summaryrefslogtreecommitdiff
path: root/nova/tests/functional/test_ephemeral_encryption.py
diff options
context:
space:
mode:
Diffstat (limited to 'nova/tests/functional/test_ephemeral_encryption.py')
-rw-r--r--nova/tests/functional/test_ephemeral_encryption.py381
1 files changed, 381 insertions, 0 deletions
diff --git a/nova/tests/functional/test_ephemeral_encryption.py b/nova/tests/functional/test_ephemeral_encryption.py
new file mode 100644
index 0000000000..ba5e411902
--- /dev/null
+++ b/nova/tests/functional/test_ephemeral_encryption.py
@@ -0,0 +1,381 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_utils.fixture import uuidsentinel
+
+from nova import context
+from nova import objects
+from nova.tests.functional import integrated_helpers
+
+
+class _TestEphemeralEncryptionBase(
+ integrated_helpers.ProviderUsageBaseTestCase
+):
+ # NOTE(lyarwood): A dict of test flavors defined per test class,
+ # keyed by flavor name and providing an additional dict containing an 'id'
+ # and optional 'extra_specs' dict. For example:
+ # {
+ # 'name': {
+ # 'id': uuidsentinel.flavor_id
+ # 'extra_specs': {
+ # 'hw:foo': 'bar'
+ # }
+ # }
+ # }
+ flavors = {}
+
+ def setUp(self):
+ super().setUp()
+
+ self.ctxt = context.get_admin_context()
+
+ # Create the required test flavors
+ for name, details in self.flavors.items():
+ flavor = self.admin_api.post_flavor({
+ 'flavor': {
+ 'name': name,
+ 'id': details['id'],
+ 'ram': 512,
+ 'vcpus': 1,
+ 'disk': 1024,
+ }
+ })
+ # Add the optional extra_specs
+ if details.get('extra_specs'):
+ self.admin_api.post_extra_spec(
+ flavor['id'], {'extra_specs': details['extra_specs']})
+
+ # We only need a single compute for these tests
+ self._start_compute(host='compute1')
+
+ def _assert_ephemeral_encryption_enabled(
+ self, server_id, encryption_format=None):
+ bdms = objects.BlockDeviceMappingList.get_by_instance_uuid(
+ self.ctxt, server_id)
+ for bdm in bdms:
+ if bdm.is_local:
+ self.assertTrue(bdm.encrypted)
+ if encryption_format:
+ self.assertEqual(
+ encryption_format, bdm.encryption_format)
+
+ def _assert_ephemeral_encryption_disabled(self, server_id):
+ bdms = objects.BlockDeviceMappingList.get_by_instance_uuid(
+ self.ctxt, server_id)
+ for bdm in bdms:
+ if bdm.is_local:
+ self.assertFalse(bdm.encrypted)
+
+
+class TestEphemeralEncryptionAvailable(_TestEphemeralEncryptionBase):
+
+ compute_driver = 'fake.EphEncryptionDriver'
+ flavors = {
+ 'no_eph_encryption': {
+ 'id': uuidsentinel.no_eph_encryption
+ },
+ 'eph_encryption': {
+ 'id': uuidsentinel.eph_encryption_flavor,
+ 'extra_specs': {
+ 'hw:ephemeral_encryption': 'True'
+ }
+ },
+ 'eph_encryption_disabled': {
+ 'id': uuidsentinel.eph_encryption_disabled_flavor,
+ 'extra_specs': {
+ 'hw:ephemeral_encryption': 'False'
+ }
+ },
+ }
+
+ def test_image_requested(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.no_eph_encryption,
+ image_uuid=uuidsentinel.eph_encryption,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_enabled(server_id)
+
+ def test_image_disabled(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.no_eph_encryption,
+ image_uuid=uuidsentinel.eph_encryption_disabled,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_disabled(server_id)
+
+ def test_flavor_requested(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_flavor,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_enabled(server_id)
+
+ def test_flavor_disabled(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_disabled_flavor,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_disabled(server_id)
+
+ def test_flavor_and_image_requested(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_flavor,
+ image_uuid=uuidsentinel.eph_encryption,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_enabled(server_id)
+
+ def test_flavor_and_image_disabled(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_disabled_flavor,
+ image_uuid=uuidsentinel.eph_encryption_disabled,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_disabled(server_id)
+
+ def test_flavor_requested_and_image_disabled(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_flavor,
+ image_uuid=uuidsentinel.eph_encryption_disabled,
+ networks=[])
+ self._assert_bad_build_request_error(server_request)
+
+ def test_flavor_disabled_and_image_requested(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_disabled_flavor,
+ image_uuid=uuidsentinel.eph_encryption,
+ networks=[])
+ self._assert_bad_build_request_error(server_request)
+
+
+class TestEphemeralEncryptionUnavailable(_TestEphemeralEncryptionBase):
+
+ compute_driver = 'fake.MediumFakeDriver'
+ flavors = {
+ 'no_eph_encryption': {
+ 'id': uuidsentinel.no_eph_encryption
+ },
+ 'eph_encryption': {
+ 'id': uuidsentinel.eph_encryption_flavor,
+ 'extra_specs': {
+ 'hw:ephemeral_encryption': 'True'
+ }
+ },
+ 'eph_encryption_disabled': {
+ 'id': uuidsentinel.eph_encryption_disabled_flavor,
+ 'extra_specs': {
+ 'hw:ephemeral_encryption': 'False'
+ }
+ },
+ }
+
+ def test_requested_but_unavailable(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_flavor,
+ image_uuid=uuidsentinel.eph_encryption,
+ networks=[])
+ self._assert_build_request_schedule_failure(server_request)
+
+ def test_image_disabled(self):
+ server_request = self._build_server(
+ image_uuid=uuidsentinel.eph_encryption_disabled,
+ flavor_id=uuidsentinel.no_eph_encryption,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_disabled(server_id)
+
+ def test_flavor_disabled(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_disabled_flavor,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_disabled(server_id)
+
+
+class TestEphemeralEncryptionLUKS(TestEphemeralEncryptionAvailable):
+
+ compute_driver = 'fake.EphEncryptionDriverLUKS'
+ flavors = {
+ 'no_eph_encryption': {
+ 'id': uuidsentinel.no_eph_encryption
+ },
+ 'eph_encryption': {
+ 'id': uuidsentinel.eph_encryption_flavor,
+ 'extra_specs': {
+ 'hw:ephemeral_encryption': 'True'
+ }
+ },
+ 'eph_encryption_disabled': {
+ 'id': uuidsentinel.eph_encryption_disabled_flavor,
+ 'extra_specs': {
+ 'hw:ephemeral_encryption': 'False'
+ }
+ },
+ 'eph_encryption_luks': {
+ 'id': uuidsentinel.eph_encryption_luks_flavor,
+ 'extra_specs': {
+ 'hw:ephemeral_encryption': 'True',
+ 'hw:ephemeral_encryption_format': 'luks'
+ }
+ },
+ 'eph_encryption_plain': {
+ 'id': uuidsentinel.eph_encryption_plain_flavor,
+ 'extra_specs': {
+ 'hw:ephemeral_encryption': 'True',
+ 'hw:ephemeral_encryption_format': 'plain'
+ }
+ },
+
+ }
+
+ def test_image_requested_luks(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.no_eph_encryption,
+ image_uuid=uuidsentinel.eph_encryption_luks,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_enabled(
+ server_id, encryption_format='luks')
+
+ def test_flavor_requested_luks(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_luks_flavor,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_enabled(
+ server_id, encryption_format='luks')
+
+ def test_flavor_and_image_requested_luks(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_luks_flavor,
+ image_uuid=uuidsentinel.eph_encryption_luks,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_enabled(
+ server_id, encryption_format='luks')
+
+ def test_image_requested_plain(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.no_eph_encryption,
+ image_uuid=uuidsentinel.eph_encryption_plain,
+ networks=[])
+ self._assert_build_request_schedule_failure(server_request)
+
+ def test_flavor_requested_plain(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_plain_flavor,
+ networks=[])
+ self._assert_build_request_schedule_failure(server_request)
+
+ def test_image_requested_luks_flavor_requested_plain(self):
+ server_request = self._build_server(
+ image_uuid=uuidsentinel.eph_encryption_luks,
+ flavor_id=uuidsentinel.eph_encryption_plain_flavor,
+ networks=[])
+ self._assert_bad_build_request_error(server_request)
+
+ def test_image_requested_plain_flavor_requested_luks(self):
+ server_request = self._build_server(
+ image_uuid=uuidsentinel.eph_encryption_plain,
+ flavor_id=uuidsentinel.eph_encryption_luks_flavor,
+ networks=[])
+ self._assert_bad_build_request_error(server_request)
+
+
+class TestEphemeralEncryptionPLAIN(_TestEphemeralEncryptionBase):
+
+ compute_driver = 'fake.EphEncryptionDriverPLAIN'
+ flavors = {
+ 'no_eph_encryption': {
+ 'id': uuidsentinel.no_eph_encryption
+ },
+ 'eph_encryption': {
+ 'id': uuidsentinel.eph_encryption_flavor,
+ 'extra_specs': {
+ 'hw:ephemeral_encryption': 'True'
+ }
+ },
+ 'eph_encryption_disabled': {
+ 'id': uuidsentinel.eph_encryption_disabled_flavor,
+ 'extra_specs': {
+ 'hw:ephemeral_encryption': 'False'
+ }
+ },
+ 'eph_encryption_luks': {
+ 'id': uuidsentinel.eph_encryption_luks_flavor,
+ 'extra_specs': {
+ 'hw:ephemeral_encryption': 'True',
+ 'hw:ephemeral_encryption_format': 'luks'
+ }
+ },
+ 'eph_encryption_plain': {
+ 'id': uuidsentinel.eph_encryption_plain_flavor,
+ 'extra_specs': {
+ 'hw:ephemeral_encryption': 'True',
+ 'hw:ephemeral_encryption_format': 'plain'
+ }
+ },
+ }
+
+ def test_image_requested_plain(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.no_eph_encryption,
+ image_uuid=uuidsentinel.eph_encryption_plain,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_enabled(
+ server_id, encryption_format='plain')
+
+ def test_flavor_requested_plain(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_plain_flavor,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_enabled(
+ server_id, encryption_format='plain')
+
+ def test_flavor_and_image_requested_plain(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_plain_flavor,
+ image_uuid=uuidsentinel.eph_encryption_plain,
+ networks=[])
+ server_id = self._assert_build_request_success(server_request)
+ self._assert_ephemeral_encryption_enabled(
+ server_id, encryption_format='plain')
+
+ def test_image_requested_luks(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.no_eph_encryption,
+ image_uuid=uuidsentinel.eph_encryption_luks,
+ networks=[])
+ self._assert_build_request_schedule_failure(server_request)
+
+ def test_flavor_requested_luks(self):
+ server_request = self._build_server(
+ flavor_id=uuidsentinel.eph_encryption_luks_flavor,
+ networks=[])
+ self._assert_build_request_schedule_failure(server_request)
+
+ def test_image_requested_plain_flavor_requested_luks(self):
+ server_request = self._build_server(
+ image_uuid=uuidsentinel.eph_encryption_plain,
+ flavor_id=uuidsentinel.eph_encryption_luks_flavor,
+ networks=[])
+ self._assert_bad_build_request_error(server_request)
+
+ def test_image_requested_luks_flavor_requested_plain(self):
+ server_request = self._build_server(
+ image_uuid=uuidsentinel.eph_encryption_luks,
+ flavor_id=uuidsentinel.eph_encryption_plain_flavor,
+ networks=[])
+ self._assert_bad_build_request_error(server_request)
View Lorry Controller Status