Merge "Adds scenario tests for volume encryption"
This commit is contained in:
commit
8520a48a10
|
@ -21,6 +21,7 @@ import six
|
|||
import subprocess
|
||||
import time
|
||||
|
||||
from cinderclient import exceptions as cinder_exceptions
|
||||
from heatclient import exc as heat_exceptions
|
||||
import netaddr
|
||||
from neutronclient.common import exceptions as exc
|
||||
|
@ -354,7 +355,7 @@ class OfficialClientTest(tempest.test.BaseTestCase):
|
|||
return server
|
||||
|
||||
def create_volume(self, client=None, size=1, name=None,
|
||||
snapshot_id=None, imageRef=None):
|
||||
snapshot_id=None, imageRef=None, volume_type=None):
|
||||
if client is None:
|
||||
client = self.volume_client
|
||||
if name is None:
|
||||
|
@ -362,7 +363,8 @@ class OfficialClientTest(tempest.test.BaseTestCase):
|
|||
LOG.debug("Creating a volume (size: %s, name: %s)", size, name)
|
||||
volume = client.volumes.create(size=size, display_name=name,
|
||||
snapshot_id=snapshot_id,
|
||||
imageRef=imageRef)
|
||||
imageRef=imageRef,
|
||||
volume_type=volume_type)
|
||||
self.set_resource(name, volume)
|
||||
self.assertEqual(name, volume.display_name)
|
||||
self.status_timeout(client.volumes, volume.id, 'available')
|
||||
|
@ -623,6 +625,84 @@ class BaremetalScenarioTest(OfficialClientTest):
|
|||
timeout=CONF.baremetal.unprovision_timeout)
|
||||
|
||||
|
||||
class EncryptionScenarioTest(OfficialClientTest):
|
||||
"""
|
||||
Base class for encryption scenario tests
|
||||
"""
|
||||
|
||||
@classmethod
|
||||
def setUpClass(cls):
|
||||
super(EncryptionScenarioTest, cls).setUpClass()
|
||||
|
||||
# use admin credentials to create encrypted volume types
|
||||
admin_creds = cls.admin_credentials()
|
||||
manager = clients.OfficialClientManager(credentials=admin_creds)
|
||||
cls.admin_volume_client = manager.volume_client
|
||||
|
||||
def _wait_for_volume_status(self, status):
|
||||
self.status_timeout(
|
||||
self.volume_client.volumes, self.volume.id, status)
|
||||
|
||||
def _wait_for_volume_deletion(self):
|
||||
self.delete_timeout(
|
||||
self.volume_client.volumes, self.volume.id,
|
||||
not_found_exception=cinder_exceptions.NotFound)
|
||||
|
||||
def nova_boot(self):
|
||||
self.keypair = self.create_keypair()
|
||||
create_kwargs = {'key_name': self.keypair.name}
|
||||
self.server = self.create_server(self.compute_client,
|
||||
image=self.image,
|
||||
create_kwargs=create_kwargs)
|
||||
|
||||
def create_volume_type(self, client=None, name=None):
|
||||
if not client:
|
||||
client = self.admin_volume_client
|
||||
if not name:
|
||||
name = 'generic'
|
||||
randomized_name = data_utils.rand_name('scenario-type-' + name + '-')
|
||||
LOG.debug("Creating a volume type: %s", randomized_name)
|
||||
volume_type = client.volume_types.create(randomized_name)
|
||||
self.addCleanup(client.volume_types.delete, volume_type.id)
|
||||
return volume_type
|
||||
|
||||
def create_encryption_type(self, client=None, type_id=None, provider=None,
|
||||
key_size=None, cipher=None,
|
||||
control_location=None):
|
||||
if not client:
|
||||
client = self.admin_volume_client
|
||||
if not type_id:
|
||||
volume_type = self.create_volume_type()
|
||||
type_id = volume_type.id
|
||||
LOG.debug("Creating an encryption type for volume type: %s", type_id)
|
||||
client.volume_encryption_types.create(type_id,
|
||||
{'provider': provider,
|
||||
'key_size': key_size,
|
||||
'cipher': cipher,
|
||||
'control_location':
|
||||
control_location})
|
||||
|
||||
def nova_volume_attach(self):
|
||||
attach_volume_client = self.compute_client.volumes.create_server_volume
|
||||
volume = attach_volume_client(self.server.id,
|
||||
self.volume.id,
|
||||
'/dev/vdb')
|
||||
self.assertEqual(self.volume.id, volume.id)
|
||||
self._wait_for_volume_status('in-use')
|
||||
|
||||
def nova_volume_detach(self):
|
||||
detach_volume_client = self.compute_client.volumes.delete_server_volume
|
||||
detach_volume_client(self.server.id, self.volume.id)
|
||||
self._wait_for_volume_status('available')
|
||||
|
||||
volume = self.volume_client.volumes.get(self.volume.id)
|
||||
self.assertEqual('available', volume.status)
|
||||
|
||||
def cinder_delete_encrypted(self):
|
||||
self.volume_client.volumes.delete(self.volume.id)
|
||||
self._wait_for_volume_deletion()
|
||||
|
||||
|
||||
class NetworkScenarioTest(OfficialClientTest):
|
||||
"""
|
||||
Base class for network scenario tests
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.scenario import manager
|
||||
from tempest import test
|
||||
|
||||
|
||||
class TestEncryptedCinderVolumes(manager.EncryptionScenarioTest):
|
||||
|
||||
"""
|
||||
This test is for verifying the functionality of encrypted cinder volumes.
|
||||
|
||||
For both LUKS and cryptsetup encryption types, this test performs
|
||||
the following:
|
||||
* Creates an image in Glance
|
||||
* Boots an instance from the image
|
||||
* Creates an encryption type (as admin)
|
||||
* Creates a volume of that encryption type (as a regular user)
|
||||
* Attaches and detaches the encrypted volume to the instance
|
||||
* Deletes the encrypted volume
|
||||
"""
|
||||
|
||||
def launch_instance(self):
|
||||
self.glance_image_create()
|
||||
self.nova_boot()
|
||||
|
||||
def create_encrypted_volume(self, encryption_provider):
|
||||
volume_type = self.create_volume_type(name='luks')
|
||||
self.create_encryption_type(type_id=volume_type.id,
|
||||
provider=encryption_provider,
|
||||
key_size=512,
|
||||
cipher='aes-xts-plain64',
|
||||
control_location='front-end')
|
||||
self.volume = self.create_volume(volume_type=volume_type.name)
|
||||
|
||||
def attach_detach_volume(self):
|
||||
self.nova_volume_attach()
|
||||
self.nova_volume_detach()
|
||||
|
||||
def delete_volume(self):
|
||||
self.cinder_delete_encrypted()
|
||||
|
||||
@test.services('compute', 'volume', 'image')
|
||||
def test_encrypted_cinder_volumes_luks(self):
|
||||
self.launch_instance()
|
||||
self.create_encrypted_volume('nova.volume.encryptors.'
|
||||
'luks.LuksEncryptor')
|
||||
self.attach_detach_volume()
|
||||
self.delete_volume()
|
||||
|
||||
@test.services('compute', 'volume', 'image')
|
||||
def test_encrypted_cinder_volumes_cryptsetup(self):
|
||||
self.launch_instance()
|
||||
self.create_encrypted_volume('nova.volume.encryptors.'
|
||||
'cryptsetup.CryptsetupEncryptor')
|
||||
self.attach_detach_volume()
|
||||
self.delete_volume()
|
Loading…
Reference in New Issue