diff options
Diffstat (limited to 'nova/compute/api.py')
-rw-r--r-- | nova/compute/api.py | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/nova/compute/api.py b/nova/compute/api.py index 6bd6a78cd0..6f1ff7c48e 100644 --- a/nova/compute/api.py +++ b/nova/compute/api.py @@ -557,6 +557,31 @@ class API(base.Base): # reason, we rely on the DB to cast True to a String. return True if bool_val else '' + @staticmethod + def _detect_nonbootable_image_from_properties(image_id, image): + """Check image for a property indicating it's nonbootable. + + This is called from the API service to ensure that there are + no known image properties indicating that this image is of a + type that we do not support booting from. + + Currently the only such property is 'cinder_encryption_key_id'. + + :param image_id: UUID of the image + :param image: a dict representation of the image including properties + :raises: ImageUnacceptable if the image properties indicate + that booting this image is not supported + """ + if not image: + return + + image_properties = image.get('properties', {}) + if image_properties.get('cinder_encryption_key_id'): + reason = _('Direct booting of an image uploaded from an ' + 'encrypted volume is unsupported.') + raise exception.ImageUnacceptable(image_id=image_id, + reason=reason) + def _check_requested_image(self, context, image_id, image, instance_type, root_bdm): if not image: @@ -773,6 +798,7 @@ class API(base.Base): self._check_injected_file_quota(context, files_to_inject) self._check_requested_image(context, image_id, image, instance_type, root_bdm) + self._detect_nonbootable_image_from_properties(image_id, image) def _validate_and_build_base_options(self, context, instance_type, boot_meta, image_href, image_id, |