Merge "compute: Skip cinder_encryption_key_id check when booting from volume"

2020-09-17 19:59:43 +00:00
parent 2f18450adc f9b67893ac
commit 9fa563666e
2 changed files with 12 additions and 19 deletions
@@ -627,7 +627,12 @@ class API(base.Base):
            return

        image_properties = image.get('properties', {})
-        if image_properties.get('cinder_encryption_key_id'):
+        # NOTE(lyarwood) Skip this check when image_id is None indicating that
+        # the instance is booting from a volume that was itself initially
+        # created from an image. As such we don't care if
+        # cinder_encryption_key_id was against the original image as we are now
+        # booting from an encrypted volume.
+        if image_properties.get('cinder_encryption_key_id') and image_id:
            reason = _('Direct booting of an image uploaded from an '
                       'encrypted volume is unsupported.')
            raise exception.ImageUnacceptable(image_id=image_id,
@@ -122,15 +122,9 @@ class TestNonBootableImageMeta(integrated_helpers._IntegratedTestBase):
            'volume_size': 1,
        }]

-        # FIXME(lyarwood) n-api should ignore cinder_encryption_key_id in the
-        # original image in this case and accept the request.
-        ex = self.assertRaises(
-            client.OpenStackApiException, self.api.post_server,
-            {'server': server})
-        self.assertEqual(400, ex.response.status_code)
-        self.assertIn(
-            "Direct booting of an image uploaded from an encrypted volume is "
-            "unsupported", str(ex))
+        # Assert that this request is accepted and the server moves to ACTIVE
+        server = self.api.post_server({'server': server})
+        self._wait_for_state_change(server, 'ACTIVE')

    def test_nonbootable_metadata_bfv_volume_image_metadata(self):
        """Assert behaviour when c-api has created volume using encrypted image
@@ -147,12 +141,6 @@ class TestNonBootableImageMeta(integrated_helpers._IntegratedTestBase):
            'uuid': uuids.cinder_encrypted_volume_uuid,
        }]

-        # FIXME(lyarwood) n-api should ignore cinder_encryption_key_id in the
-        # volume volume_image_metadata in this case and accept the request.
-        ex = self.assertRaises(
-            client.OpenStackApiException, self.api.post_server,
-            {'server': server})
-        self.assertEqual(400, ex.response.status_code)
-        self.assertIn(
-            "Direct booting of an image uploaded from an encrypted volume is "
-            "unsupported", str(ex))
+        # Assert that this request is accepted and the server moves to ACTIVE
+        server = self.api.post_server({'server': server})
+        self._wait_for_state_change(server, 'ACTIVE')