Encryptors: Fix compat with Nova encryptors for Ocata

The change 916cfaf "Introduce encryption provider constants"
intended to issue deprecation messages for encryptors that
are no longer going to be supported in Pike, and continue
loading the current os_brick encryptors instead.

However, since it removed the "'LuksEncryptor' in provider"
style checks, any config values that were not explicitly listed
in LEGACY_PROVIDER_CLASS_TO_FORMAT_MAP will not be translated.

This results in a configuration using a provider of
"nova.volume.encryptors.luks.LuksEncryptor" to attempt to
import this module directly into Cinder when previously it
would use the os_brick encryptor.  This is generally wrong
and causes a number of problems.

Closes-Bug: #1658755

Change-Id: I3ec6e3fe919bc03d158da04a18fb8b651002ed52
This commit is contained in:
Eric Harney 2017-01-23 15:17:57 -05:00 committed by Lee Yarwood
parent 1a9b90b029
commit 10a5e3f5d5
2 changed files with 24 additions and 1 deletions

View File

@ -31,6 +31,9 @@ FORMAT_TO_FRONTEND_ENCRYPTOR_MAP = {
}
LEGACY_PROVIDER_CLASS_TO_FORMAT_MAP = {
"nova.volume.encryptors.luks.LuksEncryptor": LUKS,
"nova.volume.encryptors.cryptsetup.CryptsetupEncryptor": PLAIN,
"nova.volume.encryptors.nop.NoopEncryptor": None,
"os_brick.encryptors.luks.LuksEncryptor": LUKS,
"os_brick.encryptors.cryptsetup.CryptsetupEncryptor": PLAIN,
"os_brick.encryptors.nop.NoopEncryptor": None,

View File

@ -59,6 +59,8 @@ class BaseEncryptorTestCase(VolumeEncryptorTestCase):
encryptors.luks.LuksEncryptor)
self._test_get_encryptor('os_brick.encryptors.luks.LuksEncryptor',
encryptors.luks.LuksEncryptor)
self._test_get_encryptor('nova.volume.encryptors.luks.LuksEncryptor',
encryptors.luks.LuksEncryptor)
self._test_get_encryptor('plain',
encryptors.cryptsetup.CryptsetupEncryptor)
@ -68,6 +70,9 @@ class BaseEncryptorTestCase(VolumeEncryptorTestCase):
self._test_get_encryptor(
'os_brick.encryptors.cryptsetup.CryptsetupEncryptor',
encryptors.cryptsetup.CryptsetupEncryptor)
self._test_get_encryptor(
'nova.volume.encryptors.cryptsetup.CryptsetupEncryptor',
encryptors.cryptsetup.CryptsetupEncryptor)
self._test_get_encryptor(None,
encryptors.nop.NoOpEncryptor)
@ -76,6 +81,8 @@ class BaseEncryptorTestCase(VolumeEncryptorTestCase):
encryptors.nop.NoOpEncryptor)
self._test_get_encryptor('os_brick.encryptors.nop.NoOpEncryptor',
encryptors.nop.NoOpEncryptor)
self._test_get_encryptor('nova.volume.encryptors.nop.NoopEncryptor',
encryptors.nop.NoOpEncryptor)
def test_get_error_encryptors(self):
encryption = {'control_location': 'front-end',
@ -146,6 +153,14 @@ class BaseEncryptorTestCase(VolumeEncryptorTestCase):
keymgr=self.keymgr,
**encryption)
encryption = {'control_location': 'front-end',
'provider': 'nova.volume.encryptors.luks.LuksEncryptor'}
encryptors.get_volume_encryptor(
root_helper=self.root_helper,
connection_info=self.connection_info,
keymgr=self.keymgr,
**encryption)
log.warning.assert_has_calls([
mock.call("Use of the in tree encryptor class %(provider)s by "
"directly referencing the implementation class will be "
@ -155,4 +170,9 @@ class BaseEncryptorTestCase(VolumeEncryptorTestCase):
"directly referencing the implementation class will be "
"blocked in the Pike release of os-brick.",
{'provider':
'os_brick.encryptors.luks.LuksEncryptor'})])
'os_brick.encryptors.luks.LuksEncryptor'}),
mock.call("Use of the in tree encryptor class %(provider)s by "
"directly referencing the implementation class will be "
"blocked in the Pike release of os-brick.",
{'provider':
'nova.volume.encryptors.luks.LuksEncryptor'})])