diff options
author | Zuul <zuul@review.opendev.org> | 2022-07-25 23:37:30 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2022-07-25 23:37:30 +0000 |
commit | 3a710d340359f4aa8462b673c01f797e3adf3e15 (patch) | |
tree | 581adb941051fe586bd6cda97b58ac9479098afd /tempest/scenario | |
parent | cdac420386ebd95b2b72b5c113d5f4ed3cb6a375 (diff) | |
parent | 5e6fc7ab759ebb8ff5057da88251391ac7d10381 (diff) | |
download | tempest-3a710d340359f4aa8462b673c01f797e3adf3e15.tar.gz |
Merge "Add LUKS v2 tests"
Diffstat (limited to 'tempest/scenario')
-rw-r--r-- | tempest/scenario/test_encrypted_cinder_volumes.py | 17 | ||||
-rw-r--r-- | tempest/scenario/test_volume_boot_pattern.py | 28 |
2 files changed, 37 insertions, 8 deletions
diff --git a/tempest/scenario/test_encrypted_cinder_volumes.py b/tempest/scenario/test_encrypted_cinder_volumes.py index 6ee9f28a0..9788e1900 100644 --- a/tempest/scenario/test_encrypted_cinder_volumes.py +++ b/tempest/scenario/test_encrypted_cinder_volumes.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +import testtools + from tempest.common import utils from tempest import config from tempest.lib import decorators @@ -27,7 +29,7 @@ class TestEncryptedCinderVolumes(manager.EncryptionScenarioTest): This test is for verifying the functionality of encrypted cinder volumes. - For both LUKS and cryptsetup encryption types, this test performs + For both LUKS (v1 & v2) and cryptsetup encryption types, this test performs the following: * Boots an instance from an image (CONF.compute.image_ref) @@ -55,11 +57,24 @@ class TestEncryptedCinderVolumes(manager.EncryptionScenarioTest): @decorators.attr(type='slow') @utils.services('compute', 'volume', 'image') def test_encrypted_cinder_volumes_luks(self): + """LUKs v1 decrypts volume through libvirt.""" server = self.launch_instance() volume = self.create_encrypted_volume('luks', volume_type='luks') self.attach_detach_volume(server, volume) + @decorators.idempotent_id('7abec0a3-61a0-42a5-9e36-ad3138fb38b4') + @testtools.skipIf(CONF.volume.storage_protocol == 'ceph', + 'Ceph only supports LUKSv2 if doing host attach.') + @decorators.attr(type='slow') + @utils.services('compute', 'volume', 'image') + def test_encrypted_cinder_volumes_luksv2(self): + """LUKs v2 decrypts volume through os-brick.""" + server = self.launch_instance() + volume = self.create_encrypted_volume('luks2', + volume_type='luksv2') + self.attach_detach_volume(server, volume) + @decorators.idempotent_id('cbc752ed-b716-4717-910f-956cce965722') @decorators.attr(type='slow') @utils.services('compute', 'volume', 'image') diff --git a/tempest/scenario/test_volume_boot_pattern.py b/tempest/scenario/test_volume_boot_pattern.py index 5a5cc2704..2e87c159b 100644 --- a/tempest/scenario/test_volume_boot_pattern.py +++ b/tempest/scenario/test_volume_boot_pattern.py @@ -246,14 +246,10 @@ class TestVolumeBootPattern(manager.EncryptionScenarioTest): # Assert that the underlying volume is gone. self.volumes_client.wait_for_resource_deletion(volume_origin['id']) - @decorators.idempotent_id('cb78919a-e553-4bab-b73b-10cf4d2eb125') - @testtools.skipUnless(CONF.compute_feature_enabled.attach_encrypted_volume, - 'Encrypted volume attach is not supported') - @utils.services('compute', 'volume') - def test_boot_server_from_encrypted_volume_luks(self): + def _do_test_boot_server_from_encrypted_volume_luks(self, provider): # Create an encrypted volume - volume = self.create_encrypted_volume('luks', - volume_type='luks') + volume = self.create_encrypted_volume(provider, + volume_type=provider) self.volumes_client.set_bootable_volume(volume['id'], bootable=True) @@ -266,3 +262,21 @@ class TestVolumeBootPattern(manager.EncryptionScenarioTest): server_info = self.servers_client.show_server(server['id'])['server'] created_volume = server_info['os-extended-volumes:volumes_attached'] self.assertEqual(volume['id'], created_volume[0]['id']) + + @decorators.idempotent_id('cb78919a-e553-4bab-b73b-10cf4d2eb125') + @testtools.skipUnless(CONF.compute_feature_enabled.attach_encrypted_volume, + 'Encrypted volume attach is not supported') + @utils.services('compute', 'volume') + def test_boot_server_from_encrypted_volume_luks(self): + """LUKs v1 decrypts volume through libvirt.""" + self._do_test_boot_server_from_encrypted_volume_luks('luks') + + @decorators.idempotent_id('5ab6100f-1b31-4dd0-a774-68cfd837ef77') + @testtools.skipIf(CONF.volume.storage_protocol == 'ceph', + 'Ceph only supports LUKSv2 if doing host attach.') + @testtools.skipUnless(CONF.compute_feature_enabled.attach_encrypted_volume, + 'Encrypted volume attach is not supported') + @utils.services('compute', 'volume') + def test_boot_server_from_encrypted_volume_luksv2(self): + """LUKs v2 decrypts volume through os-brick.""" + self._do_test_boot_server_from_encrypted_volume_luks('luks2') |