Don't allow retype to encrypted+multiattach type

This maintains consistency with our policy of not allowing the combination of encryption and multiattach in commit 18327971ca Change-Id: I1c22bc86d96bb1cab80c004d3450b1dac6c4a769 (cherry picked from commit 293be4f81b) (cherry picked from commit f6224a84a1)
2019-07-18 11:42:55 -04:00 · 2019-07-18 11:42:55 -04:00 · 4adaa86f90
parent 8dc5bf8eea
commit 4adaa86f90
1 changed files with 11 additions and 0 deletions
--- a/cinder/volume/api.py
+++ b/cinder/volume/api.py
@ -199,6 +199,12 @@ class API(base.Base):
        specs = getattr(volume_type, 'extra_specs', {})
        return specs.get('multiattach', 'False') == '<is> True'

+    def _is_encrypted(self, volume_type):
+        specs = volume_type.get('extra_specs', {})
+        if 'encryption' not in specs:
+            return False
+        return specs.get('encryption', {}) is not {}
+
    def create(self, context, size, name, description, snapshot=None,
               image_id=None, volume_type=None, metadata=None,
               availability_zone=None, source_volume=None,
@ -1654,6 +1660,11 @@ class API(base.Base):
                context.authorize(vol_policy.MULTIATTACH_POLICY,
                                  target_obj=volume)

+        if tgt_is_multiattach and self._is_encrypted(new_type):
+            msg = ('Retype requested both encryption and multi-attach, '
+                   'which is not supported.')
+            raise exception.InvalidInput(reason=msg)
+
        # We're checking here in so that we can report any quota issues as
        # early as possible, but won't commit until we change the type. We
        # pass the reservations onward in case we need to roll back.