openstack/nova
Code Issues Proposed changes

virt: Add destroy_secrets kwarg to destroy and cleanup

Browse Source 
This change adds a simple optional kwarg to the virt driver signature of
destroy and cleanup to allow for callers to control when secrets should
be removed.

Change-Id: I856268b371f7ba712b02189db3c927cd762a4dc3
This commit is contained in:
Lee Yarwood
2021-06-02 15:33:40 +01:00
parent 84cfbddf34
commit 1cc52fd2f2
6 changed files with 23 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
nova/virt/driver.py
View File

@@ -412,7 +412,7 @@ class ComputeDriver(object):
raise NotImplementedError()
def destroy(self, context, instance, network_info, block_device_info=None,
destroy_disks=True):
destroy_disks=True, destroy_secrets=True):
"""Destroy the specified instance from the Hypervisor.
If the instance is not found (for example if networking failed), this
@@ -425,11 +425,13 @@ class ComputeDriver(object):
:param block_device_info: Information about block devices that should
be detached from the instance.
:param destroy_disks: Indicates if disks should be destroyed
:param destroy_secrets: Indicates if secrets should be destroyed
"""
raise NotImplementedError()
def cleanup(self, context, instance, network_info, block_device_info=None,
destroy_disks=True, migrate_data=None, destroy_vifs=True):
destroy_disks=True, migrate_data=None, destroy_vifs=True,
destroy_secrets=True):
"""Cleanup the instance resources .
Instance should have been destroyed from the Hypervisor before calling
@@ -442,6 +444,8 @@ class ComputeDriver(object):
be detached from the instance.
:param destroy_disks: Indicates if disks should be destroyed
:param migrate_data: implementation specific params
:param destroy_vifs: Indicates if vifs should be unplugged
:param destroy_secrets: Indicates if secrets should be destroyed
"""
raise NotImplementedError()

5
nova/virt/fake.py
View File

@@ -308,7 +308,7 @@ class FakeDriver(driver.ComputeDriver):
pass
def destroy(self, context, instance, network_info, block_device_info=None,
destroy_disks=True):
destroy_disks=True, destroy_secrets=True):
key = instance.uuid
if key in self.instances:
flavor = instance.flavor
@@ -323,7 +323,8 @@ class FakeDriver(driver.ComputeDriver):
'inst': self.instances}, instance=instance)
def cleanup(self, context, instance, network_info, block_device_info=None,
destroy_disks=True, migrate_data=None, destroy_vifs=True):
destroy_disks=True, migrate_data=None, destroy_vifs=True,
destroy_secrets=True):
# cleanup() should not be called when the guest has not been destroyed.
if instance.uuid in self.instances:
raise exception.InstanceExists(

5
nova/virt/hyperv/driver.py
View File

@@ -172,12 +172,13 @@ class HyperVDriver(driver.ComputeDriver):
self._vmops.reboot(instance, network_info, reboot_type)
def destroy(self, context, instance, network_info, block_device_info=None,
destroy_disks=True):
destroy_disks=True, destroy_secrets=True):
self._vmops.destroy(instance, network_info, block_device_info,
destroy_disks)
def cleanup(self, context, instance, network_info, block_device_info=None,
destroy_disks=True, migrate_data=None, destroy_vifs=True):
destroy_disks=True, migrate_data=None, destroy_vifs=True,
destroy_secrets=True):
"""Cleanup after instance being destroyed by Hypervisor."""
self.unplug_vifs(instance, network_info)

5
nova/virt/ironic/driver.py
View File

@@ -1263,7 +1263,8 @@ class IronicDriver(virt_driver.ComputeDriver):
_sync_remove_cache_entry()
def destroy(self, context, instance, network_info,
block_device_info=None, destroy_disks=True):
block_device_info=None, destroy_disks=True,
destroy_secrets=True):
"""Destroy the specified instance, if it can be found.
:param context: The security context.
@@ -1273,6 +1274,8 @@ class IronicDriver(virt_driver.ComputeDriver):
information. Ignored by this driver.
:param destroy_disks: Indicates if disks should be
destroyed. Ignored by this driver.
:param destroy_secrets: Indicates if secrets should be
destroyed. Ignored by this driver.
"""
LOG.debug('Destroy called for instance', instance=instance)
try:

6
nova/virt/libvirt/driver.py
View File

@@ -1405,7 +1405,7 @@ class LibvirtDriver(driver.ComputeDriver):
self._teardown_container(instance)
def destroy(self, context, instance, network_info, block_device_info=None,
destroy_disks=True):
destroy_disks=True, destroy_secrets=True):
self._destroy(instance)
# NOTE(gibi): if there was device detach in progress then we need to
# unblock the waiting threads and clean up.
@@ -1438,7 +1438,8 @@ class LibvirtDriver(driver.ComputeDriver):
pass
def cleanup(self, context, instance, network_info, block_device_info=None,
destroy_disks=True, migrate_data=None, destroy_vifs=True):
destroy_disks=True, migrate_data=None, destroy_vifs=True,
destroy_secrets=True):
"""Cleanup the instance from the host.
Identify if the instance disks and instance path should be removed
@@ -1452,6 +1453,7 @@ class LibvirtDriver(driver.ComputeDriver):
:param destroy_disks: if local ephemeral disks should be destroyed
:param migrate_data: optional migrate_data object
:param destroy_vifs: if plugged vifs should be unplugged
:param destroy_secrets: Indicates if secrets should be destroyed
"""
cleanup_instance_dir = False
cleanup_instance_disks = False

5
nova/virt/vmwareapi/driver.py
View File

@@ -225,7 +225,8 @@ class VMwareVCDriver(driver.ComputeDriver):
LOG.debug('Extension %s already exists.', constants.EXTENSION_KEY)
def cleanup(self, context, instance, network_info, block_device_info=None,
destroy_disks=True, migrate_data=None, destroy_vifs=True):
destroy_disks=True, migrate_data=None, destroy_vifs=True,
destroy_secrets=True):
"""Cleanup after instance being destroyed by Hypervisor."""
pass
@@ -594,7 +595,7 @@ class VMwareVCDriver(driver.ComputeDriver):
instance=instance)
def destroy(self, context, instance, network_info, block_device_info=None,
destroy_disks=True):
destroy_disks=True, destroy_secrets=True):
"""Destroy VM instance."""
# Destroy gets triggered when Resource Claim in resource_tracker