Browse Source

RemoteFS: prevent creation of encrypted volumes

Support for volume encryption of FS-based volumes is not
currently implemented in Nova.  Creating encrypted volumes
with these drivers can result in dangerous and undesired
behavior.  Block creation of encrypted volumes for these
drivers until this is supported.

This adds a per-driver switch which can be used to enable
this for individual RemoteFS drivers as they are tested.

Closes-Bug: #1675469

Change-Id: I39d4230106c891e1b480989daaf72bea5a64e4b3
changes/05/449205/1
Eric Harney 4 years ago
parent
commit
e626f54f8b
1 changed files with 5 additions and 0 deletions
  1. +5
    -0
      cinder/volume/drivers/remotefs.py

+ 5
- 0
cinder/volume/drivers/remotefs.py View File

@ -147,6 +147,7 @@ class RemoteFSDriver(driver.BaseVD):
self._mounted_shares = []
self._execute_as_root = True
self._is_voldb_empty_at_startup = kwargs.pop('is_vol_db_empty', None)
self._supports_encryption = False
if self.configuration:
self.configuration.append_config_values(nas_opts)
@ -234,6 +235,10 @@ class RemoteFSDriver(driver.BaseVD):
:returns: provider_location update dict for database
"""
if volume.encryption_key_id and not self._supports_encryption:
message = _("Encryption is not yet supported.")
raise exception.VolumeDriverException(message=message)
LOG.debug('Creating volume %(vol)s', {'vol': volume.id})
self._ensure_shares_mounted()


Loading…
Cancel
Save