x/tuskar-ui
Code Issues Proposed changes
tuskar-ui/openstack_dashboard/api/cinder.py
Nathan Reller 004ddecf9b Added encryption support for volumes 
The modifications are to the volumes/cinder area of the dashboard. In
the cinder client's API, we exposed the metadata parameter in the
"create" method, and then added a choice field to the create form to
(optionally) select an encryption mode.  The user's selection is then
passed in to cinder as volume metadata.  We also modified the detailed
volume view to display all metadata associated with a volume.  We also
added a flag in OPENSTACK_HYPERVISOR_FEATURES to enable/disable the
encryption field.  Finally, we added a test case to exercise the
encryption choice field.

The following changes were made to Nova to support this feature:

Added support to encrypt volumes. Modified the libvirt driver to
encrypt volumes during the attach call. Created a new VolumeEncryptor
class that is responsible for encrypting volumes. The default
implementation does not do enryption, and a DmCryptVolumeEncryptor is
provided to encrypt volumes using dmcrypt.

Added a new KeyManager interface. The KeyManager is used by the
VolumeEncryptor to retrieve the key necessary for encryption.

Change-Id: Idb6a923f0e3fa52ca800ebd621e247d972b7c714
Implements: blueprint volume-encryption-field
2013-02-18 09:31:28 -05:00

146 lines
4.7 KiB
Python
Raw Blame History

# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright 2012 United States Government as represented by the
# Administrator of the National Aeronautics and Space Administration.
# All Rights Reserved.
#
# Copyright 2012 Openstack, LLC
# Copyright 2012 Nebula, Inc.
# Copyright (c) 2012 X.commerce, a business unit of eBay Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from __future__ import absolute_import
import logging
from django.conf import settings
from django.utils.translation import ugettext as _
from cinderclient.v1 import client as cinder_client
from openstack_dashboard.api.base import url_for
from openstack_dashboard.api import nova
from openstack_dashboard.api.base import QuotaSet
from horizon import exceptions
LOG = logging.getLogger(__name__)
# API static values
VOLUME_STATE_AVAILABLE = "available"
def cinderclient(request):
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cinder_url = ""
try:
cinder_url = url_for(request, 'volume')
except exceptions.ServiceCatalogException:
LOG.debug('no volume service configured.')
return None
LOG.debug('cinderclient connection created using token "%s" and url "%s"' %
(request.user.token.id, cinder_url))
c = cinder_client.Client(request.user.username,
request.user.token.id,
project_id=request.user.tenant_id,
auth_url=cinder_url,
insecure=insecure)
c.client.auth_token = request.user.token.id
c.client.management_url = cinder_url
return c
def volume_list(request, search_opts=None):
"""
To see all volumes in the cloud as an admin you can pass in a special
search option: {'all_tenants': 1}
"""
c_client = cinderclient(request)
if c_client is None:
return []
return c_client.volumes.list(search_opts=search_opts)
def volume_get(request, volume_id):
volume_data = cinderclient(request).volumes.get(volume_id)
for attachment in volume_data.attachments:
if "server_id" in attachment:
instance = nova.server_get(request, attachment['server_id'])
attachment['instance_name'] = instance.name
else:
# Nova volume can occasionally send back error'd attachments
# the lack a server_id property; to work around that we'll
# give the attached instance a generic name.
attachment['instance_name'] = _("Unknown instance")
return volume_data
def volume_create(request, size, name, description, volume_type,
snapshot_id=None, metadata=None):
return cinderclient(request).volumes.create(size, display_name=name,
display_description=description, volume_type=volume_type,
snapshot_id=snapshot_id, metadata=metadata)
def volume_delete(request, volume_id):
return cinderclient(request).volumes.delete(volume_id)
def volume_snapshot_get(request, snapshot_id):
return cinderclient(request).volume_snapshots.get(snapshot_id)
def volume_snapshot_list(request):
c_client = cinderclient(request)
if c_client is None:
return []
return c_client.volume_snapshots.list()
def volume_snapshot_create(request, volume_id, name, description):
return cinderclient(request).volume_snapshots.create(
volume_id, display_name=name, display_description=description)
def volume_snapshot_delete(request, snapshot_id):
return cinderclient(request).volume_snapshots.delete(snapshot_id)
def tenant_quota_get(request, tenant_id):
c_client = cinderclient(request)
if c_client is None:
return QuotaSet()
return QuotaSet(c_client.quotas.get(tenant_id))
def tenant_quota_update(request, tenant_id, **kwargs):
return cinderclient(request).quotas.update(tenant_id, **kwargs)
def default_quota_get(request, tenant_id):
return QuotaSet(cinderclient(request).quotas.defaults(tenant_id))
def volume_type_list(request):
return cinderclient(request).volume_types.list()
def volume_type_create(request, name):
return cinderclient(request).volume_types.create(name)
def volume_type_delete(request, volume_type_id):
return cinderclient(request).volume_types.delete(volume_type_id)
View Git Blame Copy Permalink