Add secure boot optional feature test
This test checks if secure boot feature can be turned on or off for booting a machine with secure boot capabilities. Change-Id: I22be6d01edb5428f612e838fde6289a2c1319caf
This commit is contained in:
parent
3cc5f94ac9
commit
4f383d6843
|
@ -37,6 +37,11 @@ HyperVGroup = [
|
||||||
cfg.StrOpt('gen2_image_ref',
|
cfg.StrOpt('gen2_image_ref',
|
||||||
help="Valid Generation 2 VM VHDX image reference to be used "
|
help="Valid Generation 2 VM VHDX image reference to be used "
|
||||||
"in tests."),
|
"in tests."),
|
||||||
|
cfg.StrOpt('secure_boot_image_ref',
|
||||||
|
help="Valid secure boot VM VHDX image reference to be used "
|
||||||
|
"in tests."),
|
||||||
|
cfg.StrOpt('secure_boot_image_ssh_user',
|
||||||
|
help='User for secure boot image to be used in tests.'),
|
||||||
cfg.BoolOpt('cluster_enabled',
|
cfg.BoolOpt('cluster_enabled',
|
||||||
default=False,
|
default=False,
|
||||||
help="The compute nodes are joined into a Hyper-V Cluster."),
|
help="The compute nodes are joined into a Hyper-V Cluster."),
|
||||||
|
|
|
@ -0,0 +1,70 @@
|
||||||
|
# Copyright 2017 Cloudbase Solutions SRL
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from oswin_tempest_plugin import config
|
||||||
|
from oswin_tempest_plugin.tests._mixins import optional_feature
|
||||||
|
from oswin_tempest_plugin.tests import test_base
|
||||||
|
|
||||||
|
CONF = config.CONF
|
||||||
|
|
||||||
|
|
||||||
|
class SecureBootTestCase(test_base.TestBase,
|
||||||
|
optional_feature._OptionalFeatureMixin):
|
||||||
|
"""Secure boot test suite.
|
||||||
|
|
||||||
|
This test suite will spawn instances requiring secure boot to be
|
||||||
|
enabled.
|
||||||
|
|
||||||
|
This test suite will require a Generation 2 VHDX image, with a
|
||||||
|
Linux guest OS (it tests connectivity via SSH).
|
||||||
|
|
||||||
|
The configured image must contain the following properties:
|
||||||
|
* os_type=linux
|
||||||
|
* hw_machine_type=hyperv-gen2
|
||||||
|
|
||||||
|
Hyper-V Secure Boot was first introduced in Windows / Hyper-V Server 2012
|
||||||
|
R2, but support for Linux guests was introduced in Windows / Hyper-V
|
||||||
|
Server 2016, which is why this test suite will require compute nodes
|
||||||
|
with the OS version 10.0 or newer.
|
||||||
|
"""
|
||||||
|
|
||||||
|
_MIN_HYPERV_VERSION = 10000
|
||||||
|
|
||||||
|
# NOTE(amuresan):Images supporting secure boot usually require more disk
|
||||||
|
# space. We're trying to use the largest of the configured
|
||||||
|
# flavors.
|
||||||
|
|
||||||
|
_FLAVOR_REF = CONF.compute.flavor_ref_alt
|
||||||
|
_IMAGE_REF = CONF.hyperv.secure_boot_image_ref
|
||||||
|
_IMAGE_SSH_USER = CONF.hyperv.secure_boot_image_ssh_user
|
||||||
|
_FEATURE_FLAVOR = {'extra_specs': {'os:secure_boot': 'required'}}
|
||||||
|
|
||||||
|
# TODO(amuresan): the secure_boot_image_ref should be reused in
|
||||||
|
# more than one test case so we don't have to add a different
|
||||||
|
# image for every test.
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def skip_checks(cls):
|
||||||
|
super(SecureBootTestCase, cls).skip_checks()
|
||||||
|
# check if the needed image ref has been configured.
|
||||||
|
if not cls._IMAGE_REF:
|
||||||
|
msg = ('The config option "hyperv.secure_boot_image_ref" '
|
||||||
|
'has not been set. Skipping secure boot tests.')
|
||||||
|
raise cls.skipException(msg)
|
||||||
|
|
||||||
|
if not cls._IMAGE_SSH_USER:
|
||||||
|
msg = ('The config option "hyperv.secure_boot_image_ssh_user" '
|
||||||
|
'has not been set. Skipping.')
|
||||||
|
raise cls.skipException(msg)
|
|
@ -46,6 +46,12 @@ class TestBase(tempest.test.BaseTestCase):
|
||||||
# Inheriting TestCases should change this image ref if needed.
|
# Inheriting TestCases should change this image ref if needed.
|
||||||
_IMAGE_REF = CONF.compute.image_ref
|
_IMAGE_REF = CONF.compute.image_ref
|
||||||
|
|
||||||
|
# Inheriting TestCases should change this flavor ref if needed.
|
||||||
|
_FLAVOR_REF = CONF.compute.flavor_ref
|
||||||
|
|
||||||
|
# Inheriting TestCases should change this ssh User if needed.
|
||||||
|
_IMAGE_SSH_USER = CONF.validation.image_ssh_user
|
||||||
|
|
||||||
# suffix to use for the newly created flavors.
|
# suffix to use for the newly created flavors.
|
||||||
_FLAVOR_SUFFIX = ''
|
_FLAVOR_SUFFIX = ''
|
||||||
|
|
||||||
|
@ -144,7 +150,7 @@ class TestBase(tempest.test.BaseTestCase):
|
||||||
return new_flavor
|
return new_flavor
|
||||||
|
|
||||||
def _get_flavor_ref(self):
|
def _get_flavor_ref(self):
|
||||||
return CONF.compute.flavor_ref
|
return self._FLAVOR_REF
|
||||||
|
|
||||||
def _create_server(self, flavor=None):
|
def _create_server(self, flavor=None):
|
||||||
"""Wrapper utility that returns a test server.
|
"""Wrapper utility that returns a test server.
|
||||||
|
@ -155,7 +161,7 @@ class TestBase(tempest.test.BaseTestCase):
|
||||||
clients = self.os_primary
|
clients = self.os_primary
|
||||||
name = data_utils.rand_name(self.__class__.__name__ + "-server")
|
name = data_utils.rand_name(self.__class__.__name__ + "-server")
|
||||||
image_id = self._get_image_ref()
|
image_id = self._get_image_ref()
|
||||||
flavor = flavor or self._get_flavor_ref()
|
flavor = flavor or self._FLAVOR_REF or self._get_flavor_ref()
|
||||||
keypair = self.create_keypair()
|
keypair = self.create_keypair()
|
||||||
tenant_network = self.get_tenant_network()
|
tenant_network = self.get_tenant_network()
|
||||||
security_group = self._create_security_group()
|
security_group = self._create_security_group()
|
||||||
|
@ -261,8 +267,8 @@ class TestBase(tempest.test.BaseTestCase):
|
||||||
ip_address = server_tuple.floating_ip['ip']
|
ip_address = server_tuple.floating_ip['ip']
|
||||||
private_key = server_tuple.keypair['private_key']
|
private_key = server_tuple.keypair['private_key']
|
||||||
|
|
||||||
# ssh into the VM.
|
# ssh into the VM
|
||||||
username = CONF.validation.image_ssh_user
|
username = self._IMAGE_SSH_USER
|
||||||
linux_client = remote_client.RemoteClient(
|
linux_client = remote_client.RemoteClient(
|
||||||
ip_address, username, pkey=private_key, password=None,
|
ip_address, username, pkey=private_key, password=None,
|
||||||
server=server, servers_client=self.servers_client)
|
server=server, servers_client=self.servers_client)
|
||||||
|
|
Loading…
Reference in New Issue