openstack/cinder
Code Issues Proposed changes

Merge "Delete unused key when rekeying volume"

Browse Source
This commit is contained in:
Zuul 2019-09-19 18:35:16 +00:00 committed by Gerrit Code Review
commit d229aa3cb1
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cinder/tests/unit/volume/test_volume.py
View File

@ -1655,8 +1655,6 @@ class VolumeTestCase(base.BaseVolumeTestCase):
db.volume_destroy(self.context, src_vol_id) db.volume_destroy(self.context, src_vol_id)
db.volume_destroy(self.context, dst_vol['id']) db.volume_destroy(self.context, dst_vol['id'])
mock_del_enc_key.assert_not_called()
if rekey_supported: if rekey_supported:
mock_setup_enc_keys.assert_called_once_with( mock_setup_enc_keys.assert_called_once_with(
mock.ANY, mock.ANY,
@ -1681,9 +1679,13 @@ class VolumeTestCase(base.BaseVolumeTestCase):
'--key-file=-', '/some/device/thing', '--key-file=-', '/some/device/thing',
process_input='asdfg', process_input='asdfg',
run_as_root=True) run_as_root=True)
mock_del_enc_key.assert_called_once_with(mock.ANY, # context
mock.ANY, # keymgr
fake.ENCRYPTION_KEY2_ID)
else: else:
mock_setup_enc_keys.assert_not_called() mock_setup_enc_keys.assert_not_called()
mock_execute.assert_not_called() mock_execute.assert_not_called()
mock_del_enc_key.assert_not_called()
mock_at.assert_called() mock_at.assert_called()
mock_det.assert_called() mock_det.assert_called()

9
cinder/volume/flows/manager/create_volume.py
View File

@ -516,6 +516,8 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask):
attach_info = None attach_info = None
model_update = {} model_update = {}
new_key_id = None new_key_id = None
original_key_id = volume.encryption_key_id
key_mgr = key_manager.API(CONF)
try: try:
attach_info, volume = self.driver._attach_volume(context, attach_info, volume = self.driver._attach_volume(context,
@ -591,6 +593,11 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask):
del new_pass del new_pass
model_update = {'encryption_key_id': new_key_id} model_update = {'encryption_key_id': new_key_id}
# delete the original key that was cloned for this volume
# earlier
volume_utils.delete_encryption_key(context,
key_mgr,
original_key_id)
except exception.RekeyNotSupported: except exception.RekeyNotSupported:
pass pass
except Exception: except Exception:
@ -599,7 +606,7 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask):
# Remove newly cloned key since it will not be used. # Remove newly cloned key since it will not be used.
volume_utils.delete_encryption_key( volume_utils.delete_encryption_key(
context, context,
key_manager.API(CONF), key_mgr,
new_key_id) new_key_id)
finally: finally:
if attach_info: if attach_info: