8fc6fa5414
This commit will add tests to cover vTPM device support for instances.
The vTPM device allows storing secrets at instance level and its managed
by the Barbican backend.
The _vptm_server_creation_check helper method is used to create server
with specific vtpm version and model and assert that it is configured as
needed from the instance xml.
The test_create_server_with_vtpm_tis method will verify creation of
instance with tpm-tis model and supported version 2.0.
Similarly, test_create_server_with_vtpm_crb will verify creation of
instance with tpm-crb model and supported version 2.0.
In addition the Barbican client service was leveraged from the barbican
tempest plugin [1]. This is to allow the vTPM test to communicate with
the barbican client, confirm the secret key found in the guest domain is
present in the client, the key is active, and the keys description
accuratly describes its purpose is vTPM for the guest. Example reply
from barbican below:
{'algorithm': None,
'bit_length': None,
'content_types': {'default': 'application/octet-stream'},
'created': '2021-10-13T18:17:52',
'creator_id': '4b1cc6071236438c881f9da54657468f',
'expiration': None,
'mode': None,
'name': 'vTPM secret for instance b537c0df-0e39-4af8-94b3-04bcc8262f20',
'secret_ref': 'http://192.168.24.3:9311/v1/secrets/13a9ae5e-5187-4c0f-acde-b2cda06ae00c',
'secret_type': 'passphrase',
'status': 'ACTIVE',
'updated': '2021-10-13T18:17:52'}
[1] https://github.com/openstack/barbican-tempest-plugin
Related to:
https://review.opendev.org/c/openstack/nova/+/631363/
https://review.opendev.org/c/openstack/glance/+/633256/
https://bugzilla.redhat.com/show_bug.cgi?id=1782128
Change-Id: I7b1a1306beb871a9294884116f6430ead91ce601
70 lines
2.8 KiB
Python
70 lines
2.8 KiB
Python
# Copyright 2015
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
import os
|
|
|
|
from tempest import config
|
|
from tempest.test_discover import plugins
|
|
|
|
from whitebox_tempest_plugin import config as whitebox_config
|
|
|
|
|
|
class WhiteboxTempestPlugin(plugins.TempestPlugin):
|
|
|
|
def load_tests(self):
|
|
base_path = os.path.split(os.path.dirname(
|
|
os.path.abspath(__file__)))[0]
|
|
test_dir = 'whitebox_tempest_plugin/api'
|
|
full_test_dir = os.path.join(base_path, test_dir)
|
|
return full_test_dir, base_path
|
|
|
|
def register_opts(self, conf):
|
|
config.register_opt_group(conf, whitebox_config.general_group,
|
|
whitebox_config.general_opts)
|
|
config.register_opt_group(conf, whitebox_config.nova_compute_group,
|
|
whitebox_config.nova_compute_opts)
|
|
config.register_opt_group(conf, whitebox_config.database_group,
|
|
whitebox_config.database_opts)
|
|
config.register_opt_group(conf, whitebox_config.libvirt_group,
|
|
whitebox_config.libvirt_opts)
|
|
config.register_opt_group(conf, whitebox_config.hardware_group,
|
|
whitebox_config.hardware_opts)
|
|
config.register_opt_group(conf, config.compute_features_group,
|
|
whitebox_config.compute_features_group_opts)
|
|
|
|
def get_opt_lists(self):
|
|
return [(whitebox_config.general_group.name,
|
|
whitebox_config.general_opts),
|
|
(whitebox_config.nova_compute_group.name,
|
|
whitebox_config.nova_compute_opts),
|
|
(whitebox_config.libvirt_group.name,
|
|
whitebox_config.libvirt_opts),
|
|
(whitebox_config.database_group.name,
|
|
whitebox_config.database_opts),
|
|
(whitebox_config.hardware_group.name,
|
|
whitebox_config.hardware_opts)]
|
|
|
|
def get_service_clients(self):
|
|
v1_params = {
|
|
'name': 'secret_v1',
|
|
'service_version': 'secret.v1',
|
|
'module_path': 'whitebox_tempest_plugin.services.key_manager.json',
|
|
'client_names': [
|
|
'SecretClient'
|
|
]
|
|
}
|
|
return [v1_params]
|