From d53d9eba225ffafc5317be44c8700e4f24cf61b9 Mon Sep 17 00:00:00 2001 From: Lee Yarwood Date: Wed, 26 Jan 2022 17:53:35 +0000 Subject: [PATCH] block_device: Add encryption attributes to image and ephemeral disks Change-Id: I0e3f0a15879f92e08f9e4465e7cdf53190fcc7b7 --- nova/tests/unit/compute/test_compute.py | 18 +++++++++-- nova/tests/unit/virt/test_block_device.py | 24 +++++++++++--- nova/virt/block_device.py | 39 +++++++++++++++++++++-- 3 files changed, 72 insertions(+), 9 deletions(-) diff --git a/nova/tests/unit/compute/test_compute.py b/nova/tests/unit/compute/test_compute.py index 43fcdf501bc9..f8a88d7744ec 100644 --- a/nova/tests/unit/compute/test_compute.py +++ b/nova/tests/unit/compute/test_compute.py @@ -3279,7 +3279,11 @@ class ComputeTestCase(BaseTestCase, 'delete_on_termination': True, 'guest_format': None, 'volume_size': 2, - 'boot_index': -1 + 'boot_index': -1, + 'encrypted': True, + 'encryption_secret_uuid': uuids.secret, + 'encryption_format': 'luks', + 'encryption_options': None, }) swap = fake_block_device.FakeDbBlockDeviceDict({ 'id': 3, @@ -3314,14 +3318,22 @@ class ComputeTestCase(BaseTestCase, 'device_type': 'disk', 'disk_bus': 'virtio', 'guest_format': None, - 'size': 1 + 'size': 1, + 'encrypted': False, + 'encryption_secret_uuid': None, + 'encryption_format': None, + 'encryption_options': None, }, { 'device_name': '/dev/vdc', 'device_type': 'disk', 'disk_bus': 'virtio', 'guest_format': None, - 'size': 2 + 'size': 2, + 'encrypted': True, + 'encryption_secret_uuid': uuids.secret, + 'encryption_format': 'luks', + 'encryption_options': None, } ], 'image': [], diff --git a/nova/tests/unit/virt/test_block_device.py b/nova/tests/unit/virt/test_block_device.py index fe74744ec5c0..703f15967cba 100644 --- a/nova/tests/unit/virt/test_block_device.py +++ b/nova/tests/unit/virt/test_block_device.py @@ -79,14 +79,22 @@ class TestDriverBlockDevice(test.NoDBTestCase): 'volume_size': 4, 'guest_format': 'ext4', 'delete_on_termination': True, - 'boot_index': -1}) + 'boot_index': -1, + 'encrypted': False, + 'encryption_secret_uuid': None, + 'encryption_format': None, + 'encryption_options': None}) ephemeral_driver_bdm = { 'device_name': '/dev/sdc1', 'size': 4, 'device_type': 'disk', 'guest_format': 'ext4', - 'disk_bus': 'scsi'} + 'disk_bus': 'scsi', + 'encrypted': False, + 'encryption_secret_uuid': None, + 'encryption_format': None, + 'encryption_options': None} volume_bdm_dict = block_device.BlockDeviceDict( {'id': 3, 'instance_uuid': uuids.instance, @@ -221,7 +229,11 @@ class TestDriverBlockDevice(test.NoDBTestCase): 'guest_format': 'ext4', 'boot_index': 0, 'image_id': 'fake-image-id-1', - 'volume_size': 5}) + 'volume_size': 5, + 'encrypted': True, + 'encryption_secret_uuid': uuids.secret, + 'encryption_format': 'plain', + 'encryption_options': None}) image_driver_bdm = { 'device_name': '/dev/vda', @@ -230,7 +242,11 @@ class TestDriverBlockDevice(test.NoDBTestCase): 'disk_bus': 'virtio', 'boot_index': 0, 'image_id': 'fake-image-id-1', - 'size': 5} + 'size': 5, + 'encrypted': True, + 'encryption_secret_uuid': uuids.secret, + 'encryption_format': 'plain', + 'encryption_options': None} def setUp(self): super(TestDriverBlockDevice, self).setUp() diff --git a/nova/virt/block_device.py b/nova/virt/block_device.py index df354ec65d30..28a866a817fb 100644 --- a/nova/virt/block_device.py +++ b/nova/virt/block_device.py @@ -235,12 +235,24 @@ class DriverImageBlockDevice(DriverBlockDevice): 'device_type', 'guest_format', 'boot_index', + 'encrypted', + 'encryption_secret_uuid', + 'encryption_format', + 'encryption_options' ]) _fields = set([ 'device_name', 'size']) | _new_only_fields _legacy_fields = ( _fields - _new_only_fields | set(['num', 'virtual_name'])) + _update_on_save = { + 'disk_bus': None, + 'device_name': None, + 'device_type': None, + 'encryption_secret_uuid': None, + 'encryption_format': None, + 'encryption_options': None, + } def _transform(self): if (not self._bdm_obj.get('source_type') == 'image' or @@ -254,12 +266,31 @@ class DriverImageBlockDevice(DriverBlockDevice): 'guest_format': self._bdm_obj.guest_format, 'image_id': self._bdm_obj.image_id, 'boot_index': 0, + 'encrypted': self._bdm_obj.encrypted, + 'encryption_secret_uuid': self._bdm_obj.encryption_secret_uuid, + 'encryption_format': self._bdm_obj.encryption_format, + 'encryption_options': self._bdm_obj.encryption_options }) class DriverEphemeralBlockDevice(DriverBlockDevice): - _new_only_fields = set(['disk_bus', 'device_type', 'guest_format']) + _new_only_fields = set([ + 'disk_bus', + 'device_type', + 'guest_format', + 'encrypted', + 'encryption_secret_uuid', + 'encryption_format', + 'encryption_options']) _fields = set(['device_name', 'size']) | _new_only_fields + _update_on_save = { + 'disk_bus': None, + 'device_name': None, + 'device_type': None, + 'encryption_secret_uuid': None, + 'encryption_format': None, + 'encryption_options': None, + } def _transform(self): if not block_device.new_format_is_ephemeral(self._bdm_obj): @@ -269,7 +300,11 @@ class DriverEphemeralBlockDevice(DriverBlockDevice): 'size': self._bdm_obj.volume_size or 0, 'disk_bus': self._bdm_obj.disk_bus, 'device_type': self._bdm_obj.device_type, - 'guest_format': self._bdm_obj.guest_format + 'guest_format': self._bdm_obj.guest_format, + 'encrypted': self._bdm_obj.encrypted, + 'encryption_secret_uuid': self._bdm_obj.encryption_secret_uuid, + 'encryption_format': self._bdm_obj.encryption_format, + 'encryption_options': self._bdm_obj.encryption_options })