libvirt: Use specific user when probing encrypted rbd disks during extend

I0c3f14100a18107f7e416293f3d4fcc641ce5e55 introduced new logic when
extending LUKSv1 encrypted rbd volumes. As part of this qemu-img is used
to probe the rbd volume to determine the size of the LUKSv1 header.

The URI used to point to the rbd volume did not provide a user and
assumed that n-cpu/privsep would have access to the admin keyring. This
isn't always the case in most environments and would result in a failure
to probe the disk when the admin keyring wasn't available.

This change resolves this by appending the `id:$username` option to the
end of the URI provided to qemu-img using the `auth_username` found in
the connection_info from Cinder.

Closes-Bug: #1913575
Change-Id: Ia6d6dcdd7042f2aef6b3abeb5cd0f7525678a3b7

Author: lyarwood

nova/tests/unit/virt/libvirt/test_driver.py

@@ -9767,6 +9767,8 @@ def test_extend_volume_luksv1_rbd(self, mock_qemu_img_info,
             'serial': uuids.volume_id,
             'driver_volume_type': 'rbd',
             'data': {'name': 'pool/volume',
+                     'auth_enabled': 'true',
+                     'auth_username': 'username',
                      'access_mode': 'rw'}
         }
         disk_1 = mock.Mock(spec=vconfig.LibvirtConfigGuestDisk,
@@ -9808,7 +9810,8 @@ def test_extend_volume_luksv1_rbd(self, mock_qemu_img_info,
 
         mock_get_encryption_metadata.assert_called_once_with(
             self.context, drvr._volume_api, uuids.volume_id, connection_info)
-        mock_qemu_img_info.assert_called_once_with('rbd:pool/volume')
+        mock_qemu_img_info.assert_called_once_with(
+            'rbd:pool/volume:id=username')
 
         # Assert that the Libvirt call to resize the device within the instance
         # is called with the LUKSv1 payload offset taken into account.

nova/virt/libvirt/driver.py

@@ -2097,7 +2097,11 @@ def _resize_attached_encrypted_volume(self, original_new_size,
                 if 'device_path' in connection_info['data']:
                     path = connection_info['data']['device_path']
                 elif connection_info['driver_volume_type'] == 'rbd':
-                    path = 'rbd:%s' % (connection_info['data']['name'])
+                    volume_name = connection_info['data']['name']
+                    path = f"rbd:{volume_name}"
+                    if connection_info['data'].get('auth_enabled'):
+                        username = connection_info['data']['auth_username']
+                        path = f"rbd:{volume_name}:id={username}"
                 else:
                     path = 'unknown'
                     raise exception.DiskNotFound(location='unknown')