cf5645fdee
Per feedback received on other patch sets, an example key manager driver is required to support ephemeral storage encryption and Cinder volume encryption. The ConfKeyManager class reads its key from the project's configuration file and provides this key for *all* requests. As such, this key manager is insecure but allows the aforementioned encryption features to be used without further integration effort. To clarify the above statements, the configuration-based key manager uses a single, fixed key. When used to encrypt data (e.g., by the Cinder volume encryption feature), the encryption provides limited protection for the confidentiality of data. For example, data cannot be read from a lost or stolen disk, and a volume's contents cannot be reconstructed if an attacker intercepts the iSCSI traffic between the compute and storage host. If the key is ever compromised, then any data encrypted with the key can be decrypted. Implements blueprint encrypt-cinder-volumes SecurityImpact Change-Id: Ia6f4c69e699e68065c0f767e769cd0a6f5cc623b |
||
|---|---|---|
| .. | ||
| CA | ||
| api | ||
| bundle | ||
| cells | ||
| cert | ||
| compute | ||
| conductor | ||
| console | ||
| consoleauth | ||
| db | ||
| fake_loadables | ||
| glance | ||
| image | ||
| integrated | ||
| keymgr | ||
| monkey_patch_example | ||
| network | ||
| objects | ||
| pci | ||
| scheduler | ||
| servicegroup | ||
| ssl_cert | ||
| virt | ||
| volume | ||
| README.rst | ||
| __init__.py | ||
| cast_as_call.py | ||
| conf_fixture.py | ||
| fake_crypto.py | ||
| fake_hosts.py | ||
| fake_instance.py | ||
| fake_instance_actions.py | ||
| fake_ldap.py | ||
| fake_network.py | ||
| fake_network_cache_model.py | ||
| fake_notifier.py | ||
| fake_policy.py | ||
| fake_processutils.py | ||
| fake_utils.py | ||
| fake_volume.py | ||
| fakeguestfs.py | ||
| matchers.py | ||
| policy_fixture.py | ||
| test_availability_zones.py | ||
| test_baserpc.py | ||
| test_bdm.py | ||
| test_block_device.py | ||
| test_cinder.py | ||
| test_configdrive2.py | ||
| test_context.py | ||
| test_crypto.py | ||
| test_exception.py | ||
| test_flavors.py | ||
| test_hooks.py | ||
| test_instance_types_extra_specs.py | ||
| test_iptables_network.py | ||
| test_ipv6.py | ||
| test_linuxscsi.py | ||
| test_loadables.py | ||
| test_manager.py | ||
| test_matchers.py | ||
| test_metadata.py | ||
| test_notifications.py | ||
| test_nova_manage.py | ||
| test_objectstore.py | ||
| test_pipelib.py | ||
| test_policy.py | ||
| test_quota.py | ||
| test_safeutils.py | ||
| test_service.py | ||
| test_test.py | ||
| test_test_utils.py | ||
| test_utils.py | ||
| test_versions.py | ||
| test_wsgi.py | ||
| utils.py | ||
README.rst
OpenStack Nova Testing Infrastructure
This README file attempts to provide current and prospective contributors with everything they need to know in order to start creating unit tests for nova.
Note: the content for the rest of this file will be added as the work items in the following blueprint are completed: https://blueprints.launchpad.net/nova/+spec/consolidate-testing-infrastructure
Test Types: Unit vs. Functional vs. Integration
TBD
Writing Unit Tests
TBD
Using Fakes
TBD
test.TestCase
The TestCase class from nova.test (generally imported as test) will automatically manage self.stubs using the stubout module and self.mox using the mox module during the setUp step. They will automatically verify and clean up during the tearDown step.
If using test.TestCase, calling the super class setUp is required and calling the super class tearDown is required to be last if tearDown is overriden.
Writing Functional Tests
TBD
Writing Integration Tests
TBD
Tests and Exceptions
A properly written test asserts that particular behavior occurs. This can be a success condition or a failure condition, including an exception. When asserting that a particular exception is raised, the most specific exception possible should be used.
In particular, testing for Exception being raised is almost always a mistake since it will match (almost) every exception, even those unrelated to the exception intended to be tested.
This applies to catching exceptions manually with a try/except block, or using assertRaises().
Example:
self.assertRaises(exception.InstanceNotFound, db.instance_get_by_uuid,
elevated, instance_uuid)If a stubbed function/method needs a generic exception for testing purposes, test.TestingException is available.
Example:
def stubbed_method(self):
raise test.TestingException()
self.stubs.Set(cls, 'inner_method', stubbed_method)
obj = cls()
self.assertRaises(test.TestingException, obj.outer_method)Stubbing and Mocking
Whenever possible, tests SHOULD NOT stub and mock out the same function.
If it's unavoidable, tests SHOULD define stubs before mocks since the TestCase cleanup routine will un-mock before un-stubbing. Doing otherwise results in a test that leaks stubbed functions, causing hard-to-debug interference between tests1.
If a mock must take place before a stub, any stubs after the mock call MUST be manually unset using self.cleanUp calls within the test.