Merge "Don't allow retype to encrypted+multiattach type" into stable/rocky

2019-10-04 01:06:56 +00:00
parent dc690429fd 4adaa86f90
commit 2783e17c7d
1 changed files with 11 additions and 0 deletions
--- a/cinder/volume/api.py
+++ b/cinder/volume/api.py
@@ -199,6 +199,12 @@ class API(base.Base):
        specs = getattr(volume_type, 'extra_specs', {})
        return specs.get('multiattach', 'False') == '<is> True'

+    def _is_encrypted(self, volume_type):
+        specs = volume_type.get('extra_specs', {})
+        if 'encryption' not in specs:
+            return False
+        return specs.get('encryption', {}) is not {}
+
    def create(self, context, size, name, description, snapshot=None,
               image_id=None, volume_type=None, metadata=None,
               availability_zone=None, source_volume=None,
@@ -1654,6 +1660,11 @@ class API(base.Base):
                context.authorize(vol_policy.MULTIATTACH_POLICY,
                                  target_obj=volume)

+        if tgt_is_multiattach and self._is_encrypted(new_type):
+            msg = ('Retype requested both encryption and multi-attach, '
+                   'which is not supported.')
+            raise exception.InvalidInput(reason=msg)
+
        # We're checking here in so that we can report any quota issues as
        # early as possible, but won't commit until we change the type. We
        # pass the reservations onward in case we need to roll back.