FWIW, the fact that the tempest encryption job is currently passing on Ceph shows a serious bug in the cinder APIs, and possibly nova too.
If the client has requested encrypted storage, and the volume driver in cinder cannot support that, then it is unacceptable to simply ignore the encryption request - we should be reporting that back as a fatal error and /not/ continuing unencrypted.
Similarly if cinder reports encryption for a volume, and nova is unable to use that, we must ensure Nova reports an error at VM boot time, or volume attach.
FWIW, the fact that the tempest encryption job is currently passing on Ceph shows a serious bug in the cinder APIs, and possibly nova too.
If the client has requested encrypted storage, and the volume driver in cinder cannot support that, then it is unacceptable to simply ignore the encryption request - we should be reporting that back as a fatal error and /not/ continuing unencrypted.
Similarly if cinder reports encryption for a volume, and nova is unable to use that, we must ensure Nova reports an error at VM boot time, or volume attach.