sma: crypto support for nvmf/tcp devices

The nvmf/tcp devices will now support attaching volumes with encryption enabled. This basically boils down to getting the crypto bdev name through the CryptoEngine.get_crypto_bdev() interface (instead of just using volume_id) and specyfing UUID/NGUID when attaching namespaces to a subsystem. Signed-off-by: Konrad Sztyber <konrad.sztyber@intel.com> Change-Id: Iefddbf07675152aa2e042564eb87c457b6995b9b Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/13871 Tested-by: SPDK CI Jenkins <sys_sgci@intel.com> Reviewed-by: Ben Walker <benjamin.walker@intel.com> Reviewed-by: Jim Harris <james.r.harris@intel.com> Reviewed-by: <sebastian.brzezinka@intel.com>
2022-08-03 05:19:18 +02:00 · 2022-08-03 05:19:18 +02:00 · c16dab7e37
commit c16dab7e37
parent e1068a862c
2 changed files with 17 additions and 6 deletions
--- a/python/spdk/sma/common.py
+++ b/python/spdk/sma/common.py
@ -15,3 +15,7 @@ def format_volume_id(volume_id):
    except ValueError:
        pass
    return None
+
+
+def volume_id_to_nguid(uuid):
+    return uuid.replace('-', '')
--- a/python/spdk/sma/device/nvmf_tcp.py
+++ b/python/spdk/sma/device/nvmf_tcp.py
@ -3,7 +3,8 @@ import logging
 import uuid
 from spdk.rpc.client import JSONRPCException
 from .device import DeviceManager, DeviceException
-from ..common import format_volume_id
+from ..common import format_volume_id, volume_id_to_nguid
+from ..volume import get_crypto_engine, CryptoException
 from ..proto import sma_pb2
 from ..proto import nvmf_tcp_pb2

@ -95,11 +96,14 @@ class NvmfTcpDeviceManager(DeviceManager):
                                 'listen_address': {'trtype': 'tcp', **addr}})
                volume_id = format_volume_id(request.volume.volume_id)
                if volume_id is not None:
+                    bdev_name = get_crypto_engine().get_crypto_bdev(volume_id) or volume_id
                    result = client.call('nvmf_subsystem_add_ns',
                                         {'nqn': params.subnqn,
                                          'namespace': {
-                                              'bdev_name': volume_id}})
-            except JSONRPCException:
+                                              'bdev_name': bdev_name,
+                                              'uuid': volume_id,
+                                              'nguid': volume_id_to_nguid(volume_id)}})
+            except (JSONRPCException, CryptoException):
                try:
                    client.call('nvmf_delete_subsystem', {'nqn': params.subnqn})
                except JSONRPCException:
@ -127,8 +131,9 @@ class NvmfTcpDeviceManager(DeviceManager):

    def _find_bdev(self, client, guid):
        try:
-            return client.call('bdev_get_bdevs', {'name': guid})[0]
-        except JSONRPCException:
+            bdev_name = get_crypto_engine().get_crypto_bdev(guid) or guid
+            return client.call('bdev_get_bdevs', {'name': bdev_name})[0]
+        except (JSONRPCException, CryptoException):
            return None

    @_check_transport
@ -155,7 +160,9 @@ class NvmfTcpDeviceManager(DeviceManager):
                    result = client.call('nvmf_subsystem_add_ns',
                                         {'nqn': nqn,
                                          'namespace': {
-                                              'bdev_name': bdev['name']}})
+                                              'bdev_name': bdev['name'],
+                                              'uuid': volume_id,
+                                              'nguid': volume_id_to_nguid(volume_id)}})
                    if not result:
                        raise DeviceException(grpc.StatusCode.INTERNAL,
                                              'Failed to attach volume')