Browse Source

RemoteFS: prevent creation of encrypted volumes

Support for volume encryption of FS-based volumes is not
currently implemented in Nova.  Creating encrypted volumes
with these drivers can result in dangerous and undesired
behavior.  Block creation of encrypted volumes for these
drivers until this is supported.

This adds a per-driver switch which can be used to enable
this for individual RemoteFS drivers as they are tested.

Closes-Bug: #1675469

Change-Id: I39d4230106c891e1b480989daaf72bea5a64e4b3
(cherry picked from commit e626f54f8b)
(cherry picked from commit 689d746851)
Conflicts:
	cinder/volume/drivers/remotefs.py
changes/34/514434/1
Eric Harney 4 years ago
parent
commit
725629a2dc
1 changed files with 6 additions and 0 deletions
  1. +6
    -0
      cinder/volume/drivers/remotefs.py

+ 6
- 0
cinder/volume/drivers/remotefs.py View File

@ -151,6 +151,7 @@ class RemoteFSDriver(driver.LocalVD, driver.TransferVD, driver.BaseVD):
self._mounted_shares = []
self._execute_as_root = True
self._is_voldb_empty_at_startup = kwargs.pop('is_vol_db_empty', None)
self._supports_encryption = False
if self.configuration:
self.configuration.append_config_values(nas_opts)
@ -235,6 +236,11 @@ class RemoteFSDriver(driver.LocalVD, driver.TransferVD, driver.BaseVD):
:param volume: volume reference
:returns: provider_location update dict for database
"""
if volume.encryption_key_id and not self._supports_encryption:
message = _("Encryption is not yet supported.")
raise exception.VolumeDriverException(message=message)
self._ensure_shares_mounted()
volume.provider_location = self._find_share(volume.size)


Loading…
Cancel
Save