diff --git a/heat_integrationtests/functional/test_encryption_vol_type.py b/heat_integrationtests/functional/test_encryption_vol_type.py new file mode 100644 index 0000000000..e1a3e769b1 --- /dev/null +++ b/heat_integrationtests/functional/test_encryption_vol_type.py @@ -0,0 +1,91 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +from heat_integrationtests.common import clients +from heat_integrationtests.common import config +from heat_integrationtests.functional import functional_base + +test_encryption_vol_type = { + 'heat_template_version': '2015-04-30', + 'description': 'Test template to create encryption volume type.', + 'resources': { + 'my_volume_type': { + 'type': 'OS::Cinder::VolumeType', + 'properties': { + 'name': 'LUKS' + } + }, + 'my_encrypted_vol_type': { + 'type': 'OS::Cinder::EncryptedVolumeType', + 'properties': { + 'provider': 'nova.volume.encryptors.luks.LuksEncryptor', + 'control_location': 'front-end', + 'cipher': 'aes-xts-plain64', + 'key_size': 512, + 'volume_type': {'get_resource': 'my_volume_type'} + } + } + } +} + + +class EncryptionVolTypeTest(functional_base.FunctionalTestsBase): + def setUp(self): + super(EncryptionVolTypeTest, self).setUp() + self.conf = config.init_conf() + # cinder security policy usage of volume type is limited + # to being used by administrators only. + # Temporarily set username as admin for this test case. + self.conf.username = 'admin' + self.manager = clients.ClientManager(self.conf) + self.client = self.manager.orchestration_client + self.volume_client = self.manager.volume_client + + def check_stack(self, sid): + vt = 'my_volume_type' + e_vt = 'my_encrypted_vol_type' + + # check if only two resources are present. + expected_resources = {vt: 'OS::Cinder::VolumeType', + e_vt: 'OS::Cinder::EncryptedVolumeType'} + self.assertEqual(expected_resources, + self.list_resources(sid)) + + e_vt_obj = self.client.resources.get(sid, e_vt) + my_encrypted_vol_type_tmpl_prop = test_encryption_vol_type[ + 'resources']['my_encrypted_vol_type']['properties'] + + # check if the phy rsrc specs was created in accordance with template. + phy_rsrc_specs = self.volume_client.volume_encryption_types.get( + e_vt_obj.physical_resource_id) + self.assertEqual(my_encrypted_vol_type_tmpl_prop['key_size'], + phy_rsrc_specs.key_size) + self.assertEqual(my_encrypted_vol_type_tmpl_prop['provider'], + phy_rsrc_specs.provider) + self.assertEqual(my_encrypted_vol_type_tmpl_prop['cipher'], + phy_rsrc_specs.cipher) + self.assertEqual(my_encrypted_vol_type_tmpl_prop['control_location'], + phy_rsrc_specs.control_location) + + def test_create_update(self): + stack_identifier = self.stack_create( + template=test_encryption_vol_type) + self.check_stack(stack_identifier) + + # Change some properties and trigger update. + my_encrypted_vol_type_tmpl_prop = test_encryption_vol_type[ + 'resources']['my_encrypted_vol_type']['properties'] + my_encrypted_vol_type_tmpl_prop['key_size'] = 256 + my_encrypted_vol_type_tmpl_prop['cipher'] = 'aes-cbc-essiv' + self.update_stack(stack_identifier, test_encryption_vol_type) + self.check_stack(stack_identifier)