nova driver - get_secure_boot volume boot

When nova instance is boot from volume, instance.image['id'] is None. In this case, get os_secure_boot from the volume volume_image_metadata instead. Same pattern as used for get_boot_mode. Change-Id: Ide3e481878ae05df30a2a2a3f30d4b651a4da8e1
2025-02-21 15:18:46 +01:00
parent 7dd7c13bba
commit 504eaff625
2 changed files with 40 additions and 2 deletions
--- a/sushy_tools/emulator/resources/systems/novadriver.py
+++ b/sushy_tools/emulator/resources/systems/novadriver.py
@@ -340,9 +340,15 @@ class OpenStackDriver(AbstractSystemsDriver):

        instance = self._get_instance(identity)

-        image = self._get_image_info(instance.image['id'])
+        os_secure_boot = None
+        if instance.image['id'] is not None:
+            image = self._get_image_info(instance.image['id'])
+            os_secure_boot = getattr(image, 'os_secure_boot', None)
+        elif len(instance.attached_volumes) > 0:
+            vol = self._get_volume_info(instance.attached_volumes[0].id)
+            os_secure_boot = vol.volume_image_metadata.get('os_secure_boot')

-        return getattr(image, 'os_secure_boot', None) == 'required'
+        return os_secure_boot == 'required'

    def set_secure_boot(self, identity, secure):
        """Set computer system secure boot state for UEFI boot mode.
--- a/sushy_tools/tests/unit/emulator/resources/systems/test_nova.py
+++ b/sushy_tools/tests/unit/emulator/resources/systems/test_nova.py
@@ -322,6 +322,38 @@ class NovaDriverTestCase(base.BaseTestCase):

        self.assertTrue(self.test_driver.get_secure_boot(self.uuid))

+    def test_get_secure_boot_off_volume_boot(self):
+        volumes_attached = [mock.Mock(id='fake-vol-id')]
+        server = mock.Mock(id=self.uuid, image=dict(id=None),
+                           attached_volumes=volumes_attached)
+        self.nova_mock.return_value.get_server.return_value = server
+        vol_metadata = {'hw_firmware_type': 'uefi'}
+        volume = mock.Mock(id='fake-vol-id',
+                           volume_image_metadata=vol_metadata)
+
+        image = mock.Mock()
+
+        self.nova_mock.return_value.image.find_image.return_value = image
+        self.nova_mock.return_value.volume.get_volume.return_value = volume
+
+        self.assertFalse(self.test_driver.get_secure_boot(self.uuid))
+
+    def test_get_secure_boot_on_volume_boot(self):
+        volumes_attached = [mock.Mock(id='fake-vol-id')]
+        server = mock.Mock(id=self.uuid, image=dict(id=None),
+                           attached_volumes=volumes_attached)
+        self.nova_mock.return_value.get_server.return_value = server
+        vol_metadata = {'os_secure_boot': 'required'}
+        volume = mock.Mock(id='fake-vol-id',
+                           volume_image_metadata=vol_metadata)
+
+        image = mock.Mock()
+
+        self.nova_mock.return_value.image.find_image.return_value = image
+        self.nova_mock.return_value.volume.get_volume.return_value = volume
+
+        self.assertTrue(self.test_driver.get_secure_boot(self.uuid))
+
    def test_set_secure_boot(self):
        self.assertRaises(
            error.NotSupportedError, self.test_driver.set_secure_boot,