Location: cinder.api.contrib.volume_type_encryption
Method: create
Bug:
When a volume type is made an encrypted volume type, through the volume_type_encryption API extension, the extension does not confirm no volumes exist with the volume type before making the volume type encrypted. If volumes exist with the volume type before the volume type is made an encrypted volume type, these volumes will not be encrypted, although the user may think they are encrypted because they have an encrypted volume type.
Proposed Fix:
Add a check in the volume_type_encryption extension to stop the creation of an encrypted volume type if there are currently volumes with the volume type. Also add a unit test confirming functionality.
The reason I initially checked "security" was because it was possible for a user to believe that his volumes were encrypted when in fact they were not.