Fix logging in MemEncryption-related checks

MrStupnikov · MrStupnikov · commit 54faea0196c9 · 2023-02-11T12:59:02.000+01:00
Currently Nova produces ambigous error when volume-backed instance
is started using flavor with hw:mem_encryption extra_specs flag:
ImageMeta doesn't contain name if it represents Cinder volume.

This fix sligtly changes steps to get image_meta.name for
some MemEncryption-related checks where it could make any
difference.

Closes-bug: #2006952
Change-Id: Ia69e7cb18cd862f01ecfdbdc358c87af1ab8fbf6
diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
@@ -3402,7 +3402,8 @@ def test_sev_enabled_host_extra_spec_no_uefi(self):
         self.assertEqual(
             "Memory encryption requested by hw:mem_encryption extra spec in "
             "m1.fake flavor but image fake_image doesn't have "
-            "'hw_firmware_type' property set to 'uefi'", str(exc))
+            "'hw_firmware_type' property set to 'uefi' or volume-backed "
+            "instance was requested", str(exc))
 
     def test_sev_enabled_host_extra_spec_no_machine_type(self):
         exc = self.assertRaises(exception.InvalidMachineType,
diff --git a/nova/tests/unit/virt/test_hardware.py b/nova/tests/unit/virt/test_hardware.py
@@ -5364,7 +5364,7 @@ class MemEncryptionRequestedWithoutUEFITestCase(
     expected_error = (
         "Memory encryption requested by %(requesters)s but image "
         "%(image_name)s doesn't have 'hw_firmware_type' property "
-        "set to 'uefi'"
+        "set to 'uefi' or volume-backed instance was requested"
     )
 
     def _test_encrypted_memory_support_no_uefi(self, enc_extra_spec,
@@ -5491,6 +5491,25 @@ def test_require_encrypted_memory_support_both_required(self):
                     (self.flavor_name, self.image_id)
                 )
 
+    def test_encrypted_memory_support_flavor_for_volume(self):
+        extra_specs = {'hw:mem_encryption': True}
+
+        flavor = objects.Flavor(name=self.flavor_name,
+                                extra_specs=extra_specs)
+        # Following image_meta is typical for root Cinder volume
+        image_meta = objects.ImageMeta.from_dict({
+            'min_disk': 0,
+            'min_ram': 0,
+            'properties': {},
+            'size': 0,
+            'status': 'active'})
+        # Confirm that exception.FlavorImageConflict is raised when
+        # flavor with hw:mem_encryption flag is used to create
+        # volume-backed instance
+        self.assertRaises(exception.FlavorImageConflict,
+                          hw.get_mem_encryption_constraint, flavor,
+                          image_meta)
+
 
 class PCINUMAAffinityPolicyTest(test.NoDBTestCase):
 
diff --git a/nova/virt/hardware.py b/nova/virt/hardware.py
@@ -1213,10 +1213,13 @@ def _check_for_mem_encryption_requirement_conflicts(
             "image %(image_name)s which has hw_mem_encryption property "
             "explicitly set to %(image_val)s"
         )
+        # image_meta.name is not set if image object represents root
+        # Cinder volume.
+        image_name = (image_meta.name if 'name' in image_meta else None)
         data = {
             'flavor_name': flavor.name,
             'flavor_val': flavor_mem_enc_str,
-            'image_name': image_meta.name,
+            'image_name': image_name,
             'image_val': image_mem_enc,
         }
         raise exception.FlavorImageConflict(emsg % data)
@@ -1228,10 +1231,15 @@ def _check_mem_encryption_uses_uefi_image(requesters, image_meta):
 
     emsg = _(
         "Memory encryption requested by %(requesters)s but image "
-        "%(image_name)s doesn't have 'hw_firmware_type' property set to 'uefi'"
+        "%(image_name)s doesn't have 'hw_firmware_type' property set to "
+        "'uefi' or volume-backed instance was requested"
     )
+    # image_meta.name is not set if image object represents root Cinder
+    # volume, for this case FlavorImageConflict should be raised, but
+    # image_meta.name can't be extracted.
+    image_name = (image_meta.name if 'name' in image_meta else None)
     data = {'requesters': " and ".join(requesters),
-            'image_name': image_meta.name}
+            'image_name': image_name}
     raise exception.FlavorImageConflict(emsg % data)
 
 
@@ -1260,12 +1268,14 @@ def _check_mem_encryption_machine_type(image_meta, machine_type=None):
     if mach_type is None:
         return
 
+    # image_meta.name is not set if image object represents root Cinder volume.
+    image_name = (image_meta.name if 'name' in image_meta else None)
     # Could be something like pc-q35-2.11 if a specific version of the
     # machine type is required, so do substring matching.
     if 'q35' not in mach_type:
         raise exception.InvalidMachineType(
             mtype=mach_type,
-            image_id=image_meta.id, image_name=image_meta.name,
+            image_id=image_meta.id, image_name=image_name,
             reason=_("q35 type is required for SEV to work"))
 
 
