Merge "scheduler: Translate secure boot requests to trait"

2021-03-14 08:14:41 +00:00 · 2021-03-14 08:14:41 +00:00 · 14dde04432
parent 24edda34de 1862971faa
commit 14dde04432
2 changed files with 30 additions and 0 deletions
--- a/nova/scheduler/utils.py
+++ b/nova/scheduler/utils.py
@ -190,6 +190,8 @@ class ResourceRequest(object):

        res_req._translate_pci_numa_affinity_policy(request_spec.flavor, image)

+        res_req._translate_secure_boot_request(request_spec.flavor, image)
+
        res_req.strip_zeros()

        return res_req
@ -249,6 +251,15 @@ class ResourceRequest(object):
            # supported in image traits
            self._add_trait(trait, 'required')

+    def _translate_secure_boot_request(self, flavor, image):
+        sb_policy = hardware.get_secure_boot_constraint(flavor, image)
+        if sb_policy != obj_fields.SecureBoot.REQUIRED:
+            return
+
+        trait = os_traits.COMPUTE_SECURITY_UEFI_SECURE_BOOT
+        self._add_trait(trait, 'required')
+        LOG.debug("Requiring secure boot support via trait %s.", trait)
+
    def _translate_vtpm_request(self, flavor, image):
        vtpm_config = hardware.get_vtpm_constraint(flavor, image)
        if not vtpm_config:
--- a/nova/tests/unit/scheduler/test_utils.py
+++ b/nova/tests/unit/scheduler/test_utils.py
@ -1243,6 +1243,25 @@ class TestUtils(TestUtilsBase):
        rr = utils.ResourceRequest.from_request_spec(rs)
        self.assertResourceRequestsEqual(expected, rr)

+    def test_resource_request_from_request_spec_with_secure_boot(self):
+        flavor = objects.Flavor(
+            vcpus=1, memory_mb=1024, root_gb=10, ephemeral_gb=5, swap=0,
+            extra_specs={'os:secure_boot': 'required'},
+        )
+        expected = FakeResourceRequest()
+        expected._rg_by_id[None] = objects.RequestGroup(
+            use_same_provider=False,
+            required_traits={'COMPUTE_SECURITY_UEFI_SECURE_BOOT'},
+            resources={
+                'VCPU': 1,
+                'MEMORY_MB': 1024,
+                'DISK_GB': 15,
+            },
+        )
+        rs = objects.RequestSpec(flavor=flavor, is_bfv=False)
+        rr = utils.ResourceRequest.from_request_spec(rs)
+        self.assertResourceRequestsEqual(expected, rr)
+
    def test_resource_request_from_request_spec_with_vtpm_1_2(self):
        flavor = objects.Flavor(
            vcpus=1, memory_mb=1024, root_gb=10, ephemeral_gb=5, swap=0,