Add compute_feature_enabled.attach_encrypted_volume config option

TestEncryptedCinderVolumes passes for the ceph job today but it's a false positive since the rbd volume driver in cinder does not return the 'encrypted' key in it's connection_info dict from the os-initialize_connection API to Nova, and Nova keys off 'encrypted' in connection_info to see if it should run the volume encryption provider when attaching the volume (in the case of the libvirt driver in Nova). Cinder change I03f8cae05cc117e14f7482115de685fc9f3fa54a sets the 'encrypted' key in connection_info for rbd volumes which then makes Nova attempt volume encryption but that fails for the rbd volume type since it's not currently supported in Nova. Eventually the tests fail in Tempest because the volume status does not go to 'in-use' since the attach failed. This change adds a config option so that the encrypted cinder volume tests can be skipped in the ceph job until rbd volume encryption is supported in Nova. An alternative to a new config option would be to check if the CONF.volume.storage_protocol is 'ceph' and raise a skip exception for bug 1463525, but given the number of other cinder volume drivers that might have this same issue I figured it was best to make Tempest configurable rather than hard-code all of the invalid storage protocols in the test. Related-Bug: #1463525 Change-Id: I48eba7c645cc1c979fd766ae9c05efb00957f787
2015-06-20 14:20:44 -07:00 · 2015-06-20 14:20:44 -07:00 · 79b3b49527
parent 352082ec9a
commit 79b3b49527
3 changed files with 22 additions and 1 deletions
--- a/etc/tempest.conf.sample
+++ b/etc/tempest.conf.sample
@ -427,6 +427,12 @@
 # value)
 #preserve_ports = false

+# Does the test environment support attaching an encrypted volume to a
+# running server instance? This may depend on the combination of
+# compute_driver in nova and the volume_driver(s) in cinder. (boolean
+# value)
+#attach_encrypted_volume = true
+

 [dashboard]

--- a/tempest/config.py
+++ b/tempest/config.py
@ -387,7 +387,13 @@ ComputeFeaturesGroup = [
                default=False,
                help='Does Nova preserve preexisting ports from Neutron '
                     'when deleting an instance? This should be set to True '
-                     'if testing Kilo+ Nova.')
+                     'if testing Kilo+ Nova.'),
+    cfg.BoolOpt('attach_encrypted_volume',
+                default=True,
+                help='Does the test environment support attaching an '
+                     'encrypted volume to a running server instance? This may '
+                     'depend on the combination of compute_driver in nova and '
+                     'the volume_driver(s) in cinder.'),
 ]


--- a/tempest/scenario/test_encrypted_cinder_volumes.py
+++ b/tempest/scenario/test_encrypted_cinder_volumes.py
@ -13,9 +13,12 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

+from tempest import config
 from tempest.scenario import manager
 from tempest import test

+CONF = config.CONF
+

 class TestEncryptedCinderVolumes(manager.EncryptionScenarioTest):

@ -31,6 +34,12 @@ class TestEncryptedCinderVolumes(manager.EncryptionScenarioTest):
        * Attaches and detaches the encrypted volume to the instance
    """

+    @classmethod
+    def skip_checks(cls):
+        super(TestEncryptedCinderVolumes, cls).skip_checks()
+        if not CONF.compute_feature_enabled.attach_encrypted_volume:
+            raise cls.skipException('Encrypted volume attach is not supported')
+
    def launch_instance(self):
        self.glance_image_create()
        self.nova_boot()