Merge "Catch Castellan errors in create volume"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
e7baee6868
@ -19,6 +19,7 @@ import sys
|
||||
import ddt
|
||||
import mock
|
||||
|
||||
from castellan.common import exception as castellan_exc
|
||||
from castellan.tests.unit.key_manager import mock_key_manager
|
||||
from oslo_utils import imageutils
|
||||
|
||||
@ -347,6 +348,59 @@ class CreateVolumeFlowTestCase(test.TestCase):
|
||||
'replication_status': 'disabled'}
|
||||
self.assertEqual(expected_result, result)
|
||||
|
||||
@mock.patch('cinder.volume.volume_types.is_encrypted',
|
||||
return_value=True)
|
||||
@mock.patch('cinder.volume.volume_types.get_volume_type_encryption',
|
||||
return_value=mock.Mock(cipher='my-cipher-2000'))
|
||||
@mock.patch('cinder.volume.volume_types.get_volume_type_qos_specs',
|
||||
return_value={'qos_specs': None})
|
||||
@mock.patch('cinder.volume.flows.api.create_volume.'
|
||||
'ExtractVolumeRequestTask._get_volume_type_id',
|
||||
return_value=1)
|
||||
def test_get_encryption_key_id_castellan_error(
|
||||
self,
|
||||
mock_get_type_id,
|
||||
mock_get_qos,
|
||||
mock_get_volume_type_encryption,
|
||||
mock_is_encrypted):
|
||||
|
||||
fake_image_service = fake_image.FakeImageService()
|
||||
image_id = 99
|
||||
image_meta = {'id': image_id,
|
||||
'status': 'active',
|
||||
'size': 1}
|
||||
fake_image_service.create(self.ctxt, image_meta)
|
||||
fake_key_manager = mock_key_manager.MockKeyManager()
|
||||
volume_type = 'type1'
|
||||
|
||||
with mock.patch.object(fake_key_manager, 'create_key',
|
||||
side_effect=castellan_exc.KeyManagerError):
|
||||
with mock.patch.object(fake_key_manager, 'get',
|
||||
return_value=fakes.ENCRYPTION_KEY_ID):
|
||||
|
||||
task = create_volume.ExtractVolumeRequestTask(
|
||||
fake_image_service,
|
||||
{'nova'})
|
||||
|
||||
self.assertRaises(exception.Invalid,
|
||||
task.execute,
|
||||
self.ctxt,
|
||||
size=1,
|
||||
snapshot=None,
|
||||
image_id=image_id,
|
||||
source_volume=None,
|
||||
availability_zone='nova',
|
||||
volume_type=volume_type,
|
||||
metadata=None,
|
||||
key_manager=fake_key_manager,
|
||||
source_replica=None,
|
||||
consistencygroup=None,
|
||||
cgsnapshot=None,
|
||||
group=None)
|
||||
|
||||
mock_is_encrypted.assert_called_once_with(self.ctxt, 1)
|
||||
mock_get_volume_type_encryption.assert_called_once_with(self.ctxt, 1)
|
||||
|
||||
@mock.patch('cinder.volume.volume_types.is_encrypted')
|
||||
@mock.patch('cinder.volume.volume_types.get_volume_type_qos_specs')
|
||||
@mock.patch('cinder.volume.flows.api.create_volume.'
|
||||
|
||||
@ -11,6 +11,7 @@
|
||||
# under the License.
|
||||
|
||||
|
||||
from castellan.common import exception as castellan_exc
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils import timeutils
|
||||
@ -392,9 +393,17 @@ class ExtractVolumeRequestTask(flow_utils.CinderTask):
|
||||
# hyphenated format (aes-xts-plain64). The algorithm needs
|
||||
# to be parsed out to pass to the key manager (aes).
|
||||
algorithm = cipher.split('-')[0] if cipher else None
|
||||
encryption_key_id = key_manager.create_key(context,
|
||||
algorithm=algorithm,
|
||||
length=length)
|
||||
try:
|
||||
encryption_key_id = key_manager.create_key(
|
||||
context,
|
||||
algorithm=algorithm,
|
||||
length=length)
|
||||
except castellan_exc.KeyManagerError:
|
||||
# The messaging back to the client here is
|
||||
# purposefully terse, so we don't leak any sensitive
|
||||
# details.
|
||||
LOG.exception("Key manager error")
|
||||
raise exception.Invalid(message="Key manager error")
|
||||
|
||||
return encryption_key_id
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user