openstack
/
cinder
Code Issues Proposed changes

RemoteFS: prevent creation of encrypted volumes 

Support for volume encryption of FS-based volumes is not
currently implemented in Nova.  Creating encrypted volumes
with these drivers can result in dangerous and undesired
behavior.  Block creation of encrypted volumes for these
drivers until this is supported.

This adds a per-driver switch which can be used to enable
this for individual RemoteFS drivers as they are tested.

Closes-Bug: #1675469

Change-Id: I39d4230106c891e1b480989daaf72bea5a64e4b3
This commit is contained in:
Eric Harney 2017-03-23 12:07:54 -04:00
parent ce32522d3a
commit e626f54f8b
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cinder/volume/drivers/remotefs.py
View File

@ -147,6 +147,7 @@ class RemoteFSDriver(driver.BaseVD):
self._mounted_shares = [] self._mounted_shares = []
self._execute_as_root = True self._execute_as_root = True
self._is_voldb_empty_at_startup = kwargs.pop('is_vol_db_empty', None) self._is_voldb_empty_at_startup = kwargs.pop('is_vol_db_empty', None)
self._supports_encryption = False
if self.configuration: if self.configuration:
self.configuration.append_config_values(nas_opts) self.configuration.append_config_values(nas_opts)
@ -234,6 +235,10 @@ class RemoteFSDriver(driver.BaseVD):
:returns: provider_location update dict for database :returns: provider_location update dict for database
""" """
if volume.encryption_key_id and not self._supports_encryption:
message = _("Encryption is not yet supported.")
raise exception.VolumeDriverException(message=message)
LOG.debug('Creating volume %(vol)s', {'vol': volume.id}) LOG.debug('Creating volume %(vol)s', {'vol': volume.id})
self._ensure_shares_mounted() self._ensure_shares_mounted()