Enable trusted certificates support

A recent feature has been added, allowing users to specify
trusted certificates (e.g. as barbican secret ids). The idea is
to ensure that the certificates used to sign and validate the
glance image are actually trusted by the user.

In order to enable this feature within our driver, all we have to
do is pass the trusted certificate ids (stored as an instance
object attribute) to the method that fetches glance images.

Blueprint: nova-validate-certificates

Change-Id: Ic28f2b3ecf4ca92dcb7e9643c6e0d207d40b5287
This commit is contained in:
Lucian Petrut 2018-08-01 14:05:17 +03:00
parent 767b700e18
commit d4f1fa457a
4 changed files with 11 additions and 4 deletions

View File

@ -105,6 +105,7 @@ class HyperVDriver(driver.ComputeDriver):
"supports_tagged_attach_volume": True,
"supports_extend_volume": True,
"supports_multiattach": False,
"supports_trusted_certs": True,
}
def __init__(self, virtapi):

View File

@ -121,7 +121,8 @@ class ImageCache(imagecache.ImageCacheManager):
if not image_path:
try:
images.fetch(context, image_id, base_image_path)
images.fetch(context, image_id, base_image_path,
instance.trusted_certs)
if image_type == 'iso':
format_ext = 'iso'
else:

View File

@ -40,6 +40,7 @@ def fake_db_instance(**updates):
'flavor': flavorinfo,
'numa_topology': None,
'vcpu_model': None,
'trusted_certs': None,
},
'tags': [],
'services': []

View File

@ -49,7 +49,9 @@ class ImageCacheTestCase(test_base.HyperVBaseTestCase):
super(ImageCacheTestCase, self).setUp()
self.context = 'fake-context'
self.instance = fake_instance.fake_instance_obj(self.context)
self.instance = fake_instance.fake_instance_obj(
self.context,
expected_attrs=['trusted_certs'])
self.imagecache = imagecache.ImageCache()
self.tmpdir = self.useFixture(fixtures.TempDir()).path
@ -120,7 +122,8 @@ class ImageCacheTestCase(test_base.HyperVBaseTestCase):
self.assertEqual(expected_image_path, result)
mock_fetch.assert_called_once_with(self.context, self.FAKE_IMAGE_REF,
expected_path)
expected_path,
self.instance.trusted_certs)
self.imagecache._vhdutils.get_vhd_format.assert_called_once_with(
expected_path)
self.imagecache._pathutils.rename.assert_called_once_with(
@ -178,7 +181,8 @@ class ImageCacheTestCase(test_base.HyperVBaseTestCase):
mock_fetch.assert_called_once_with(self.context,
fake_rescue_image_id,
expected_path)
expected_path,
self.instance.trusted_certs)
self.imagecache._vhdutils.get_vhd_info.assert_called_once_with(
expected_vhd_path)