diff --git a/cinder/tests/unit/volume/test_volume.py b/cinder/tests/unit/volume/test_volume.py index da52cd23b01..3b2f2f5d389 100644 --- a/cinder/tests/unit/volume/test_volume.py +++ b/cinder/tests/unit/volume/test_volume.py @@ -1655,8 +1655,6 @@ class VolumeTestCase(base.BaseVolumeTestCase): db.volume_destroy(self.context, src_vol_id) db.volume_destroy(self.context, dst_vol['id']) - mock_del_enc_key.assert_not_called() - if rekey_supported: mock_setup_enc_keys.assert_called_once_with( mock.ANY, @@ -1681,9 +1679,13 @@ class VolumeTestCase(base.BaseVolumeTestCase): '--key-file=-', '/some/device/thing', process_input='asdfg', run_as_root=True) + mock_del_enc_key.assert_called_once_with(mock.ANY, # context + mock.ANY, # keymgr + fake.ENCRYPTION_KEY2_ID) else: mock_setup_enc_keys.assert_not_called() mock_execute.assert_not_called() + mock_del_enc_key.assert_not_called() mock_at.assert_called() mock_det.assert_called() diff --git a/cinder/volume/flows/manager/create_volume.py b/cinder/volume/flows/manager/create_volume.py index 0efd9611c3e..01fc5d78849 100644 --- a/cinder/volume/flows/manager/create_volume.py +++ b/cinder/volume/flows/manager/create_volume.py @@ -516,6 +516,8 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask): attach_info = None model_update = {} new_key_id = None + original_key_id = volume.encryption_key_id + key_mgr = key_manager.API(CONF) try: attach_info, volume = self.driver._attach_volume(context, @@ -591,6 +593,11 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask): del new_pass model_update = {'encryption_key_id': new_key_id} + # delete the original key that was cloned for this volume + # earlier + volume_utils.delete_encryption_key(context, + key_mgr, + original_key_id) except exception.RekeyNotSupported: pass except Exception: @@ -599,7 +606,7 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask): # Remove newly cloned key since it will not be used. volume_utils.delete_encryption_key( context, - key_manager.API(CONF), + key_mgr, new_key_id) finally: if attach_info: