Merge "Block attempts to transfer encrypted volumes"

2018-01-18 17:39:37 +00:00 · 2018-01-18 17:39:37 +00:00 · 0ffb9f175c
commit 0ffb9f175c
parent b7b3e9be8a 04d7e2d80d
2 changed files with 14 additions and 0 deletions
--- a/cinder/tests/unit/test_volume_transfer.py
+++ b/cinder/tests/unit/test_volume_transfer.py
@ -17,6 +17,7 @@ import mock
 from oslo_utils import timeutils

 from cinder import context
+from cinder import db
 from cinder import exception
 from cinder import objects
 from cinder import quota
@ -68,6 +69,16 @@ class VolumeTransferTestCase(test.TestCase):
        volume = objects.Volume.get_by_id(self.ctxt, volume.id)
        self.assertEqual('in-use', volume['status'], 'Unexpected state')

+    def test_transfer_invalid_encrypted_volume(self):
+        tx_api = transfer_api.API()
+        volume = utils.create_volume(self.ctxt, updated_at=self.updated_at)
+        db.volume_update(self.ctxt,
+                         volume.id,
+                         {'encryption_key_id': fake.ENCRYPTION_KEY_ID})
+        self.assertRaises(exception.InvalidVolume,
+                          tx_api.create,
+                          self.ctxt, volume.id, 'Description')
+
    @mock.patch('cinder.volume.utils.notify_about_volume_usage')
    def test_transfer_accept_invalid_authkey(self, mock_notify):
        svc = self.start_service('volume', host='test_host')
--- a/cinder/transfer/api.py
+++ b/cinder/transfer/api.py
@ -120,6 +120,9 @@ class API(base.Base):
        volume_ref = self.db.volume_get(context, volume_id)
        if volume_ref['status'] != "available":
            raise exception.InvalidVolume(reason=_("status must be available"))
+        if volume_ref['encryption_key_id'] is not None:
+            raise exception.InvalidVolume(
+                reason=_("transferring encrypted volume is not supported"))

        volume_utils.notify_about_volume_usage(context, volume_ref,
                                               "transfer.create.start")