Merge "Add LUKS v2 tests"
diff --git a/tempest/api/volume/admin/test_encrypted_volumes_extend.py b/tempest/api/volume/admin/test_encrypted_volumes_extend.py
index 7339179..e85a00d 100644
--- a/tempest/api/volume/admin/test_encrypted_volumes_extend.py
+++ b/tempest/api/volume/admin/test_encrypted_volumes_extend.py
@@ -31,5 +31,18 @@
"Attached encrypted volume extend is disabled.")
@utils.services('compute')
def test_extend_attached_encrypted_volume_luksv1(self):
+ """LUKs v1 decrypts and extends through libvirt."""
volume = self.create_encrypted_volume(encryption_provider="luks")
self._test_extend_attached_volume(volume)
+
+ @decorators.idempotent_id('381a2a3a-b2f4-4631-a910-720881f2cc2f')
+ @testtools.skipUnless(
+ CONF.volume_feature_enabled.extend_attached_encrypted_volume,
+ "Attached encrypted volume extend is disabled.")
+ @testtools.skipIf(CONF.volume.storage_protocol == 'ceph',
+ 'Ceph only supports LUKSv2 if doing host attach.')
+ @utils.services('compute')
+ def test_extend_attached_encrypted_volume_luksv2(self):
+ """LUKs v2 decrypts and extends through os-brick."""
+ volume = self.create_encrypted_volume(encryption_provider="luks2")
+ self._test_extend_attached_volume(volume)
diff --git a/tempest/scenario/test_encrypted_cinder_volumes.py b/tempest/scenario/test_encrypted_cinder_volumes.py
index 6ee9f28..9788e19 100644
--- a/tempest/scenario/test_encrypted_cinder_volumes.py
+++ b/tempest/scenario/test_encrypted_cinder_volumes.py
@@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
+import testtools
+
from tempest.common import utils
from tempest import config
from tempest.lib import decorators
@@ -27,7 +29,7 @@
This test is for verifying the functionality of encrypted cinder volumes.
- For both LUKS and cryptsetup encryption types, this test performs
+ For both LUKS (v1 & v2) and cryptsetup encryption types, this test performs
the following:
* Boots an instance from an image (CONF.compute.image_ref)
@@ -55,11 +57,24 @@
@decorators.attr(type='slow')
@utils.services('compute', 'volume', 'image')
def test_encrypted_cinder_volumes_luks(self):
+ """LUKs v1 decrypts volume through libvirt."""
server = self.launch_instance()
volume = self.create_encrypted_volume('luks',
volume_type='luks')
self.attach_detach_volume(server, volume)
+ @decorators.idempotent_id('7abec0a3-61a0-42a5-9e36-ad3138fb38b4')
+ @testtools.skipIf(CONF.volume.storage_protocol == 'ceph',
+ 'Ceph only supports LUKSv2 if doing host attach.')
+ @decorators.attr(type='slow')
+ @utils.services('compute', 'volume', 'image')
+ def test_encrypted_cinder_volumes_luksv2(self):
+ """LUKs v2 decrypts volume through os-brick."""
+ server = self.launch_instance()
+ volume = self.create_encrypted_volume('luks2',
+ volume_type='luksv2')
+ self.attach_detach_volume(server, volume)
+
@decorators.idempotent_id('cbc752ed-b716-4717-910f-956cce965722')
@decorators.attr(type='slow')
@utils.services('compute', 'volume', 'image')
diff --git a/tempest/scenario/test_volume_boot_pattern.py b/tempest/scenario/test_volume_boot_pattern.py
index 5a5cc27..2e87c15 100644
--- a/tempest/scenario/test_volume_boot_pattern.py
+++ b/tempest/scenario/test_volume_boot_pattern.py
@@ -246,14 +246,10 @@
# Assert that the underlying volume is gone.
self.volumes_client.wait_for_resource_deletion(volume_origin['id'])
- @decorators.idempotent_id('cb78919a-e553-4bab-b73b-10cf4d2eb125')
- @testtools.skipUnless(CONF.compute_feature_enabled.attach_encrypted_volume,
- 'Encrypted volume attach is not supported')
- @utils.services('compute', 'volume')
- def test_boot_server_from_encrypted_volume_luks(self):
+ def _do_test_boot_server_from_encrypted_volume_luks(self, provider):
# Create an encrypted volume
- volume = self.create_encrypted_volume('luks',
- volume_type='luks')
+ volume = self.create_encrypted_volume(provider,
+ volume_type=provider)
self.volumes_client.set_bootable_volume(volume['id'], bootable=True)
@@ -266,3 +262,21 @@
server_info = self.servers_client.show_server(server['id'])['server']
created_volume = server_info['os-extended-volumes:volumes_attached']
self.assertEqual(volume['id'], created_volume[0]['id'])
+
+ @decorators.idempotent_id('cb78919a-e553-4bab-b73b-10cf4d2eb125')
+ @testtools.skipUnless(CONF.compute_feature_enabled.attach_encrypted_volume,
+ 'Encrypted volume attach is not supported')
+ @utils.services('compute', 'volume')
+ def test_boot_server_from_encrypted_volume_luks(self):
+ """LUKs v1 decrypts volume through libvirt."""
+ self._do_test_boot_server_from_encrypted_volume_luks('luks')
+
+ @decorators.idempotent_id('5ab6100f-1b31-4dd0-a774-68cfd837ef77')
+ @testtools.skipIf(CONF.volume.storage_protocol == 'ceph',
+ 'Ceph only supports LUKSv2 if doing host attach.')
+ @testtools.skipUnless(CONF.compute_feature_enabled.attach_encrypted_volume,
+ 'Encrypted volume attach is not supported')
+ @utils.services('compute', 'volume')
+ def test_boot_server_from_encrypted_volume_luksv2(self):
+ """LUKs v2 decrypts volume through os-brick."""
+ self._do_test_boot_server_from_encrypted_volume_luks('luks2')
diff --git a/tools/tempest-integrated-gate-networking-exclude-list.txt b/tools/tempest-integrated-gate-networking-exclude-list.txt
index 263b2e4..9d79a35 100644
--- a/tools/tempest-integrated-gate-networking-exclude-list.txt
+++ b/tools/tempest-integrated-gate-networking-exclude-list.txt
@@ -11,9 +11,11 @@
# Skip Cinder, Glance and Swift only scenario tests.
tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes.test_encrypted_cinder_volumes_luks
+tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes.test_encrypted_cinder_volumes_luks2
tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes.test_encrypted_cinder_volumes_cryptsetup
tempest.scenario.test_object_storage_basic_ops.TestObjectStorageBasicOps.test_swift_basic_ops
tempest.scenario.test_object_storage_basic_ops.TestObjectStorageBasicOps.test_swift_acl_anonymous_download
tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_boot_server_from_encrypted_volume_luks
+tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_boot_server_from_encrypted_volume_luks2
tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_image_defined_boot_from_volume
tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_create_server_from_volume_snapshot
diff --git a/tools/tempest-integrated-gate-placement-exclude-list.txt b/tools/tempest-integrated-gate-placement-exclude-list.txt
index efba796..eb68b32 100644
--- a/tools/tempest-integrated-gate-placement-exclude-list.txt
+++ b/tools/tempest-integrated-gate-placement-exclude-list.txt
@@ -11,9 +11,11 @@
# Skip Cinder, Glance and Swift only scenario tests.
tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes.test_encrypted_cinder_volumes_luks
+tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes.test_encrypted_cinder_volumes_luks2
tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes.test_encrypted_cinder_volumes_cryptsetup
tempest.scenario.test_object_storage_basic_ops.TestObjectStorageBasicOps.test_swift_basic_ops
tempest.scenario.test_object_storage_basic_ops.TestObjectStorageBasicOps.test_swift_acl_anonymous_download
tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_boot_server_from_encrypted_volume_luks
+tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_boot_server_from_encrypted_volume_luks2
tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_image_defined_boot_from_volume
tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_create_server_from_volume_snapshot