From 4bf72b0aec1370dfc79a2fba683ed74cb87dea11 Mon Sep 17 00:00:00 2001 From: Jon Bernard Date: Mon, 17 Oct 2016 12:36:07 -0400 Subject: [PATCH] RBD: prevent creation of encrypted volumes At the moment RBD volume encryption is not supported. Libvirt needs support for non-block encryption and nova will need a few changes as well. Efforts are underway to resolve this, but in the mean time it's very confusing to users when we allow them to create encrypted volumes using volume types as stated in the documentation. Encryption of the volume will eventually fail, but allowing this creation creates an unreasonable expectation. This patch prevents encrypted volume creation for RBD until support has landed. At that time, this patch should be reverted. Change-Id: I0f071a4aea2d6454b71d83055e87d87b9efcc014 --- cinder/tests/unit/volume/drivers/test_rbd.py | 8 ++++++++ cinder/volume/drivers/rbd.py | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/cinder/tests/unit/volume/drivers/test_rbd.py b/cinder/tests/unit/volume/drivers/test_rbd.py index 298a9ad37..038a3365c 100644 --- a/cinder/tests/unit/volume/drivers/test_rbd.py +++ b/cinder/tests/unit/volume/drivers/test_rbd.py @@ -207,6 +207,14 @@ class RBDTestCase(test.TestCase): client.__enter__.assert_called_once_with() client.__exit__.assert_called_once_with(None, None, None) + @common_mocks + def test_create_encrypted_volume(self): + self.volume_a.encryption_key_id = \ + '00000000-0000-0000-0000-000000000000' + self.assertRaises(exception.VolumeDriverException, + self.driver.create_volume, + self.volume_a) + @common_mocks def test_manage_existing_get_size(self): with mock.patch.object(self.driver.rbd.Image(), 'size') as \ diff --git a/cinder/volume/drivers/rbd.py b/cinder/volume/drivers/rbd.py index 2c1e3ed70..b074d3dc5 100644 --- a/cinder/volume/drivers/rbd.py +++ b/cinder/volume/drivers/rbd.py @@ -541,6 +541,11 @@ class RBDDriver(driver.TransferVD, driver.ExtendVD, def create_volume(self, volume): """Creates a logical volume.""" + + if volume.encryption_key_id: + message = _("Encryption is not yet supported.") + raise exception.VolumeDriverException(message=message) + size = int(volume.size) * units.Gi LOG.debug("creating volume '%s'", volume.name)