diff options
author | Zuul <zuul@review.opendev.org> | 2019-10-07 21:24:44 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2019-10-07 21:24:44 +0000 |
commit | d0da6cec4d5e5571317281fa5dd7838d4d11ae39 (patch) | |
tree | 83273335c7b6b09a92651d81e672f6ccdc3f9789 | |
parent | 2fa747ab78aefbd27598af71cc7fc557bd83ce94 (diff) | |
parent | c0f4374be8a3717aa27267674225a9a9f7fa723e (diff) | |
download | cinder-d0da6cec4d5e5571317281fa5dd7838d4d11ae39.tar.gz |
Merge "Don't allow retype to encrypted+multiattach type" into stable/queens
-rw-r--r-- | cinder/volume/api.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/cinder/volume/api.py b/cinder/volume/api.py index 397cadc8d..a66ed8155 100644 --- a/cinder/volume/api.py +++ b/cinder/volume/api.py @@ -199,6 +199,12 @@ class API(base.Base): specs = getattr(volume_type, 'extra_specs', {}) return specs.get('multiattach', 'False') == '<is> True' + def _is_encrypted(self, volume_type): + specs = volume_type.get('extra_specs', {}) + if 'encryption' not in specs: + return False + return specs.get('encryption', {}) is not {} + def create(self, context, size, name, description, snapshot=None, image_id=None, volume_type=None, metadata=None, availability_zone=None, source_volume=None, @@ -1658,6 +1664,11 @@ class API(base.Base): context.authorize(vol_policy.MULTIATTACH_POLICY, target_obj=volume) + if tgt_is_multiattach and self._is_encrypted(new_type): + msg = ('Retype requested both encryption and multi-attach, ' + 'which is not supported.') + raise exception.InvalidInput(reason=msg) + # We're checking here in so that we can report any quota issues as # early as possible, but won't commit until we change the type. We # pass the reservations onward in case we need to roll back. |