Browse Source

Add secure boot optional feature test

This test checks if secure boot feature can be turned on or off for
booting a machine with secure boot capabilities.

Change-Id: I22be6d01edb5428f612e838fde6289a2c1319caf
Alexandru Muresan 2 years ago
3 changed files with 85 additions and 4 deletions
  1. +5
  2. +70
  3. +10

+ 5
- 0
oswin_tempest_plugin/ View File

@@ -37,6 +37,11 @@ HyperVGroup = [
help="Valid Generation 2 VM VHDX image reference to be used "
"in tests."),
help="Valid secure boot VM VHDX image reference to be used "
"in tests."),
help='User for secure boot image to be used in tests.'),
help="The compute nodes are joined into a Hyper-V Cluster."),

+ 70
- 0
oswin_tempest_plugin/tests/scenario/ View File

@@ -0,0 +1,70 @@
# Copyright 2017 Cloudbase Solutions SRL
# All Rights Reserved.
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

from oswin_tempest_plugin import config
from oswin_tempest_plugin.tests._mixins import optional_feature
from oswin_tempest_plugin.tests import test_base

CONF = config.CONF

class SecureBootTestCase(test_base.TestBase,
"""Secure boot test suite.

This test suite will spawn instances requiring secure boot to be

This test suite will require a Generation 2 VHDX image, with a
Linux guest OS (it tests connectivity via SSH).

The configured image must contain the following properties:
* os_type=linux
* hw_machine_type=hyperv-gen2

Hyper-V Secure Boot was first introduced in Windows / Hyper-V Server 2012
R2, but support for Linux guests was introduced in Windows / Hyper-V
Server 2016, which is why this test suite will require compute nodes
with the OS version 10.0 or newer.


# NOTE(amuresan):Images supporting secure boot usually require more disk
# space. We're trying to use the largest of the configured
# flavors.

_FLAVOR_REF = CONF.compute.flavor_ref_alt
_IMAGE_REF = CONF.hyperv.secure_boot_image_ref
_IMAGE_SSH_USER = CONF.hyperv.secure_boot_image_ssh_user
_FEATURE_FLAVOR = {'extra_specs': {'os:secure_boot': 'required'}}

# TODO(amuresan): the secure_boot_image_ref should be reused in
# more than one test case so we don't have to add a different
# image for every test.

def skip_checks(cls):
super(SecureBootTestCase, cls).skip_checks()
# check if the needed image ref has been configured.
if not cls._IMAGE_REF:
msg = ('The config option "hyperv.secure_boot_image_ref" '
'has not been set. Skipping secure boot tests.')
raise cls.skipException(msg)

if not cls._IMAGE_SSH_USER:
msg = ('The config option "hyperv.secure_boot_image_ssh_user" '
'has not been set. Skipping.')
raise cls.skipException(msg)

+ 10
- 4
oswin_tempest_plugin/tests/ View File

@@ -46,6 +46,12 @@ class TestBase(tempest.test.BaseTestCase):
# Inheriting TestCases should change this image ref if needed.
_IMAGE_REF = CONF.compute.image_ref

# Inheriting TestCases should change this flavor ref if needed.
_FLAVOR_REF = CONF.compute.flavor_ref

# Inheriting TestCases should change this ssh User if needed.
_IMAGE_SSH_USER = CONF.validation.image_ssh_user

# suffix to use for the newly created flavors.

@@ -144,7 +150,7 @@ class TestBase(tempest.test.BaseTestCase):
return new_flavor

def _get_flavor_ref(self):
return CONF.compute.flavor_ref
return self._FLAVOR_REF

def _create_server(self, flavor=None):
"""Wrapper utility that returns a test server.
@@ -155,7 +161,7 @@ class TestBase(tempest.test.BaseTestCase):
clients = self.os_primary
name = data_utils.rand_name(self.__class__.__name__ + "-server")
image_id = self._get_image_ref()
flavor = flavor or self._get_flavor_ref()
flavor = flavor or self._FLAVOR_REF or self._get_flavor_ref()
keypair = self.create_keypair()
tenant_network = self.get_tenant_network()
security_group = self._create_security_group()
@@ -261,8 +267,8 @@ class TestBase(tempest.test.BaseTestCase):
ip_address = server_tuple.floating_ip['ip']
private_key = server_tuple.keypair['private_key']

# ssh into the VM.
username = CONF.validation.image_ssh_user
# ssh into the VM
username = self._IMAGE_SSH_USER
linux_client = remote_client.RemoteClient(
ip_address, username, pkey=private_key, password=None,
server=server, servers_client=self.servers_client)