diff --git a/manifests/compute/libvirt.pp b/manifests/compute/libvirt.pp index a497854b7..8bcf505cc 100644 --- a/manifests/compute/libvirt.pp +++ b/manifests/compute/libvirt.pp @@ -219,6 +219,11 @@ # Trusted Platform Module (TPM) functionality, runs as. # Defaults to $facts['os_service_default'] # +# [*supported_tpm_secret_security*] +# (optional) The list of TPL security policies supported by this compute +# host. +# Defaults to $facts['os_service_default'] +# # [*max_queues*] # (optional) The maximum number of virtio queue pairs that can be enabled # when creating a multiqueue guest. The number of virtio queues allocated @@ -288,6 +293,7 @@ class nova::compute::libvirt ( $swtpm_enabled = $facts['os_service_default'], $swtpm_user = $facts['os_service_default'], $swtpm_group = $facts['os_service_default'], + $supported_tpm_secret_security = $facts['os_service_default'], $max_queues = $facts['os_service_default'], $wait_soft_reboot_seconds = $facts['os_service_default'], $tb_cache_size = $facts['os_service_default'], @@ -411,6 +417,7 @@ will be removed in a future release") 'libvirt/swtpm_enabled': value => $swtpm_enabled; 'libvirt/swtpm_user' : value => $swtpm_user; 'libvirt/swtpm_group': value => $swtpm_group; + 'libvirt/supported_tpm_secret_security': value => join(any2array($supported_tpm_secret_security), ','); 'libvirt/max_queues': value => $max_queues; 'libvirt/num_memory_encrypted_guests': value => pick($num_memory_encrypted_guests, $facts['os_service_default']); 'libvirt/wait_soft_reboot_seconds': value => $wait_soft_reboot_seconds; diff --git a/releasenotes/notes/libvirt-supported_tpm_secret_security-a4e9ff4a554d5947.yaml b/releasenotes/notes/libvirt-supported_tpm_secret_security-a4e9ff4a554d5947.yaml new file mode 100644 index 000000000..173a6fb92 --- /dev/null +++ b/releasenotes/notes/libvirt-supported_tpm_secret_security-a4e9ff4a554d5947.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The new ``nova::compute::libvirt::supported_tpm_secret_security`` parameter + has been added. diff --git a/spec/classes/nova_compute_libvirt_spec.rb b/spec/classes/nova_compute_libvirt_spec.rb index f33ce16b8..baf29b608 100644 --- a/spec/classes/nova_compute_libvirt_spec.rb +++ b/spec/classes/nova_compute_libvirt_spec.rb @@ -55,6 +55,7 @@ describe 'nova::compute::libvirt' do it { is_expected.to contain_nova_config('libvirt/swtpm_enabled').with_value('')} it { is_expected.to contain_nova_config('libvirt/swtpm_user').with_value('')} it { is_expected.to contain_nova_config('libvirt/swtpm_group').with_value('')} + it { is_expected.to contain_nova_config('libvirt/supported_tpm_secret_security').with_value('')} it { is_expected.to contain_nova_config('libvirt/max_queues').with_value('')} it { is_expected.to contain_nova_config('libvirt/num_memory_encrypted_guests').with_value('')} it { is_expected.to contain_nova_config('libvirt/wait_soft_reboot_seconds').with_value('')} @@ -101,6 +102,7 @@ describe 'nova::compute::libvirt' do :swtpm_enabled => true, :swtpm_user => 'libvirt', :swtpm_group => 'libvirt', + :supported_tpm_secret_security => ['user', 'host', 'deployment'], :max_queues => 4, :num_memory_encrypted_guests => 255, :wait_soft_reboot_seconds => 120, @@ -152,6 +154,7 @@ describe 'nova::compute::libvirt' do it { is_expected.to contain_nova_config('libvirt/swtpm_enabled').with_value(true)} it { is_expected.to contain_nova_config('libvirt/swtpm_user').with_value('libvirt')} it { is_expected.to contain_nova_config('libvirt/swtpm_group').with_value('libvirt')} + it { is_expected.to contain_nova_config('libvirt/supported_tpm_secret_security').with_value('user,host,deployment')} it { is_expected.to contain_nova_config('libvirt/max_queues').with_value(4)} it { is_expected.to contain_nova_config('libvirt/num_memory_encrypted_guests').with_value(255)} it { is_expected.to contain_nova_config('libvirt/wait_soft_reboot_seconds').with_value(120)}