From 7dabe1d878e988670b1e37ef5f1b11a63000e6b2 Mon Sep 17 00:00:00 2001 From: Eric Harney Date: Wed, 1 Aug 2018 10:20:01 -0400 Subject: [PATCH] ScaleIO: Require zero-padding to be enabled Do not allow volumes to be created on ScaleIO pools that have zero padding disabled. This configuration allows data to leak between OpenStack tenants. Closes-Bug: #1784871 Change-Id: I5ba56508c03d056210bc73e7b1073614425f93f4 --- .../volume/drivers/dell_emc/scaleio/mocks.py | 3 +++ .../volume/drivers/dell_emc/scaleio/driver.py | 17 +++++++---------- .../scaleio-zeropadding-a0273c56c4d14fca.yaml | 11 +++++------ 3 files changed, 15 insertions(+), 16 deletions(-) diff --git a/cinder/tests/unit/volume/drivers/dell_emc/scaleio/mocks.py b/cinder/tests/unit/volume/drivers/dell_emc/scaleio/mocks.py index b0e51363a..b3f2ea3b1 100644 --- a/cinder/tests/unit/volume/drivers/dell_emc/scaleio/mocks.py +++ b/cinder/tests/unit/volume/drivers/dell_emc/scaleio/mocks.py @@ -40,6 +40,9 @@ class ScaleIODriver(driver.ScaleIODriver): def unmanage(self, volume): pass + def _is_volume_creation_safe(self, _pd, _sp, _pt): + return True + class MockHTTPSResponse(requests.Response): """Mock HTTP Response diff --git a/cinder/volume/drivers/dell_emc/scaleio/driver.py b/cinder/volume/drivers/dell_emc/scaleio/driver.py index b00ed6c4b..7e47daa4d 100644 --- a/cinder/volume/drivers/dell_emc/scaleio/driver.py +++ b/cinder/volume/drivers/dell_emc/scaleio/driver.py @@ -107,12 +107,13 @@ scaleio_opts = [ default=10.0, help='max_over_subscription_ratio setting for the driver. ' 'Maximum value allowed is 10.0.'), - cfg.BoolOpt('sio_allow_non_padded_thick_volumes', + cfg.BoolOpt('sio_allow_non_padded_volumes', + deprecated_name='sio_allow_non_padded_thick_volumes', default=False, - help='Allow thick volumes to be created in Storage Pools ' + help='Allow volumes to be created in Storage Pools ' 'when zero padding is disabled. This option should ' 'not be enabled if multiple tenants will utilize ' - 'thick volumes from a shared Storage Pool.'), + 'volumes from a shared Storage Pool.'), ] CONF.register_opts(scaleio_opts, group=configuration.SHARED_CONF_GROUP) @@ -502,11 +503,7 @@ class ScaleIODriver(driver.VolumeDriver): to existing data being read off of a newly created volume """ # if we have been told to allow unsafe volumes - if self.configuration.sio_allow_non_padded_thick_volumes: - return True - - # all thin volumes are safe - if provision_type == 'ThinProvisioned': + if self.configuration.sio_allow_non_padded_volumes: return True try: @@ -607,13 +604,13 @@ class ScaleIODriver(driver.VolumeDriver): storage_pool_name, provisioning) if not allowed: - # Do not allow thick volume creation on this backend. + # Do not allow volume creation on this backend. # Volumes may leak data between tenants. LOG.error("Volume creation rejected due to " "zero padding being disabled for pool, %s:%s. " "This behaviour can be changed by setting " "the configuration option " - "sio_allow_non_padded_thick_volumes = True.", + "sio_allow_non_padded_volumes = True.", protection_domain_name, storage_pool_name) msg = _("Volume creation rejected due to " diff --git a/releasenotes/notes/scaleio-zeropadding-a0273c56c4d14fca.yaml b/releasenotes/notes/scaleio-zeropadding-a0273c56c4d14fca.yaml index bd488c949..05f8676ac 100644 --- a/releasenotes/notes/scaleio-zeropadding-a0273c56c4d14fca.yaml +++ b/releasenotes/notes/scaleio-zeropadding-a0273c56c4d14fca.yaml @@ -2,9 +2,8 @@ security: - | - Removed the ability to create thick volumes in a ScaleIO Storage Pool - that has zero-padding disabled; creation of thin volumes from these - pools is allowed. A new configuration option has been added to - override this new behavior and allow thick volumes, but should not - be enabled if multiple tenants will utilize thick volumes from a shared - Storage Pool. + Removed the ability to create volumes in a ScaleIO Storage Pool + that has zero-padding disabled. + A new configuration option has been added to override this new + behavior and allow volume creation, but should not be enabled if + multiple tenants will utilize volumes from a shared Storage Pool. -- 2.17.1