imagebackend: Add support to libvirt_info for LUKS based encryption
Related to blueprint ephemeral-encryption-libvirt Change-Id: I909c86ab722179efcb673b66f1f81121ab8b5f66
This commit is contained in:
parent
177c184e40
commit
3391ac2656
@ -27,6 +27,7 @@ import fixtures
|
||||
from oslo_concurrency import lockutils
|
||||
from oslo_config import fixture as config_fixture
|
||||
from oslo_service import loopingcall
|
||||
from oslo_utils.fixture import uuidsentinel as uuids
|
||||
from oslo_utils import imageutils
|
||||
from oslo_utils import units
|
||||
from oslo_utils import uuidutils
|
||||
@ -227,6 +228,42 @@ class _ImageTestCase(object):
|
||||
def test_libvirt_info_scsi_with_unit(self, disk_unit):
|
||||
self._test_libvirt_info_scsi_with_unit(disk_unit)
|
||||
|
||||
def test_libvirt_info_with_encryption(self):
|
||||
disk_info = {
|
||||
'bus': 'virtio',
|
||||
'dev': '/dev/vda',
|
||||
'type': 'disk',
|
||||
'encrypted': True,
|
||||
'encryption_format': 'luks',
|
||||
'encryption_secret_uuid': uuids.secret,
|
||||
}
|
||||
image = self.image_class(
|
||||
self.INSTANCE, self.NAME, disk_info_mapping=disk_info)
|
||||
|
||||
if not image.SUPPORTS_LUKS:
|
||||
classname = type(image).__name__
|
||||
self.skipTest(
|
||||
f"LUKS encryption is not supported with {classname}")
|
||||
|
||||
disk = image.libvirt_info(
|
||||
cache_mode="none", extra_specs={}, boot_order="1")
|
||||
|
||||
self.assertIsInstance(disk, vconfig.LibvirtConfigGuestDisk)
|
||||
self.assertEqual("/dev/vda", disk.target_dev)
|
||||
self.assertEqual("virtio", disk.target_bus)
|
||||
self.assertEqual("none", disk.driver_cache)
|
||||
self.assertEqual("disk", disk.source_device)
|
||||
self.assertEqual("1", disk.boot_order)
|
||||
|
||||
self.assertIsInstance(
|
||||
disk.encryption, vconfig.LibvirtConfigGuestDiskEncryption)
|
||||
self.assertIsInstance(
|
||||
disk.encryption.secret,
|
||||
vconfig.LibvirtConfigGuestDiskEncryptionSecret)
|
||||
self.assertEqual("passphrase", disk.encryption.secret.type)
|
||||
self.assertEqual(uuids.secret, disk.encryption.secret.uuid)
|
||||
self.assertEqual("luks", disk.encryption.format)
|
||||
|
||||
|
||||
class FlatTestCase(_ImageTestCase, test.NoDBTestCase):
|
||||
|
||||
|
@ -185,6 +185,19 @@ class Image(metaclass=abc.ABCMeta):
|
||||
info.source_path = self.path
|
||||
info.boot_order = boot_order
|
||||
|
||||
if (self.SUPPORTS_LUKS and
|
||||
self.disk_info_mapping and
|
||||
self.disk_info_mapping.get('encrypted') and
|
||||
self.disk_info_mapping.get('encryption_format') == 'luks'
|
||||
):
|
||||
encryption = vconfig.LibvirtConfigGuestDiskEncryption()
|
||||
secret = vconfig.LibvirtConfigGuestDiskEncryptionSecret()
|
||||
secret.type = 'passphrase'
|
||||
secret.uuid = self.disk_info_mapping.get('encryption_secret_uuid')
|
||||
encryption.secret = secret
|
||||
encryption.format = self.disk_info_mapping.get('encryption_format')
|
||||
info.encryption = encryption
|
||||
|
||||
if disk_bus == 'scsi':
|
||||
self.disk_scsi(info, disk_unit)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user