From e626f54f8b9793a06be2f2b0a49b2dbbff4ecdd3 Mon Sep 17 00:00:00 2001
From: Eric Harney <eharney@redhat.com>
Date: Thu, 23 Mar 2017 12:07:54 -0400
Subject: [PATCH] RemoteFS: prevent creation of encrypted volumes

Support for volume encryption of FS-based volumes is not
currently implemented in Nova.  Creating encrypted volumes
with these drivers can result in dangerous and undesired
behavior.  Block creation of encrypted volumes for these
drivers until this is supported.

This adds a per-driver switch which can be used to enable
this for individual RemoteFS drivers as they are tested.

Closes-Bug: #1675469

Change-Id: I39d4230106c891e1b480989daaf72bea5a64e4b3
---
 cinder/volume/drivers/remotefs.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cinder/volume/drivers/remotefs.py b/cinder/volume/drivers/remotefs.py
index f425a88b67a..d4f38eaa59e 100644
--- a/cinder/volume/drivers/remotefs.py
+++ b/cinder/volume/drivers/remotefs.py
@@ -147,6 +147,7 @@ class RemoteFSDriver(driver.BaseVD):
         self._mounted_shares = []
         self._execute_as_root = True
         self._is_voldb_empty_at_startup = kwargs.pop('is_vol_db_empty', None)
+        self._supports_encryption = False
 
         if self.configuration:
             self.configuration.append_config_values(nas_opts)
@@ -234,6 +235,10 @@ class RemoteFSDriver(driver.BaseVD):
         :returns: provider_location update dict for database
         """
 
+        if volume.encryption_key_id and not self._supports_encryption:
+            message = _("Encryption is not yet supported.")
+            raise exception.VolumeDriverException(message=message)
+
         LOG.debug('Creating volume %(vol)s', {'vol': volume.id})
         self._ensure_shares_mounted()