Provide knob to disable ata secure erase

We need to allow the operator to able to explicitly disable secure erase, in case it is problematic in their environment or hardware. Change-Id: I4c68efa65cdd7f88f54f8dd9a8bcbeee9e8124a8 Story: #2002546 Task: #22108
2018-06-13 12:20:22 -07:00 · 2018-06-13 12:20:22 -07:00 · d9f59d94f2
commit d9f59d94f2
parent 5c94cc434c
3 changed files with 26 additions and 3 deletions
--- a/ironic_python_agent/hardware.py
+++ b/ironic_python_agent/hardware.py
@ -771,14 +771,15 @@ class GenericHardwareManager(HardwareManager):
            LOG.info("Skipping the erase of virtual media device %s",
                     block_device.name)
            return
-
+        info = node.get('driver_internal_info', {})
        # Note(TheJulia) Use try/except to capture and log the failure
        # and then revert to attempting to shred the volume if enabled.
        try:
-            if self._ata_erase(block_device):
+            execute_secure_erase = info.get(
+                'agent_enable_ata_secure_erase', True)
+            if execute_secure_erase and self._ata_erase(block_device):
                return
        except errors.BlockDeviceEraseError as e:
-            info = node.get('driver_internal_info', {})
            execute_shred = info.get(
                'agent_continue_if_ata_erase_failed', False)
            if execute_shred:
--- a/ironic_python_agent/tests/unit/test_hardware.py
+++ b/ironic_python_agent/tests/unit/test_hardware.py
@ -1673,6 +1673,22 @@ class TestGenericHardwareManager(base.IronicAgentTest):
        self.hardware.erase_block_device(self.node, block_device)
        self.assertTrue(mock_shred.called)

+    @mock.patch.object(hardware.GenericHardwareManager, '_shred_block_device',
+                       autospec=True)
+    @mock.patch.object(utils, 'execute', autospec=True)
+    def test_erase_block_device_ata_erase_disabled(
+            self, mocked_execute, mock_shred):
+
+        info = self.node['driver_internal_info']
+        info['agent_enable_ata_secure_erase'] = False
+
+        block_device = hardware.BlockDevice('/dev/sda', 'big', 1073741824,
+                                            True)
+
+        self.hardware.erase_block_device(self.node, block_device)
+        self.assertTrue(mock_shred.called)
+        self.assertFalse(mocked_execute.called)
+
    def test_normal_vs_enhanced_security_erase(self):
        @mock.patch.object(utils, 'execute', autospec=True)
        def test_security_erase_option(test_case,
--- a/releasenotes/notes/ability-to-disable-secure-erase-c3223262726d5aff.yaml
+++ b/releasenotes/notes/ability-to-disable-secure-erase-c3223262726d5aff.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Adds the ability for the Bare Metal service conductor
+    service to explicitly choose to disable ATA Secure Erase
+    from being executed.