From b202fa3a0e1ecebbce5bdf2686bb4f75b0e56f72 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Fri, 19 Feb 2021 10:53:10 +0000 Subject: [PATCH] tests: Add functional tests for UEFI, secure boot Blueprint: allow-secure-boot-for-qemu-kvm-guests Change-Id: Ia5c03f011e72f34bac1fb32b3144307c4319b482 Signed-off-by: Stephen Finucane --- nova/tests/functional/libvirt/test_uefi.py | 104 +++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 nova/tests/functional/libvirt/test_uefi.py diff --git a/nova/tests/functional/libvirt/test_uefi.py b/nova/tests/functional/libvirt/test_uefi.py new file mode 100644 index 000000000000..1eee1ab5e194 --- /dev/null +++ b/nova/tests/functional/libvirt/test_uefi.py @@ -0,0 +1,104 @@ +# Copyright (C) 2021 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import datetime + +from lxml import etree +from oslo_log import log as logging +from oslo_utils.fixture import uuidsentinel as uuids + +import nova.conf +from nova import context as nova_context +from nova import objects +from nova.tests.functional.libvirt import base + +CONF = nova.conf.CONF +LOG = logging.getLogger(__name__) + + +class UEFIServersTest(base.ServersTestBase): + + def assertInstanceHasUEFI(self, server): + ctx = nova_context.get_admin_context() + instance = objects.Instance.get_by_uuid(ctx, server['id']) + self.assertIn('image_hw_machine_type', instance.system_metadata) + self.assertEqual( + 'q35', instance.system_metadata['image_hw_machine_type']) + self.assertIn('image_hw_firmware_type', instance.system_metadata) + self.assertEqual( + 'uefi', instance.system_metadata['image_hw_firmware_type']) + self.assertIn('image_os_secure_boot', instance.system_metadata) + self.assertEqual( + 'required', instance.system_metadata['image_os_secure_boot']) + + def test_create_server(self): + orig_create = nova.virt.libvirt.guest.Guest.create + + def fake_create(cls, xml, host): + tree = etree.fromstring(xml) + self.assertXmlEqual( + """ + + hvm + /usr/share/OVMF/OVMF_CODE.secboot.fd + + + + + """, # noqa: E501 + etree.tostring(tree.find('./os'), encoding='unicode')) + + return orig_create(xml, host) + + self.stub_out('nova.virt.libvirt.guest.Guest.create', fake_create) + + compute = self.start_compute() + + # ensure we are reporting the correct trait + traits = self._get_provider_traits(self.compute_rp_uuids[compute]) + self.assertIn('COMPUTE_SECURITY_UEFI_SECURE_BOOT', traits) + + # create a server with UEFI and secure boot + timestamp = datetime.datetime(2021, 1, 2, 3, 4, 5) + uefi_image = { + 'id': uuids.uefi_image, + 'name': 'uefi_image', + 'created_at': timestamp, + 'updated_at': timestamp, + 'deleted_at': None, + 'deleted': False, + 'status': 'active', + 'is_public': False, + 'container_format': 'ova', + 'disk_format': 'vhd', + 'size': '74185822', + 'min_ram': 0, + 'min_disk': 0, + 'protected': False, + 'visibility': 'public', + 'tags': [], + 'properties': { + 'hw_machine_type': 'q35', + 'hw_firmware_type': 'uefi', + 'os_secure_boot': 'required', + } + } + self.glance.create(None, uefi_image) + + server = self._create_server(image_uuid=uuids.uefi_image) + + # ensure our instance's system_metadata field is correct + self.assertInstanceHasUEFI(server)