openstack/ironic-python-agent
Code Issues Proposed changes

Added support for secure erase enhanced

Browse Source 
Added support for secure erase enhanced option when doing an ATA secure erase.

Also made it prefer the enhanced version if hdparm claims the device
supports it.

Change-Id: I2ce04d0b967d6c176acd40ea10a05bcab5dbf2d0
This commit is contained in:
Clif Houck 2015-02-05 17:03:33 -06:00
parent 571445438a
commit b4cc3050db
2 changed files with 45 additions and 2 deletions
ironic_python_agent
hardware.py
tests
hardware.py

8
ironic_python_agent/hardware.py

@ -314,7 +314,13 @@ class GenericHardwareManager(HardwareManager):
utils.execute('hdparm', '--user-master', 'u', '--security-set-pass',
'NULL', block_device.name)
utils.execute('hdparm', '--user-master', 'u', '--security-erase',
# Use the 'enhanced' security erase option if it's supported.
erase_option = '--security-erase'
if 'not supported: enhanced erase' not in security_lines:
erase_option += '-enhanced'
utils.execute('hdparm', '--user-master', 'u', erase_option,
'NULL', block_device.name)
# Verify that security is now 'not enabled'

39
ironic_python_agent/tests/hardware.py

@ -106,7 +106,7 @@ HDPARM_INFO_TEMPLATE = (
'\tnot\tlocked\n'
'\t%(frozen)s\n'
'\tnot\texpired: security count\n'
'\t\tsupported: enhanced erase\n'
'\t%(enhanced_erase)s\n'
'\t24min for SECURITY ERASE UNIT. 24min for ENHANCED SECURITY '
'ERASE UNIT.\n'
'Checksum: correct\n'
@ -323,6 +323,7 @@ class TestGenericHardwareManager(test_base.BaseTestCase):
'supported': '\tsupported',
'enabled': 'not\tenabled',
'frozen': 'not\tfrozen',
'enhanced_erase': 'not\tsupported: enhanced erase',
}
mocked_execute.side_effect = [
(HDPARM_INFO_TEMPLATE % hdparm_info_fields, ''),
@ -363,6 +364,7 @@ class TestGenericHardwareManager(test_base.BaseTestCase):
'supported': 'not\tsupported',
'enabled': 'not\tenabled',
'frozen': 'not\tfrozen',
'enhanced_erase': 'not\tsupported: enhanced erase',
}
mocked_execute.side_effect = [
@ -381,6 +383,7 @@ class TestGenericHardwareManager(test_base.BaseTestCase):
'supported': '\tsupported',
'enabled': '\tenabled',
'frozen': 'not\tfrozen',
'enhanced_erase': 'not\tsupported: enhanced erase',
}
mocked_execute.side_effect = [
@ -399,6 +402,7 @@ class TestGenericHardwareManager(test_base.BaseTestCase):
'supported': '\tsupported',
'enabled': 'not\tenabled',
'frozen': '\tfrozen',
'enhanced_erase': 'not\tsupported: enhanced erase',
}
mocked_execute.side_effect = [
@ -417,6 +421,7 @@ class TestGenericHardwareManager(test_base.BaseTestCase):
'supported': '\tsupported',
'enabled': 'not\tenabled',
'frozen': 'not\tfrozen',
'enhanced_erase': 'not\tsupported: enhanced erase',
}
# If security mode remains enabled after the erase, it is indiciative
@ -425,6 +430,7 @@ class TestGenericHardwareManager(test_base.BaseTestCase):
'supported': '\tsupported',
'enabled': '\tenabled',
'frozen': 'not\tfrozen',
'enhanced_erase': 'not\tsupported: enhanced erase',
}
mocked_execute.side_effect = [
@ -439,3 +445,34 @@ class TestGenericHardwareManager(test_base.BaseTestCase):
self.assertRaises(errors.BlockDeviceEraseError,
self.hardware.erase_block_device,
block_device)
def test_normal_vs_enhanced_security_erase(self):
@mock.patch.object(utils, 'execute')
def test_security_erase_option(test_case,
enhanced_erase_string,
expected_option,
mocked_execute):
hdparm_parameters = {
'supported': '\tsupported',
'enabled': 'not\tenabled',
'frozen': 'not\tfrozen',
'enhanced_erase': enhanced_erase_string,
}
mocked_execute.side_effect = [
(HDPARM_INFO_TEMPLATE % hdparm_parameters, ''),
('', ''),
('', ''),
(HDPARM_INFO_TEMPLATE % hdparm_parameters, ''),
]
block_device = hardware.BlockDevice('/dev/sda', 'big', 1073741824,
True)
test_case.hardware.erase_block_device(block_device)
mocked_execute.assert_any_call('hdparm', '--user-master', 'u',
expected_option,
'NULL', '/dev/sda')
test_security_erase_option(self,
'\tsupported: enhanced erase', '--security-erase-enhanced')
test_security_erase_option(self,
'\tnot\tsupported: enhanced erase', '--security-erase')