From cd7a4da7afac2c9912404736399fd8e985be131e Mon Sep 17 00:00:00 2001 From: Eric Harney Date: Tue, 22 Oct 2024 12:45:06 -0400 Subject: [PATCH] Tests: Fix type error in volume encryption unit tests Use booleans instead of strings. Now that more unit test code runs, a few other errors were detected and fixed: - Missing --force-password arg - Modifying "encryption" dict's provider field was updating the dict also stored in the mock, causing mismatches in unit tests. Don't modify this dict, just use/manipulate the provider arg that we need. Change-Id: I50f426a77f389f13278a21ad7193c8bbdbd8fd7a --- cinder/tests/unit/volume/test_volume.py | 18 +++++++++++------- cinder/volume/flows/manager/create_volume.py | 7 ++++--- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/cinder/tests/unit/volume/test_volume.py b/cinder/tests/unit/volume/test_volume.py index 00b4761918e..c0275df981a 100644 --- a/cinder/tests/unit/volume/test_volume.py +++ b/cinder/tests/unit/volume/test_volume.py @@ -1722,15 +1722,15 @@ class VolumeTestCase(base.BaseVolumeTestCase): @ddt.data({'connector_class': os_brick.initiator.connectors.iscsi.ISCSIConnector, 'rekey_supported': True, - 'already_encrypted': 'yes'}, + 'already_encrypted': True}, {'connector_class': os_brick.initiator.connectors.iscsi.ISCSIConnector, 'rekey_supported': True, - 'already_encrypted': 'no'}, + 'already_encrypted': False}, {'connector_class': os_brick.initiator.connectors.rbd.RBDConnector, 'rekey_supported': False, - 'already_encrypted': 'no'}) + 'already_encrypted': False}) @ddt.unpack @mock.patch('cinder.volume.volume_utils.delete_encryption_key') @mock.patch('cinder.volume.flows.manager.create_volume.' @@ -1748,9 +1748,11 @@ class VolumeTestCase(base.BaseVolumeTestCase): already_encrypted=None): # create source volume mock_execute.return_value = ('', '') - mock_enc_metadata_get.return_value = {'cipher': 'aes-xts-plain64', - 'key_size': 256, - 'provider': 'luks'} + mock_enc_metadata_get.return_value = { + 'cipher': 'aes-xts-plain64', + 'key_size': 256, + 'provider': 'luks', + 'encryption_key_id': fake.ENCRYPTION_KEY_ID} mock_setup_enc_keys.return_value = ( 'qwert', 'asdfg', @@ -1802,7 +1804,8 @@ class VolumeTestCase(base.BaseVolumeTestCase): src_vol, {'key_size': 256, 'provider': 'luks', - 'cipher': 'aes-xts-plain64'} + 'cipher': 'aes-xts-plain64', + 'encryption_key_id': fake.ENCRYPTION_KEY_ID} ) if already_encrypted: mock_execute.assert_called_once_with( @@ -1816,6 +1819,7 @@ class VolumeTestCase(base.BaseVolumeTestCase): else: mock_execute.assert_called_once_with( 'cryptsetup', '--batch-mode', 'luksFormat', + '--force-password', '--type', 'luks1', '--cipher', 'aes-xts-plain64', '--key-size', '256', '--key-file=-', '/some/device/thing', diff --git a/cinder/volume/flows/manager/create_volume.py b/cinder/volume/flows/manager/create_volume.py index b21d02c9a9d..eda5608a80b 100644 --- a/cinder/volume/flows/manager/create_volume.py +++ b/cinder/volume/flows/manager/create_volume.py @@ -596,17 +596,18 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask): # and is detected as another format. raise exception.Invalid() - if encryption['provider'] == 'luks': + encryption_provider = encryption['provider'] + if encryption_provider == 'luks': # Force ambiguous "luks" provider to luks1 for # compatibility with new versions of cryptsetup. - encryption['provider'] = 'luks1' + encryption_provider = 'luks1' (out, err) = utils.execute( 'cryptsetup', '--batch-mode', 'luksFormat', '--force-password', - '--type', encryption['provider'], + '--type', encryption_provider, '--cipher', encryption['cipher'], '--key-size', str(encryption['key_size']), '--key-file=-',