None, **kwargs): encrypt = db.volume_type_encryption_create(ctxt, vol_type_id, kwargs) # If we get a TestCase instance we add cleanup if testcase_instance: testcase_instance.addCleanup(db.volume_type_encryption_delete, ctxt, vol_type_id) return encrypt
def test_volume_type_encryption_delete(self): values = { "cipher": "fake_cipher", "key_size": 256, "provider": "fake_provider", "volume_type_id": "fake_type", "control_location": "front-end", } encryption = db.volume_type_encryption_create(self.ctxt, "fake_type", values) self._assertEqualObjects(values, encryption, self._ignored_keys) db.volume_type_encryption_delete(self.ctxt, encryption["volume_type_id"]) encryption_get = db.volume_type_encryption_get(self.ctxt, encryption["volume_type_id"]) self.assertIsNone(encryption_get)
def test_create_encryption_key_encrypted(self, create_key, get_volume_type_encryption, is_encryption): enc_key = { "cipher": "aes-xts-plain64", "key_size": 256, "provider": "p1", "control_location": "front-end", "encryption_id": "uuid1", } ctxt = context.get_admin_context() type_ref1 = volume_types.create(ctxt, "type1") encryption = db.volume_type_encryption_create(ctxt, type_ref1["id"], enc_key) get_volume_type_encryption.return_value = encryption CONF.set_override("api_class", "cinder.keymgr.conf_key_mgr.ConfKeyManager", group="key_manager") key_manager = keymgr.API() volume_utils.create_encryption_key(ctxt, key_manager, fake.VOLUME_TYPE_ID) is_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID) get_volume_type_encryption.assert_called_once_with(ctxt, fake.VOLUME_TYPE_ID) create_key.assert_called_once_with(ctxt, algorithm="aes", length=256)
def test_volume_type_encryption_delete(self): values = { 'cipher': 'fake_cipher', 'key_size': 256, 'provider': 'fake_provider', 'volume_type_id': 'fake_type', 'control_location': 'front-end', } encryption = db.volume_type_encryption_create(self.ctxt, 'fake_type', values) self._assertEqualObjects(values, encryption, self._ignored_keys) db.volume_type_encryption_delete(self.ctxt, encryption['volume_type_id']) encryption_get = \ db.volume_type_encryption_get(self.ctxt, encryption['volume_type_id']) self.assertIsNone(encryption_get)
def test_volume_types_diff(self): #type_ref 1 and 2 have the same extra_specs, while 3 has different keyvals1 = {"key1": "val1", "key2": "val2"} keyvals2 = {"key1": "val0", "key2": "val2"} type_ref1 = volume_types.create(self.ctxt, "type1", keyvals1) type_ref2 = volume_types.create(self.ctxt, "type2", keyvals1) type_ref3 = volume_types.create(self.ctxt, "type3", keyvals2) # Check equality with only extra_specs diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'], type_ref2['id']) self.assertEqual(True, same) self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1']) diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'], type_ref3['id']) self.assertEqual(False, same) self.assertEqual(('val1', 'val0'), diff['extra_specs']['key1']) #qos_ref 1 and 2 have the same specs, while 3 has different qos_keyvals1 = {'k1': 'v1', 'k2': 'v2', 'k3': 'v3'} qos_keyvals2 = {'k1': 'v0', 'k2': 'v2', 'k3': 'v3'} qos_ref1 = qos_specs.create(self.ctxt, 'qos-specs-1', qos_keyvals1) qos_ref2 = qos_specs.create(self.ctxt, 'qos-specs-2', qos_keyvals1) qos_ref3 = qos_specs.create(self.ctxt, 'qos-specs-3', qos_keyvals2) # Check equality with qos specs too qos_specs.associate_qos_with_type(self.ctxt, qos_ref1['id'], type_ref1['id']) qos_specs.associate_qos_with_type(self.ctxt, qos_ref2['id'], type_ref2['id']) diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'], type_ref2['id']) self.assertEqual(True, same) self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1']) self.assertEqual(('v1', 'v1'), diff['qos_specs']['k1']) qos_specs.disassociate_qos_specs(self.ctxt, qos_ref2['id'], type_ref2['id']) qos_specs.associate_qos_with_type(self.ctxt, qos_ref3['id'], type_ref2['id']) diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'], type_ref2['id']) self.assertEqual(False, same) self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1']) self.assertEqual(('v1', 'v0'), diff['qos_specs']['k1']) qos_specs.disassociate_qos_specs(self.ctxt, qos_ref3['id'], type_ref2['id']) qos_specs.associate_qos_with_type(self.ctxt, qos_ref2['id'], type_ref2['id']) # And add encryption for good measure enc_keyvals1 = {'cipher': 'c1', 'key_size': 256, 'provider': 'p1', 'control_location': 'front-end'} enc_keyvals2 = {'cipher': 'c1', 'key_size': 128, 'provider': 'p1', 'control_location': 'front-end'} db.volume_type_encryption_create(self.ctxt, type_ref1['id'], enc_keyvals1) db.volume_type_encryption_create(self.ctxt, type_ref2['id'], enc_keyvals2) diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'], type_ref2['id']) self.assertEqual(False, same) self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1']) self.assertEqual(('v1', 'v1'), diff['qos_specs']['k1']) self.assertEqual((256, 128), diff['encryption']['key_size'])
def test_volume_types_diff(self): # type_ref 1 and 2 have the same extra_specs, while 3 has different keyvals1 = {"key1": "val1", "key2": "val2"} keyvals2 = {"key1": "val0", "key2": "val2"} type_ref1 = volume_types.create(self.ctxt, "type1", keyvals1) type_ref2 = volume_types.create(self.ctxt, "type2", keyvals1) type_ref3 = volume_types.create(self.ctxt, "type3", keyvals2) # Check equality with only extra_specs diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1["id"], type_ref2["id"]) self.assertTrue(same) self.assertEqual(diff["extra_specs"]["key1"], ("val1", "val1")) diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1["id"], type_ref3["id"]) self.assertFalse(same) self.assertEqual(diff["extra_specs"]["key1"], ("val1", "val0")) # qos_ref 1 and 2 have the same specs, while 3 has different qos_keyvals1 = {"k1": "v1", "k2": "v2", "k3": "v3"} qos_keyvals2 = {"k1": "v0", "k2": "v2", "k3": "v3"} qos_ref1 = qos_specs.create(self.ctxt, "qos-specs-1", qos_keyvals1) qos_ref2 = qos_specs.create(self.ctxt, "qos-specs-2", qos_keyvals1) qos_ref3 = qos_specs.create(self.ctxt, "qos-specs-3", qos_keyvals2) # Check equality with qos specs too qos_specs.associate_qos_with_type(self.ctxt, qos_ref1["id"], type_ref1["id"]) qos_specs.associate_qos_with_type(self.ctxt, qos_ref2["id"], type_ref2["id"]) diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1["id"], type_ref2["id"]) self.assertTrue(same) self.assertEqual(diff["extra_specs"]["key1"], ("val1", "val1")) self.assertEqual(diff["qos_specs"]["k1"], ("v1", "v1")) qos_specs.disassociate_qos_specs(self.ctxt, qos_ref2["id"], type_ref2["id"]) qos_specs.associate_qos_with_type(self.ctxt, qos_ref3["id"], type_ref2["id"]) diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1["id"], type_ref2["id"]) self.assertFalse(same) self.assertEqual(diff["extra_specs"]["key1"], ("val1", "val1")) self.assertEqual(diff["qos_specs"]["k1"], ("v1", "v0")) qos_specs.disassociate_qos_specs(self.ctxt, qos_ref3["id"], type_ref2["id"]) qos_specs.associate_qos_with_type(self.ctxt, qos_ref2["id"], type_ref2["id"]) # And add encryption for good measure enc_keyvals1 = { "cipher": "c1", "key_size": 256, "provider": "p1", "control_location": "front-end", "encryption_id": "uuid1", } enc_keyvals2 = { "cipher": "c1", "key_size": 128, "provider": "p1", "control_location": "front-end", "encryption_id": "uuid2", } db.volume_type_encryption_create(self.ctxt, type_ref1["id"], enc_keyvals1) db.volume_type_encryption_create(self.ctxt, type_ref2["id"], enc_keyvals2) diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1["id"], type_ref2["id"]) self.assertFalse(same) self.assertEqual(diff["extra_specs"]["key1"], ("val1", "val1")) self.assertEqual(diff["qos_specs"]["k1"], ("v1", "v1")) self.assertEqual(diff["encryption"]["key_size"], (256, 128)) # Check diff equals type specs when one type is None diff, same = volume_types.volume_types_diff(self.ctxt, None, type_ref1["id"]) self.assertFalse(same) self.assertEqual(diff["extra_specs"], {"key1": (None, "val1"), "key2": (None, "val2")}) self.assertEqual( diff["qos_specs"], {"consumer": (None, "back-end"), "k1": (None, "v1"), "k2": (None, "v2"), "k3": (None, "v3")}, ) self.assertEqual( diff["encryption"], { "cipher": (None, "c1"), "control_location": (None, "front-end"), "deleted": (None, False), "key_size": (None, 256), "provider": (None, "p1"), "encryption_id": (None, "uuid1"), }, )
def setUp(self): super(DBAPIEncryptionTestCase, self).setUp() self.created = [ db.volume_type_encryption_create(self.ctxt, values["volume_type_id"], values) for values in self._get_values() ]
def setUp(self): super(DBAPIEncryptionTestCase, self).setUp() self.created = \ [db.volume_type_encryption_create(self.ctxt, values['volume_type_id'], values) for values in self._get_values()]
def test_volume_types_diff(self): # type_ref 1 and 2 have the same extra_specs, while 3 has different keyvals1 = {"key1": "val1", "key2": "val2"} keyvals2 = {"key1": "val0", "key2": "val2"} type_ref1 = volume_types.create(self.ctxt, "type1", keyvals1) type_ref2 = volume_types.create(self.ctxt, "type2", keyvals1) type_ref3 = volume_types.create(self.ctxt, "type3", keyvals2) # Check equality with only extra_specs diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'], type_ref2['id']) self.assertTrue(same) self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1']) diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'], type_ref3['id']) self.assertFalse(same) self.assertEqual(('val1', 'val0'), diff['extra_specs']['key1']) # qos_ref 1 and 2 have the same specs, while 3 has different qos_keyvals1 = {'k1': 'v1', 'k2': 'v2', 'k3': 'v3'} qos_keyvals2 = {'k1': 'v0', 'k2': 'v2', 'k3': 'v3'} qos_ref1 = qos_specs.create(self.ctxt, 'qos-specs-1', qos_keyvals1) qos_ref2 = qos_specs.create(self.ctxt, 'qos-specs-2', qos_keyvals1) qos_ref3 = qos_specs.create(self.ctxt, 'qos-specs-3', qos_keyvals2) # Check equality with qos specs too qos_specs.associate_qos_with_type(self.ctxt, qos_ref1['id'], type_ref1['id']) qos_specs.associate_qos_with_type(self.ctxt, qos_ref2['id'], type_ref2['id']) diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'], type_ref2['id']) self.assertTrue(same) self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1']) self.assertEqual(('v1', 'v1'), diff['qos_specs']['k1']) qos_specs.disassociate_qos_specs(self.ctxt, qos_ref2['id'], type_ref2['id']) qos_specs.associate_qos_with_type(self.ctxt, qos_ref3['id'], type_ref2['id']) diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'], type_ref2['id']) self.assertFalse(same) self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1']) self.assertEqual(('v1', 'v0'), diff['qos_specs']['k1']) qos_specs.disassociate_qos_specs(self.ctxt, qos_ref3['id'], type_ref2['id']) qos_specs.associate_qos_with_type(self.ctxt, qos_ref2['id'], type_ref2['id']) # And add encryption for good measure enc_keyvals1 = {'cipher': 'c1', 'key_size': 256, 'provider': 'p1', 'control_location': 'front-end', 'encryption_id': 'uuid1'} enc_keyvals2 = {'cipher': 'c1', 'key_size': 128, 'provider': 'p1', 'control_location': 'front-end', 'encryption_id': 'uuid2'} db.volume_type_encryption_create(self.ctxt, type_ref1['id'], enc_keyvals1) db.volume_type_encryption_create(self.ctxt, type_ref2['id'], enc_keyvals2) diff, same = volume_types.volume_types_diff(self.ctxt, type_ref1['id'], type_ref2['id']) self.assertFalse(same) self.assertEqual(('val1', 'val1'), diff['extra_specs']['key1']) self.assertEqual(('v1', 'v1'), diff['qos_specs']['k1']) self.assertEqual((256, 128), diff['encryption']['key_size']) # Check diff equals type specs when one type is None diff, same = volume_types.volume_types_diff(self.ctxt, None, type_ref1['id']) self.assertFalse(same) self.assertEqual({'key1': (None, 'val1'), 'key2': (None, 'val2')}, diff['extra_specs']) self.assertEqual({'consumer': (None, 'back-end'), 'k1': (None, 'v1'), 'k2': (None, 'v2'), 'k3': (None, 'v3')}, diff['qos_specs']) self.assertEqual({'cipher': (None, 'c1'), 'control_location': (None, 'front-end'), 'deleted': (None, False), 'key_size': (None, 256), 'provider': (None, 'p1'), 'encryption_id': (None, 'uuid1')}, diff['encryption'])