From 46e3502c303f9a4d4133f643920f1e2884a27599 Mon Sep 17 00:00:00 2001
From: Stephen Finucane <stephenfin@redhat.com>
Date: Fri, 12 Feb 2021 19:24:40 +0000
Subject: [PATCH] libvirt: Report secure boot support to scheduler

The final step. We now start reporting this trait to the scheduler,
allowing instances requesting secure boot to be scheduled here.

Blueprint: allow-secure-boot-for-qemu-kvm-guests
Change-Id: I171d47d72ebc81d1c905eb9130378dfef9a55ce5
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
---
 nova/tests/unit/virt/libvirt/test_driver.py | 19 +++++++++++++++++--
 nova/virt/libvirt/driver.py                 | 10 ++++++++++
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
index 194983b616e0..37257a868ed9 100644
--- a/nova/tests/unit/virt/libvirt/test_driver.py
+++ b/nova/tests/unit/virt/libvirt/test_driver.py
@@ -1124,6 +1124,21 @@ class LibvirtConnTestCase(test.NoDBTestCase,
             "'swtpm_enabled=True'"
         )
 
+    @mock.patch.object(
+        libvirt_driver.LibvirtDriver, '_register_instance_machine_type',
+        new=mock.Mock())
+    @mock.patch.object(
+        host.Host, 'supports_secure_boot', new_callable=mock.PropertyMock)
+    def test_driver_capabilities_secure_boot(self, mock_supports):
+        drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
+        drvr.init_host("dummyhost")
+        self.assertTrue(
+            drvr.capabilities['supports_secure_boot'],
+            "Driver capabilities for 'supports_secure_boot' is invalid when "
+            "host should support this feature"
+        )
+        mock_supports.assert_called_once_with()
+
     def test_driver_raises_on_non_linux_platform(self):
         with utils.temporary_mutation(sys, platform='darwin'):
             self.assertRaises(
@@ -2705,8 +2720,8 @@ class LibvirtConnTestCase(test.NoDBTestCase,
         test_init_host()
         # NOTE(dkliban): Will fail if get_host_capabilities is called before
         # registerErrorHandler
-        self.assertEqual(['fake_registerErrorHandler',
-                          'fake_get_host_capabilities'], calls)
+        self.assertEqual('fake_registerErrorHandler', calls[0])
+        self.assertEqual('fake_get_host_capabilities', calls[1])
 
     def test_sanitize_log_to_xml(self):
         # setup fake data
diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
index 8161e53ff102..10aaa260dd17 100644
--- a/nova/virt/libvirt/driver.py
+++ b/nova/virt/libvirt/driver.py
@@ -684,6 +684,8 @@ class LibvirtDriver(driver.ComputeDriver):
     def init_host(self, host):
         self._host.initialize()
 
+        self._update_host_specific_capabilities()
+
         self._check_cpu_set_configuration()
 
         self._do_quality_warnings()
@@ -781,6 +783,14 @@ class LibvirtDriver(driver.ComputeDriver):
 
         self._register_instance_machine_type()
 
+    def _update_host_specific_capabilities(self) -> None:
+        """Update driver capabilities based on capabilities of the host."""
+        # TODO(stephenfin): We should also be reporting e.g. SEV functionality
+        # or UEFI bootloader support in this manner
+        self.capabilities.update({
+            'supports_secure_boot': self._host.supports_secure_boot,
+        })
+
     def _register_instance_machine_type(self):
         """Register the machine type of instances on this host