Fix logging in MemEncryption-related checks

Currently Nova produces ambigous error when volume-backed instance is started using flavor with hw:mem_encryption extra_specs flag: ImageMeta doesn't contain name if it represents Cinder volume. This fix sligtly changes steps to get image_meta.name for some MemEncryption-related checks where it could make any difference. Closes-bug: #2006952 Change-Id: Ia69e7cb18cd862f01ecfdbdc358c87af1ab8fbf6
2023-02-10 17:14:17 +01:00 · 2023-02-10 17:14:17 +01:00 · 54faea0196
parent a296441782
commit 54faea0196
3 changed files with 36 additions and 6 deletions
--- a/nova/tests/unit/virt/libvirt/test_driver.py
+++ b/nova/tests/unit/virt/libvirt/test_driver.py
@ -3402,7 +3402,8 @@ class LibvirtConnTestCase(test.NoDBTestCase,
        self.assertEqual(
            "Memory encryption requested by hw:mem_encryption extra spec in "
            "m1.fake flavor but image fake_image doesn't have "
-            "'hw_firmware_type' property set to 'uefi'", str(exc))
+            "'hw_firmware_type' property set to 'uefi' or volume-backed "
+            "instance was requested", str(exc))

    def test_sev_enabled_host_extra_spec_no_machine_type(self):
        exc = self.assertRaises(exception.InvalidMachineType,
--- a/nova/tests/unit/virt/test_hardware.py
+++ b/nova/tests/unit/virt/test_hardware.py
@ -5364,7 +5364,7 @@ class MemEncryptionRequestedWithoutUEFITestCase(
    expected_error = (
        "Memory encryption requested by %(requesters)s but image "
        "%(image_name)s doesn't have 'hw_firmware_type' property "
-        "set to 'uefi'"
+        "set to 'uefi' or volume-backed instance was requested"
    )

    def _test_encrypted_memory_support_no_uefi(self, enc_extra_spec,
@ -5491,6 +5491,25 @@ class MemEncryptionRequiredTestCase(test.NoDBTestCase):
                    (self.flavor_name, self.image_id)
                )

+    def test_encrypted_memory_support_flavor_for_volume(self):
+        extra_specs = {'hw:mem_encryption': True}
+
+        flavor = objects.Flavor(name=self.flavor_name,
+                                extra_specs=extra_specs)
+        # Following image_meta is typical for root Cinder volume
+        image_meta = objects.ImageMeta.from_dict({
+            'min_disk': 0,
+            'min_ram': 0,
+            'properties': {},
+            'size': 0,
+            'status': 'active'})
+        # Confirm that exception.FlavorImageConflict is raised when
+        # flavor with hw:mem_encryption flag is used to create
+        # volume-backed instance
+        self.assertRaises(exception.FlavorImageConflict,
+                          hw.get_mem_encryption_constraint, flavor,
+                          image_meta)
+

 class PCINUMAAffinityPolicyTest(test.NoDBTestCase):

--- a/nova/virt/hardware.py
+++ b/nova/virt/hardware.py
@ -1213,10 +1213,13 @@ def _check_for_mem_encryption_requirement_conflicts(
            "image %(image_name)s which has hw_mem_encryption property "
            "explicitly set to %(image_val)s"
        )
+        # image_meta.name is not set if image object represents root
+        # Cinder volume.
+        image_name = (image_meta.name if 'name' in image_meta else None)
        data = {
            'flavor_name': flavor.name,
            'flavor_val': flavor_mem_enc_str,
-            'image_name': image_meta.name,
+            'image_name': image_name,
            'image_val': image_mem_enc,
        }
        raise exception.FlavorImageConflict(emsg % data)
@ -1228,10 +1231,15 @@ def _check_mem_encryption_uses_uefi_image(requesters, image_meta):

    emsg = _(
        "Memory encryption requested by %(requesters)s but image "
-        "%(image_name)s doesn't have 'hw_firmware_type' property set to 'uefi'"
+        "%(image_name)s doesn't have 'hw_firmware_type' property set to "
+        "'uefi' or volume-backed instance was requested"
    )
+    # image_meta.name is not set if image object represents root Cinder
+    # volume, for this case FlavorImageConflict should be raised, but
+    # image_meta.name can't be extracted.
+    image_name = (image_meta.name if 'name' in image_meta else None)
    data = {'requesters': " and ".join(requesters),
-            'image_name': image_meta.name}
+            'image_name': image_name}
    raise exception.FlavorImageConflict(emsg % data)


@ -1260,12 +1268,14 @@ def _check_mem_encryption_machine_type(image_meta, machine_type=None):
    if mach_type is None:
        return

+    # image_meta.name is not set if image object represents root Cinder volume.
+    image_name = (image_meta.name if 'name' in image_meta else None)
    # Could be something like pc-q35-2.11 if a specific version of the
    # machine type is required, so do substring matching.
    if 'q35' not in mach_type:
        raise exception.InvalidMachineType(
            mtype=mach_type,
-            image_id=image_meta.id, image_name=image_meta.name,
+            image_id=image_meta.id, image_name=image_name,
            reason=_("q35 type is required for SEV to work"))