From 4bd9edbd3bf7ef1a40cb55714cbaadfbd37368d1 Mon Sep 17 00:00:00 2001 From: Lee Yarwood Date: Fri, 31 Jan 2020 17:26:25 +0000 Subject: [PATCH] volume: Introduce extend attached encrypted volume tests This change introduces an extend attached encrypted volume test specifically using the LUKSv1 encryption format after issues were discovered in bug #1861071. The test mostly reuses the existing test for extending attached unencrypted volumes with some specific encryption related logic being introduced in BaseVolumeAdminTest. Note that while attached volume extension is not an admin only operation the creation of the encrypted volume type is, resulting in this test being labelled as an admin test. A ``[compute-feature-enabled]/extend_attached_encrypted_volume`` configurable is also introduced to control when this test is ran. Depends-On: https://review.opendev.org/706900 Related-Bug: #1861071 Change-Id: Ibf864c608656d0af906bf0859cedf9cd70b3e58f --- .../admin/test_encrypted_volumes_extend.py | 35 +++++++++++++++++++ tempest/api/volume/base.py | 21 +++++++++++ tempest/api/volume/test_volumes_extend.py | 22 +++++++----- tempest/config.py | 10 +++++- 4 files changed, 78 insertions(+), 10 deletions(-) create mode 100644 tempest/api/volume/admin/test_encrypted_volumes_extend.py diff --git a/tempest/api/volume/admin/test_encrypted_volumes_extend.py b/tempest/api/volume/admin/test_encrypted_volumes_extend.py new file mode 100644 index 0000000000..7339179461 --- /dev/null +++ b/tempest/api/volume/admin/test_encrypted_volumes_extend.py @@ -0,0 +1,35 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import testtools + +from tempest.api.volume import base +from tempest.api.volume import test_volumes_extend as extend +from tempest.common import utils +from tempest import config +from tempest.lib import decorators + +CONF = config.CONF + + +class EncryptedVolumesExtendAttachedTest(extend.BaseVolumesExtendAttachedTest, + base.BaseVolumeAdminTest): + """Tests extending the size of an attached encrypted volume.""" + + @decorators.idempotent_id('e93243ec-7c37-4b5b-a099-ebf052c13216') + @testtools.skipUnless( + CONF.volume_feature_enabled.extend_attached_encrypted_volume, + "Attached encrypted volume extend is disabled.") + @utils.services('compute') + def test_extend_attached_encrypted_volume_luksv1(self): + volume = self.create_encrypted_volume(encryption_provider="luks") + self._test_extend_attached_volume(volume) diff --git a/tempest/api/volume/base.py b/tempest/api/volume/base.py index bcbcf43a26..3ec4690a1f 100644 --- a/tempest/api/volume/base.py +++ b/tempest/api/volume/base.py @@ -299,6 +299,27 @@ class BaseVolumeAdminTest(BaseVolumeTest): cls.addClassResourceCleanup(cls.clear_volume_type, volume_type['id']) return volume_type + def create_encryption_type(self, type_id=None, provider=None, + key_size=None, cipher=None, + control_location=None): + if not type_id: + volume_type = self.create_volume_type() + type_id = volume_type['id'] + self.admin_encryption_types_client.create_encryption_type( + type_id, provider=provider, key_size=key_size, cipher=cipher, + control_location=control_location) + + def create_encrypted_volume(self, encryption_provider, key_size=256, + cipher='aes-xts-plain64', + control_location='front-end'): + volume_type = self.create_volume_type() + self.create_encryption_type(type_id=volume_type['id'], + provider=encryption_provider, + key_size=key_size, + cipher=cipher, + control_location=control_location) + return self.create_volume(volume_type=volume_type['name']) + def create_group_type(self, name=None, **kwargs): """Create a test group-type""" name = name or data_utils.rand_name( diff --git a/tempest/api/volume/test_volumes_extend.py b/tempest/api/volume/test_volumes_extend.py index 22670451ce..ea6bd4a5ba 100644 --- a/tempest/api/volume/test_volumes_extend.py +++ b/tempest/api/volume/test_volumes_extend.py @@ -58,7 +58,7 @@ class VolumesExtendTest(base.BaseVolumeTest): self.assertEqual(extend_size, resized_volume['size']) -class VolumesExtendAttachedTest(base.BaseVolumeTest): +class BaseVolumesExtendAttachedTest(base.BaseVolumeTest): """Tests extending the size of an attached volume.""" create_default_network = True @@ -97,14 +97,9 @@ class VolumesExtendAttachedTest(base.BaseVolumeTest): event['finish_time']): return event - @decorators.idempotent_id('301f5a30-1c6f-4ea0-be1a-91fd28d44354') - @testtools.skipUnless(CONF.volume_feature_enabled.extend_attached_volume, - "Attached volume extend is disabled.") - @utils.services('compute') - def test_extend_attached_volume(self): + def _test_extend_attached_volume(self, volume): """This is a happy path test which does the following: - * Create a volume at the configured volume_size. * Create a server instance. * Attach the volume to the server. * Wait for the volume status to be "in-use". @@ -116,8 +111,6 @@ class VolumesExtendAttachedTest(base.BaseVolumeTest): if we timeout waiting for the instance action event to show up, or if the action on the server fails. """ - # Create a test volume. Will be automatically cleaned up on teardown. - volume = self.create_volume() # Create a test server. Will be automatically cleaned up on teardown. server = self.create_server() # Attach the volume to the server and wait for the volume status to be @@ -179,3 +172,14 @@ class VolumesExtendAttachedTest(base.BaseVolumeTest): "%(request_id)s." % {'result': event['result'], 'request_id': action['request_id']}) + + +class VolumesExtendAttachedTest(BaseVolumesExtendAttachedTest): + + @decorators.idempotent_id('301f5a30-1c6f-4ea0-be1a-91fd28d44354') + @testtools.skipUnless(CONF.volume_feature_enabled.extend_attached_volume, + "Attached volume extend is disabled.") + @utils.services('compute') + def test_extend_attached_volume(self): + volume = self.create_volume() + self._test_extend_attached_volume(volume) diff --git a/tempest/config.py b/tempest/config.py index 96857459af..26acc74a12 100644 --- a/tempest/config.py +++ b/tempest/config.py @@ -985,7 +985,15 @@ VolumeFeaturesGroup = [ 'which is currently attached to a server instance? This ' 'depends on the 3.42 volume API microversion and the ' '2.51 compute API microversion. Also, not all volume or ' - 'compute backends support this operation.') + 'compute backends support this operation.'), + cfg.BoolOpt('extend_attached_encrypted_volume', + default=False, + help='Does the cloud support extending the size of an ' + 'encrypted volume which is currently attached to a ' + 'server instance? This depends on the 3.42 volume API ' + 'microversion and the 2.51 compute API microversion. ' + 'Also, not all volume or compute backends support this ' + 'operation.') ]