Functional test for encryption volume type
Change-Id: Ia72f2154105981f89dd03b1fe898530c0fcdc204
Implements: blueprint cinder-volume-encryption
diff --git a/functional/test_encryption_vol_type.py b/functional/test_encryption_vol_type.py
new file mode 100644
index 0000000..e1a3e76
--- /dev/null
+++ b/functional/test_encryption_vol_type.py
@@ -0,0 +1,91 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+from heat_integrationtests.common import clients
+from heat_integrationtests.common import config
+from heat_integrationtests.functional import functional_base
+
+test_encryption_vol_type = {
+ 'heat_template_version': '2015-04-30',
+ 'description': 'Test template to create encryption volume type.',
+ 'resources': {
+ 'my_volume_type': {
+ 'type': 'OS::Cinder::VolumeType',
+ 'properties': {
+ 'name': 'LUKS'
+ }
+ },
+ 'my_encrypted_vol_type': {
+ 'type': 'OS::Cinder::EncryptedVolumeType',
+ 'properties': {
+ 'provider': 'nova.volume.encryptors.luks.LuksEncryptor',
+ 'control_location': 'front-end',
+ 'cipher': 'aes-xts-plain64',
+ 'key_size': 512,
+ 'volume_type': {'get_resource': 'my_volume_type'}
+ }
+ }
+ }
+}
+
+
+class EncryptionVolTypeTest(functional_base.FunctionalTestsBase):
+ def setUp(self):
+ super(EncryptionVolTypeTest, self).setUp()
+ self.conf = config.init_conf()
+ # cinder security policy usage of volume type is limited
+ # to being used by administrators only.
+ # Temporarily set username as admin for this test case.
+ self.conf.username = 'admin'
+ self.manager = clients.ClientManager(self.conf)
+ self.client = self.manager.orchestration_client
+ self.volume_client = self.manager.volume_client
+
+ def check_stack(self, sid):
+ vt = 'my_volume_type'
+ e_vt = 'my_encrypted_vol_type'
+
+ # check if only two resources are present.
+ expected_resources = {vt: 'OS::Cinder::VolumeType',
+ e_vt: 'OS::Cinder::EncryptedVolumeType'}
+ self.assertEqual(expected_resources,
+ self.list_resources(sid))
+
+ e_vt_obj = self.client.resources.get(sid, e_vt)
+ my_encrypted_vol_type_tmpl_prop = test_encryption_vol_type[
+ 'resources']['my_encrypted_vol_type']['properties']
+
+ # check if the phy rsrc specs was created in accordance with template.
+ phy_rsrc_specs = self.volume_client.volume_encryption_types.get(
+ e_vt_obj.physical_resource_id)
+ self.assertEqual(my_encrypted_vol_type_tmpl_prop['key_size'],
+ phy_rsrc_specs.key_size)
+ self.assertEqual(my_encrypted_vol_type_tmpl_prop['provider'],
+ phy_rsrc_specs.provider)
+ self.assertEqual(my_encrypted_vol_type_tmpl_prop['cipher'],
+ phy_rsrc_specs.cipher)
+ self.assertEqual(my_encrypted_vol_type_tmpl_prop['control_location'],
+ phy_rsrc_specs.control_location)
+
+ def test_create_update(self):
+ stack_identifier = self.stack_create(
+ template=test_encryption_vol_type)
+ self.check_stack(stack_identifier)
+
+ # Change some properties and trigger update.
+ my_encrypted_vol_type_tmpl_prop = test_encryption_vol_type[
+ 'resources']['my_encrypted_vol_type']['properties']
+ my_encrypted_vol_type_tmpl_prop['key_size'] = 256
+ my_encrypted_vol_type_tmpl_prop['cipher'] = 'aes-cbc-essiv'
+ self.update_stack(stack_identifier, test_encryption_vol_type)
+ self.check_stack(stack_identifier)