Merge "trivial: Changes files Windows style line ending to Unix style"
This commit is contained in:
Zuul
Gerrit Code Review
commit
44bab385b2
|
|
@ -1,79 +1,79 @@
|
||||||
# Copyright 2016 Cloudbase Solutions Srl
|
# Copyright 2016 Cloudbase Solutions Srl
|
||||||
# All Rights Reserved.
|
# All Rights Reserved.
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
# not use this file except in compliance with the License. You may obtain
|
# not use this file except in compliance with the License. You may obtain
|
||||||
# a copy of the License at
|
# a copy of the License at
|
||||||
#
|
#
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
#
|
#
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
from barbicanclient import client as barbican_client
|
from barbicanclient import client as barbican_client
|
||||||
from keystoneauth1 import session
|
from keystoneauth1 import session
|
||||||
from nova import exception
|
from nova import exception
|
||||||
from os_win._i18n import _
|
from os_win._i18n import _
|
||||||
|
|
||||||
|
|
||||||
class PDK(object):
|
class PDK(object):
|
||||||
|
|
||||||
def create_pdk(self, context, instance, image_meta, pdk_filepath):
|
def create_pdk(self, context, instance, image_meta, pdk_filepath):
|
||||||
"""Generates a pdk file using the barbican container referenced by
|
"""Generates a pdk file using the barbican container referenced by
|
||||||
the image metadata or instance metadata. A pdk file is a shielding
|
the image metadata or instance metadata. A pdk file is a shielding
|
||||||
data file which contains a RDP certificate, unattended file,
|
data file which contains a RDP certificate, unattended file,
|
||||||
volume signature catalogs and guardian metadata.
|
volume signature catalogs and guardian metadata.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
with open(pdk_filepath, 'wb') as pdk_file_handle:
|
with open(pdk_filepath, 'wb') as pdk_file_handle:
|
||||||
pdk_reference = self._get_pdk_reference(instance, image_meta)
|
pdk_reference = self._get_pdk_reference(instance, image_meta)
|
||||||
pdk_container = self._get_pdk_container(context, instance,
|
pdk_container = self._get_pdk_container(context, instance,
|
||||||
pdk_reference)
|
pdk_reference)
|
||||||
pdk_data = self._get_pdk_data(pdk_container)
|
pdk_data = self._get_pdk_data(pdk_container)
|
||||||
pdk_file_handle.write(pdk_data)
|
pdk_file_handle.write(pdk_data)
|
||||||
|
|
||||||
def _get_pdk_reference(self, instance, image_meta):
|
def _get_pdk_reference(self, instance, image_meta):
|
||||||
image_pdk_ref = image_meta['properties'].get('img_pdk_reference')
|
image_pdk_ref = image_meta['properties'].get('img_pdk_reference')
|
||||||
boot_metadata_pdk_ref = instance.metadata.get('img_pdk_reference')
|
boot_metadata_pdk_ref = instance.metadata.get('img_pdk_reference')
|
||||||
|
|
||||||
if not (image_pdk_ref or boot_metadata_pdk_ref):
|
if not (image_pdk_ref or boot_metadata_pdk_ref):
|
||||||
reason = _('A reference to a barbican container containing the '
|
reason = _('A reference to a barbican container containing the '
|
||||||
'pdk file must be passed as an image property. This '
|
'pdk file must be passed as an image property. This '
|
||||||
'is required in order to enable VTPM')
|
'is required in order to enable VTPM')
|
||||||
raise exception.InstanceUnacceptable(instance_id=instance.uuid,
|
raise exception.InstanceUnacceptable(instance_id=instance.uuid,
|
||||||
reason=reason)
|
reason=reason)
|
||||||
return boot_metadata_pdk_ref or image_pdk_ref
|
return boot_metadata_pdk_ref or image_pdk_ref
|
||||||
|
|
||||||
def _get_pdk_container(self, context, instance, pdk_reference):
|
def _get_pdk_container(self, context, instance, pdk_reference):
|
||||||
"""Retrieves the barbican container containing the pdk file.
|
"""Retrieves the barbican container containing the pdk file.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
auth = context.get_auth_plugin()
|
auth = context.get_auth_plugin()
|
||||||
sess = session.Session(auth=auth)
|
sess = session.Session(auth=auth)
|
||||||
brb_client = barbican_client.Client(session=sess)
|
brb_client = barbican_client.Client(session=sess)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
pdk_container = brb_client.containers.get(pdk_reference)
|
pdk_container = brb_client.containers.get(pdk_reference)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
err_msg = _("Retrieving barbican container with reference "
|
err_msg = _("Retrieving barbican container with reference "
|
||||||
"%(pdk_reference)s failed with error: %(error)s") % {
|
"%(pdk_reference)s failed with error: %(error)s") % {
|
||||||
'pdk_reference': pdk_reference,
|
'pdk_reference': pdk_reference,
|
||||||
'error': e}
|
'error': e}
|
||||||
raise exception.InvalidMetadata(instance_id=instance.uuid,
|
raise exception.InvalidMetadata(instance_id=instance.uuid,
|
||||||
reason=err_msg)
|
reason=err_msg)
|
||||||
return pdk_container
|
return pdk_container
|
||||||
|
|
||||||
def _get_pdk_data(self, pdk_container):
|
def _get_pdk_data(self, pdk_container):
|
||||||
"""Return the data from all barbican container's secrets.
|
"""Return the data from all barbican container's secrets.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
no_of_secrets = len(pdk_container.secrets)
|
no_of_secrets = len(pdk_container.secrets)
|
||||||
data = bytes()
|
data = bytes()
|
||||||
for index in range(no_of_secrets):
|
for index in range(no_of_secrets):
|
||||||
current_secret = pdk_container.secrets[str(index + 1)]
|
current_secret = pdk_container.secrets[str(index + 1)]
|
||||||
retrived_secret_data = current_secret.payload
|
retrived_secret_data = current_secret.payload
|
||||||
data += retrived_secret_data
|
data += retrived_secret_data
|
||||||
return data
|
return data
|
||||||
|
|
|
||||||
|
|
@ -1,130 +1,130 @@
|
||||||
# Copyright 2016 Cloudbase Solutions Srl
|
# Copyright 2016 Cloudbase Solutions Srl
|
||||||
# All Rights Reserved.
|
# All Rights Reserved.
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
# not use this file except in compliance with the License. You may obtain
|
# not use this file except in compliance with the License. You may obtain
|
||||||
# a copy of the License at
|
# a copy of the License at
|
||||||
#
|
#
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
#
|
#
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import mock
|
import mock
|
||||||
from nova import exception
|
from nova import exception
|
||||||
|
|
||||||
from compute_hyperv.nova import pdk
|
from compute_hyperv.nova import pdk
|
||||||
from compute_hyperv.tests.unit import test_base
|
from compute_hyperv.tests.unit import test_base
|
||||||
from six.moves import builtins
|
from six.moves import builtins
|
||||||
|
|
||||||
|
|
||||||
class PDKTestCase(test_base.HyperVBaseTestCase):
|
class PDKTestCase(test_base.HyperVBaseTestCase):
|
||||||
|
|
||||||
_FAKE_PDK_FILE_PATH = 'C:\\path\\to\\fakepdk.pdk'
|
_FAKE_PDK_FILE_PATH = 'C:\\path\\to\\fakepdk.pdk'
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(PDKTestCase, self).setUp()
|
super(PDKTestCase, self).setUp()
|
||||||
self._pdk = pdk.PDK()
|
self._pdk = pdk.PDK()
|
||||||
|
|
||||||
@mock.patch.object(builtins, 'open')
|
@mock.patch.object(builtins, 'open')
|
||||||
@mock.patch.object(pdk.PDK, '_get_pdk_data')
|
@mock.patch.object(pdk.PDK, '_get_pdk_data')
|
||||||
@mock.patch.object(pdk.PDK, '_get_pdk_container')
|
@mock.patch.object(pdk.PDK, '_get_pdk_container')
|
||||||
@mock.patch.object(pdk.PDK, '_get_pdk_reference')
|
@mock.patch.object(pdk.PDK, '_get_pdk_reference')
|
||||||
def test_create_pdk(self, mock_get_pdk_reference, mock_get_pdk_container,
|
def test_create_pdk(self, mock_get_pdk_reference, mock_get_pdk_container,
|
||||||
mock_get_pdk_data, mock_open):
|
mock_get_pdk_data, mock_open):
|
||||||
mock_instance = mock.MagicMock()
|
mock_instance = mock.MagicMock()
|
||||||
pdk_file_handle = mock_open.return_value.__enter__.return_value
|
pdk_file_handle = mock_open.return_value.__enter__.return_value
|
||||||
|
|
||||||
pdk_reference = mock_get_pdk_reference.return_value
|
pdk_reference = mock_get_pdk_reference.return_value
|
||||||
pdk_container = mock_get_pdk_container.return_value
|
pdk_container = mock_get_pdk_container.return_value
|
||||||
|
|
||||||
self._pdk.create_pdk(mock.sentinel.context,
|
self._pdk.create_pdk(mock.sentinel.context,
|
||||||
mock_instance,
|
mock_instance,
|
||||||
mock.sentinel.image_meta,
|
mock.sentinel.image_meta,
|
||||||
self._FAKE_PDK_FILE_PATH)
|
self._FAKE_PDK_FILE_PATH)
|
||||||
mock_get_pdk_reference.assert_called_once_with(
|
mock_get_pdk_reference.assert_called_once_with(
|
||||||
mock_instance, mock.sentinel.image_meta)
|
mock_instance, mock.sentinel.image_meta)
|
||||||
mock_get_pdk_container.assert_called_once_with(mock.sentinel.context,
|
mock_get_pdk_container.assert_called_once_with(mock.sentinel.context,
|
||||||
mock_instance,
|
mock_instance,
|
||||||
pdk_reference)
|
pdk_reference)
|
||||||
mock_get_pdk_data.assert_called_once_with(pdk_container)
|
mock_get_pdk_data.assert_called_once_with(pdk_container)
|
||||||
pdk_file_handle.write.assert_called_once_with(
|
pdk_file_handle.write.assert_called_once_with(
|
||||||
mock_get_pdk_data.return_value)
|
mock_get_pdk_data.return_value)
|
||||||
|
|
||||||
def _test_get_pdk_reference(self, pdk_reference=None,
|
def _test_get_pdk_reference(self, pdk_reference=None,
|
||||||
image_meta_pdk_ref=None):
|
image_meta_pdk_ref=None):
|
||||||
mock_instance = mock.MagicMock(
|
mock_instance = mock.MagicMock(
|
||||||
metadata={'img_pdk_reference': image_meta_pdk_ref})
|
metadata={'img_pdk_reference': image_meta_pdk_ref})
|
||||||
image_meta = {
|
image_meta = {
|
||||||
'properties': {'img_pdk_reference': pdk_reference}}
|
'properties': {'img_pdk_reference': pdk_reference}}
|
||||||
|
|
||||||
expected_result = image_meta_pdk_ref or pdk_reference
|
expected_result = image_meta_pdk_ref or pdk_reference
|
||||||
result = self._pdk._get_pdk_reference(mock_instance,
|
result = self._pdk._get_pdk_reference(mock_instance,
|
||||||
image_meta)
|
image_meta)
|
||||||
self.assertEqual(expected_result, result)
|
self.assertEqual(expected_result, result)
|
||||||
|
|
||||||
def test_get_pdk_boot_reference(self):
|
def test_get_pdk_boot_reference(self):
|
||||||
self._test_get_pdk_reference(
|
self._test_get_pdk_reference(
|
||||||
image_meta_pdk_ref=mock.sentinel.image_meta_pdk_ref)
|
image_meta_pdk_ref=mock.sentinel.image_meta_pdk_ref)
|
||||||
|
|
||||||
def test_get_pdk_image_reference(self):
|
def test_get_pdk_image_reference(self):
|
||||||
self._test_get_pdk_reference(pdk_reference=mock.sentinel.pdk_reference)
|
self._test_get_pdk_reference(pdk_reference=mock.sentinel.pdk_reference)
|
||||||
|
|
||||||
def test_get_pdk_no_reference(self):
|
def test_get_pdk_no_reference(self):
|
||||||
image_meta = {'properties': {}}
|
image_meta = {'properties': {}}
|
||||||
mock_instance = mock.MagicMock(metadata={})
|
mock_instance = mock.MagicMock(metadata={})
|
||||||
|
|
||||||
self.assertRaises(exception.InstanceUnacceptable,
|
self.assertRaises(exception.InstanceUnacceptable,
|
||||||
self._pdk._get_pdk_reference,
|
self._pdk._get_pdk_reference,
|
||||||
mock_instance, image_meta)
|
mock_instance, image_meta)
|
||||||
|
|
||||||
@mock.patch('barbicanclient.client.Client')
|
@mock.patch('barbicanclient.client.Client')
|
||||||
@mock.patch('keystoneauth1.session.Session')
|
@mock.patch('keystoneauth1.session.Session')
|
||||||
def test_get_pdk_container(self, mock_session, mock_barbican_client):
|
def test_get_pdk_container(self, mock_session, mock_barbican_client):
|
||||||
instance = mock.MagicMock()
|
instance = mock.MagicMock()
|
||||||
context = mock.MagicMock()
|
context = mock.MagicMock()
|
||||||
auth = context.get_auth_plugin.return_value
|
auth = context.get_auth_plugin.return_value
|
||||||
sess = mock_session.return_value
|
sess = mock_session.return_value
|
||||||
barbican_client = mock_barbican_client.return_value
|
barbican_client = mock_barbican_client.return_value
|
||||||
barbican_client.containers.get.return_value = (
|
barbican_client.containers.get.return_value = (
|
||||||
mock.sentinel.pdk_container)
|
mock.sentinel.pdk_container)
|
||||||
|
|
||||||
result = self._pdk._get_pdk_container(context, instance,
|
result = self._pdk._get_pdk_container(context, instance,
|
||||||
mock.sentinel.pdk_reference)
|
mock.sentinel.pdk_reference)
|
||||||
|
|
||||||
self.assertEqual(mock.sentinel.pdk_container, result)
|
self.assertEqual(mock.sentinel.pdk_container, result)
|
||||||
mock_session.assert_called_once_with(auth=auth)
|
mock_session.assert_called_once_with(auth=auth)
|
||||||
mock_barbican_client.assert_called_once_with(session=sess)
|
mock_barbican_client.assert_called_once_with(session=sess)
|
||||||
|
|
||||||
@mock.patch('barbicanclient.client.Client')
|
@mock.patch('barbicanclient.client.Client')
|
||||||
@mock.patch('keystoneauth1.session.Session')
|
@mock.patch('keystoneauth1.session.Session')
|
||||||
def test_get_pdk_container_exception(self, mock_session,
|
def test_get_pdk_container_exception(self, mock_session,
|
||||||
mock_barbican_client):
|
mock_barbican_client):
|
||||||
instance = mock.MagicMock()
|
instance = mock.MagicMock()
|
||||||
context = mock.MagicMock()
|
context = mock.MagicMock()
|
||||||
auth = context.get_auth_plugin.return_value
|
auth = context.get_auth_plugin.return_value
|
||||||
sess = mock_session.return_value
|
sess = mock_session.return_value
|
||||||
|
|
||||||
barbican_client = mock_barbican_client.return_value
|
barbican_client = mock_barbican_client.return_value
|
||||||
barbican_client.containers.get.side_effect = [
|
barbican_client.containers.get.side_effect = [
|
||||||
exception.InvalidMetadata]
|
exception.InvalidMetadata]
|
||||||
|
|
||||||
self.assertRaises(exception.InvalidMetadata,
|
self.assertRaises(exception.InvalidMetadata,
|
||||||
self._pdk._get_pdk_container,
|
self._pdk._get_pdk_container,
|
||||||
context,
|
context,
|
||||||
instance,
|
instance,
|
||||||
mock.sentinel.pdk_reference)
|
mock.sentinel.pdk_reference)
|
||||||
mock_session.assert_called_once_with(auth=auth)
|
mock_session.assert_called_once_with(auth=auth)
|
||||||
mock_barbican_client.assert_called_once_with(session=sess)
|
mock_barbican_client.assert_called_once_with(session=sess)
|
||||||
|
|
||||||
def test_get_pdk_data(self):
|
def test_get_pdk_data(self):
|
||||||
pdk_container = mock.MagicMock()
|
pdk_container = mock.MagicMock()
|
||||||
pdk_container.secrets = {'1': mock.MagicMock(payload=b'fake_secret1'),
|
pdk_container.secrets = {'1': mock.MagicMock(payload=b'fake_secret1'),
|
||||||
'2': mock.MagicMock(payload=b'fake_secret2')}
|
'2': mock.MagicMock(payload=b'fake_secret2')}
|
||||||
|
|
||||||
response = self._pdk._get_pdk_data(pdk_container)
|
response = self._pdk._get_pdk_data(pdk_container)
|
||||||
expected_result = b'fake_secret1fake_secret2'
|
expected_result = b'fake_secret1fake_secret2'
|
||||||
self.assertEqual(expected_result, response)
|
self.assertEqual(expected_result, response)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue