def test_get_by_hypervisor(self):
self.mox.StubOutWithMock(db, "compute_node_search_by_hypervisor")
db.compute_node_search_by_hypervisor(self.context, "hyper").AndReturn([fake_compute_node])
self.mox.ReplayAll()
computes = compute_node.ComputeNodeList.get_by_hypervisor(self.context, "hyper")
self.assertEqual(1, len(computes))
self.compare_obj(computes[0], fake_compute_node, subs=self.subs(), comparators=self.comparators())
def test_get_by_hypervisor(self):
self.mox.StubOutWithMock(db, 'compute_node_search_by_hypervisor')
db.compute_node_search_by_hypervisor(self.context, 'hyper').AndReturn(
[fake_compute_node])
self.mox.ReplayAll()
computes = compute_node.ComputeNodeList.get_by_hypervisor(
self.context, 'hyper')
self.assertEqual(1, len(computes))
self.compare_obj(computes[0], fake_compute_node)
def test_get_by_hypervisor(self):
self.mox.StubOutWithMock(db, 'compute_node_search_by_hypervisor')
db.compute_node_search_by_hypervisor(self.context, 'hyper').AndReturn(
[fake_compute_node])
self.mox.ReplayAll()
computes = compute_node.ComputeNodeList.get_by_hypervisor(self.context,
'hyper')
self.assertEqual(1, len(computes))
self.compare_obj(computes[0], fake_compute_node)
def host_passes(self, host_state, spec_obj):
"""Only return hosts with required Trust level."""
verify_asset_tag = False
verify_trust_status = False
#spec = filter_properties.get('request_spec', {})
image_props = spec_obj.image.properties
trust_verify = image_props.get('trust')
if('mtwilson_trustpolicy_location' in image_props):
LOG.info(image_props.get('mtwilson_trustpolicy_location'))
trust_verify = 'true'
LOG.debug("trust_verify : %s" % trust_verify)
#if tag_selections is None or tag_selections == 'Trust':
if trust_verify == 'true':
verify_trust_status = True
# Get the Tag verification flag from the image properties
tag_selections = image_props.get('tags') # comma separated values
LOG.debug("tag_selections : %s" % tag_selections)
if tag_selections != None and tag_selections != {} and tag_selections != 'None':
verify_asset_tag = True
LOG.debug("verify_trust_status : %s" % verify_trust_status)
LOG.debug("verify_asset_tag : %s" % verify_asset_tag)
if not verify_trust_status:
# Filter returns success/true if neither trust or tag has to be verified.
return True
#Fetch compute node record for this hypervisor
compute_node = db.compute_node_search_by_hypervisor(self.admin, host_state.hypervisor_hostname)
compute_node_id = compute_node[0]['id']
LOG.debug("compute_node_is : %s" % compute_node_id)
trust_report = self.utils.getTrustReport(compute_node_id)
LOG.debug("trust_report : %s" % trust_report)
if trust_report is None:
#No attestation found for this host
return False
trust, asset_tag = asset_tag_utils.isHostTrusted(trust_report)
LOG.debug("trust : %s" % trust)
LOG.debug("asset_tag : %s" % asset_tag)
if not trust:
return False
if verify_asset_tag:
# Verify the asset tag restriction
return asset_tag_utils.isAssetTagsPresent(asset_tag, tag_selections)
return True
def search(self, req, id):
context = req.environ['nova.context']
authorize(context)
hypervisors = db.compute_node_search_by_hypervisor(context, id)
if hypervisors:
return dict(hypervisors=[self._view_hypervisor(hyp, False)
for hyp in hypervisors])
else:
msg = _("No hypervisor matching '%s' could be found.") % id
raise webob.exc.HTTPNotFound(explanation=msg)
def search(self, req, id):
context = req.environ['nova.context']
authorize(context)
hypervisors = db.compute_node_search_by_hypervisor(context, id)
if hypervisors:
return dict(hypervisors=[
self._view_hypervisor(hyp, False) for hyp in hypervisors
])
else:
msg = _("No hypervisor matching '%s' could be found.") % id
raise webob.exc.HTTPNotFound(explanation=msg)
def get_by_hypervisor(cls, context, hypervisor_match):
db_computes = db.compute_node_search_by_hypervisor(context, hypervisor_match)
return base.obj_make_list(context, ComputeNodeList(), ComputeNode, db_computes)
def get_by_hypervisor(cls, context, hypervisor_match):
db_computes = db.compute_node_search_by_hypervisor(
context, hypervisor_match)
return base.obj_make_list(context, cls(context), objects.ComputeNode,
db_computes)
class TrustAssertionFilter(filters.BaseHostFilter):
def __init__(self):
self.utils = host_trust_utils.HostTrustUtils()
self.compute_nodes = {}
self.admin = context.get_admin_context()
# Fetch compute node list to initialize the compute_nodes,
# so that we don't need poll OAT service one by one for each
# host in the first round that scheduler invokes us.
self.compute_nodes = db.compute_node_get_all(self.admin)
def host_passes(self, host_state, filter_properties):
"""Only return hosts with required Trust level."""
verify_asset_tag = False
verify_trust_status = False
spec = filter_properties.get('request_spec', {})
image_props = spec.get('image', {}).get('properties', {})
trust_verify = image_props.get('trust')
if('mtwilson_trustpolicy_location' in image_props):
LOG.info(image_props.get('mtwilson_trustpolicy_location'))
trust_verify = 'true'
LOG.debug("trust_verify : %s" % trust_verify)
if trust_verify == 'true':
verify_trust_status = True
# Get the Tag verification flag from the image properties
tag_selections = image_props.get('tags') # comma separated values
LOG.debug("tag_selections : %s" % tag_selections)
if tag_selections != None and tag_selections != {} and tag_selections != 'None':
verify_asset_tag = True
LOG.debug("verify_trust_status : %s" % verify_trust_status)
LOG.debug("verify_asset_tag : %s" % verify_asset_tag)
if not verify_trust_status:
# Filter returns success/true if neither trust or tag has to be verified.
return True
#Fetch compute node record for this hypervisor
compute_node = db.compute_node_search_by_hypervisor(self.admin, host_state.hypervisor_hostname)
compute_node_id = compute_node[0]['id']
LOG.debug("compute_node_is : %s" % compute_node_id)
trust_report = self.utils.getTrustReport(compute_node_id)
LOG.debug("trust_report : %s" % trust_report)
if trust_report is None:
#No attestation found for this host
return False
trust, asset_tag = asset_tag_utils.isHostTrusted(trust_report)
LOG.debug("trust : %s" % trust)
LOG.debug("asset_tag : %s" % asset_tag)
if not trust:
return False
if verify_asset_tag:
# Verify the asset tag restriction
return asset_tag_utils.isAssetTagsPresent(asset_tag, tag_selections)
return True
def get_by_hypervisor(cls, context, hypervisor_match):
db_computes = db.compute_node_search_by_hypervisor(
context, hypervisor_match)
return _make_list(context, ComputeNodeList(), ComputeNode, db_computes)
verify_trust_status = True
# Get the Tag verification flag from the image properties
tag_selections = image_props.get('tags') # comma separated values
LOG.debug("tag_selections : %s" % tag_selections)
if tag_selections != None and tag_selections != {} and tag_selections != 'None':
verify_asset_tag = True
LOG.debug("verify_trust_status : %s" % verify_trust_status)
LOG.debug("verify_asset_tag : %s" % verify_asset_tag)
if not verify_trust_status:
# Filter returns success/true if neither trust or tag has to be verified.
return True
#Fetch compute node record for this hypervisor
compute_node = db.compute_node_search_by_hypervisor(self.admin, host_state.hypervisor_hostname)
compute_node_id = compute_node[0]['id']
LOG.debug("compute_node_is : %s" % compute_node_id)
trust_report = self.utils.getTrustReport(compute_node_id)
LOG.debug("trust_report : %s" % trust_report)
if trust_report is None:
#No attestation found for this host
return False
trust, asset_tag = asset_tag_utils.isHostTrusted(trust_report)
LOG.debug("trust : %s" % trust)
LOG.debug("asset_tag : %s" % asset_tag)
if not trust:
return False
