RBD: prevent creation of encrypted volumes

At the moment RBD volume encryption is not supported. Libvirt needs support for non-block encryption and nova will need a few changes as well. Efforts are underway to resolve this, but in the mean time it's very confusing to users when we allow them to create encrypted volumes using volume types as stated in the documentation. Encryption of the volume will eventually fail, but allowing this creation creates an unreasonable expectation. This patch prevents encrypted volume creation for RBD until support has landed. At that time, this patch should be reverted. Change-Id: I0f071a4aea2d6454b71d83055e87d87b9efcc014
2016-10-17 12:36:07 -04:00 · 2016-10-17 12:36:07 -04:00 · 4bf72b0aec
parent 14899a9a8e
commit 4bf72b0aec
2 changed files with 13 additions and 0 deletions
--- a/cinder/tests/unit/volume/drivers/test_rbd.py
+++ b/cinder/tests/unit/volume/drivers/test_rbd.py
@ -207,6 +207,14 @@ class RBDTestCase(test.TestCase):
        client.__enter__.assert_called_once_with()
        client.__exit__.assert_called_once_with(None, None, None)

+    @common_mocks
+    def test_create_encrypted_volume(self):
+        self.volume_a.encryption_key_id = \
+            '00000000-0000-0000-0000-000000000000'
+        self.assertRaises(exception.VolumeDriverException,
+                          self.driver.create_volume,
+                          self.volume_a)
+
    @common_mocks
    def test_manage_existing_get_size(self):
        with mock.patch.object(self.driver.rbd.Image(), 'size') as \
--- a/cinder/volume/drivers/rbd.py
+++ b/cinder/volume/drivers/rbd.py
@ -541,6 +541,11 @@ class RBDDriver(driver.TransferVD, driver.ExtendVD,

    def create_volume(self, volume):
        """Creates a logical volume."""
+
+        if volume.encryption_key_id:
+            message = _("Encryption is not yet supported.")
+            raise exception.VolumeDriverException(message=message)
+
        size = int(volume.size) * units.Gi

        LOG.debug("creating volume '%s'", volume.name)