Merge "Add hw_mem_encryption_model image property"

2025-08-28 21:03:27 +00:00
parent d5134798de dc6641baad
commit f4ca2e3ef9
9 changed files with 63 additions and 9 deletions
--- a/doc/notification_samples/common_payloads/ImageMetaPropsPayload.json
+++ b/doc/notification_samples/common_payloads/ImageMetaPropsPayload.json
@@ -4,5 +4,5 @@
        "hw_architecture": "x86_64"
    },
    "nova_object.name": "ImageMetaPropsPayload",
-    "nova_object.version": "1.17"
-}
+    "nova_object.version": "1.18"
+}
--- a/nova/notifications/objects/image.py
+++ b/nova/notifications/objects/image.py
@@ -135,7 +135,8 @@ class ImageMetaPropsPayload(base.NotificationPayloadBase):
    # Version 1.15: Added igb value to 'hw_vif_model' enum
    # Version 1.16: Added 'hw_sound_model' field
    # Version 1.17: Added 'hw_usb_model' and 'hw_redirected_usb_ports' fields
-    VERSION = '1.17'
+    # Version 1.18: Added 'hw_mem_encryption_model' field
+    VERSION = '1.18'

    # NOTE(efried): This logic currently relies on all of the fields of
    # ImageMetaProps being initialized with no arguments. See the docstring.
--- a/nova/objects/fields.py
+++ b/nova/objects/fields.py
@@ -562,6 +562,13 @@ class TPMVersion(BaseNovaEnum):
    ALL = (v1_2, v2_0)


+class MemEncryptionModel(BaseNovaEnum):
+    AMD_SEV = "amd-sev"
+    AMD_SEV_ES = "amd-sev-es"
+
+    ALL = (AMD_SEV, AMD_SEV_ES)
+
+
 class MaxPhyAddrMode(BaseNovaEnum):
    PASSTHROUGH = "passthrough"
    EMULATE = "emulate"
@@ -1366,6 +1373,10 @@ class TPMVersionField(BaseEnumField):
    AUTO_TYPE = TPMVersion()


+class MemEncryptionModelField(BaseEnumField):
+    AUTO_TYPE = MemEncryptionModel()
+
+
 class SCSIModelField(BaseEnumField):
    AUTO_TYPE = SCSIModel()

--- a/nova/objects/image_meta.py
+++ b/nova/objects/image_meta.py
@@ -200,15 +200,18 @@ class ImageMetaProps(base.NovaObject):
    # Version 1.39: Added igb value to 'hw_vif_model' enum
    # Version 1.40: Added 'hw_sound_model' field
    # Version 1.41: Added 'hw_usb_model' and 'hw_redirected_usb_ports' fields
+    # Version 1.42: Added 'hw_mem_encryption_model' field

    # NOTE(efried): When bumping this version, the version of
    # ImageMetaPropsPayload must also be bumped. See its docstring for details.
-    VERSION = '1.41'
+    VERSION = '1.42'

-    def obj_make_compatible(self, primitive, target_version):
+    def obj_make_compatible(self, primitive, target_version):  # noqa: C901
        super(ImageMetaProps, self).obj_make_compatible(primitive,
                                                        target_version)
        target_version = versionutils.convert_version_to_tuple(target_version)
+        if target_version < (1, 42):
+            primitive.pop('hw_mem_encryption_model', None)
        if target_version < (1, 41):
            primitive.pop('hw_usb_model', None)
            primitive.pop('hw_redirected_usb_ports', None)
@@ -406,6 +409,10 @@ class ImageMetaProps(base.NovaObject):
        # encrypted memory
        'hw_mem_encryption': fields.FlexibleBooleanField(),

+        # string = used to determine the CPU feature for guest memory
+        # encryption
+        'hw_mem_encryption_model': fields.MemEncryptionModelField(),
+
        # One of the magic strings 'small', 'any', 'large'
        # or an explicit page size in KB (eg 4, 2048, ...)
        'hw_mem_page_size': fields.StringField(),
--- a/nova/tests/functional/notification_sample_tests/test_instance.py
+++ b/nova/tests/functional/notification_sample_tests/test_instance.py
@@ -1244,7 +1244,7 @@ class TestInstanceNotificationSample(
                    'nova_object.data': {},
                    'nova_object.name': 'ImageMetaPropsPayload',
                    'nova_object.namespace': 'nova',
-                    'nova_object.version': '1.17',
+                    'nova_object.version': '1.18',
                },
                'image.size': 58145823,
                'image.tags': [],
@@ -1340,7 +1340,7 @@ class TestInstanceNotificationSample(
                    'nova_object.data': {},
                    'nova_object.name': 'ImageMetaPropsPayload',
                    'nova_object.namespace': 'nova',
-                    'nova_object.version': '1.17',
+                    'nova_object.version': '1.18',
                },
                'image.size': 58145823,
                'image.tags': [],
--- a/nova/tests/unit/notifications/objects/test_notification.py
+++ b/nova/tests/unit/notifications/objects/test_notification.py
@@ -385,7 +385,7 @@ notification_object_data = {
    # ImageMetaProps, so when you see a fail here for that reason, you must
    # *also* bump the version of ImageMetaPropsPayload. See its docstring for
    # more information.
-    'ImageMetaPropsPayload': '1.17-60ebfe97483b0abee1ec22220613da40',
+    'ImageMetaPropsPayload': '1.18-9d551c98a62b766cb94fb472aa3e73f9',
    'InstanceActionNotification': '1.0-a73147b93b520ff0061865849d3dfa56',
    'InstanceActionPayload': '1.9-525dcf81b6e4592d935712a2675309dc',
    'InstanceActionRebuildNotification':
--- a/nova/tests/unit/objects/test_fields.py
+++ b/nova/tests/unit/objects/test_fields.py
@@ -691,6 +691,23 @@ class TestXenAddress(TestField):
        self.from_primitive_values = self.coerce_good_values


+class TestMemEncryptionModel(TestField):
+    def setUp(self):
+        super(TestMemEncryptionModel, self).setUp()
+        self.field = fields.MemEncryptionModel()
+        self.coerce_good_values = [('amd-sev', 'amd-sev'),
+                                   ('amd-sev-es', 'amd-sev-es')]
+        self.coerce_bad_values = ['amd-sev-foo']
+        self.to_primitive_values = self.coerce_good_values[0:1]
+        self.from_primitive_values = self.coerce_good_values[0:1]
+
+    def test_stringify(self):
+        self.assertEqual("'amd-sev'", self.field.stringify('amd-sev'))
+
+    def test_stringify_invalid(self):
+        self.assertRaises(ValueError, self.field.stringify, 'amd-sev-foo')
+
+
 class TestSecureBoot(TestField):
    def setUp(self):
        super(TestSecureBoot, self).setUp()
--- a/nova/tests/unit/objects/test_image_meta.py
+++ b/nova/tests/unit/objects/test_image_meta.py
@@ -657,3 +657,21 @@ class TestImageMetaProps(test.NoDBTestCase):
            exception.ObjectActionError, obj.obj_to_primitive, '1.38')
        self.assertIn(
            'hw_vif_model=igb not supported in version (1, 38)', str(ex))
+
+    def test_obj_make_compatible_mem_encryption_model(self):
+        """Check 'hw_mem_encryption_model' compatibility."""
+        obj = objects.ImageMetaProps(
+            hw_mem_encryption_model=fields.MemEncryptionModel.AMD_SEV)
+
+        primitive = obj.obj_to_primitive('1.42')
+        self.assertIn(
+            'hw_mem_encryption_model',
+            primitive['nova_object.data'])
+        self.assertEqual(
+            fields.MemEncryptionModel.AMD_SEV,
+            primitive['nova_object.data']['hw_mem_encryption_model'])
+
+        primitive = obj.obj_to_primitive('1.41')
+        self.assertNotIn(
+            'hw_mem_encryption_model',
+            primitive['nova_object.data'])
--- a/nova/tests/unit/objects/test_objects.py
+++ b/nova/tests/unit/objects/test_objects.py
@@ -1105,7 +1105,7 @@ object_data = {
    'HyperVLiveMigrateData': '1.5-b424b27305f259fb3c15d720856585c7',
    'IDEDeviceBus': '1.0-29d4c9f27ac44197f01b6ac1b7e16502',
    'ImageMeta': '1.8-642d1b2eb3e880a367f37d72dd76162d',
-    'ImageMetaProps': '1.41-1b67f6d0ae2292c3e50b838564e329c8',
+    'ImageMetaProps': '1.42-e2e85f8e6d66bfa2a32f3ee13506bb58',
    'Instance': '2.8-2727dba5e4a078e6cc848c1f94f7eb24',
    'InstanceAction': '1.2-9a5abc87fdd3af46f45731960651efb5',
    'InstanceActionEvent': '1.4-5b1f361bd81989f8bb2c20bb7e8a4cb4',