RemoteFS: prevent creation of encrypted volumes

Support for volume encryption of FS-based volumes is not currently implemented in Nova. Creating encrypted volumes with these drivers can result in dangerous and undesired behavior. Block creation of encrypted volumes for these drivers until this is supported. This adds a per-driver switch which can be used to enable this for individual RemoteFS drivers as they are tested. Closes-Bug: #1675469 Change-Id: I39d4230106c891e1b480989daaf72bea5a64e4b3 (cherry picked from commit e626f54f8b)
2017-03-23 12:07:54 -04:00 · 2017-03-23 12:07:54 -04:00 · 689d746851
parent 1ef2f70042
commit 689d746851
1 changed files with 5 additions and 0 deletions
--- a/cinder/volume/drivers/remotefs.py
+++ b/cinder/volume/drivers/remotefs.py
@ -147,6 +147,7 @@ class RemoteFSDriver(driver.BaseVD):
        self._mounted_shares = []
        self._execute_as_root = True
        self._is_voldb_empty_at_startup = kwargs.pop('is_vol_db_empty', None)
+        self._supports_encryption = False

        if self.configuration:
            self.configuration.append_config_values(nas_opts)
@ -234,6 +235,10 @@ class RemoteFSDriver(driver.BaseVD):
        :returns: provider_location update dict for database
        """

+        if volume.encryption_key_id and not self._supports_encryption:
+            message = _("Encryption is not yet supported.")
+            raise exception.VolumeDriverException(message=message)
+
        LOG.debug('Creating volume %(vol)s', {'vol': volume.id})
        self._ensure_shares_mounted()