def test_get_by_hypervisor(self): self.mox.StubOutWithMock(db, "compute_node_search_by_hypervisor") db.compute_node_search_by_hypervisor(self.context, "hyper").AndReturn([fake_compute_node]) self.mox.ReplayAll() computes = compute_node.ComputeNodeList.get_by_hypervisor(self.context, "hyper") self.assertEqual(1, len(computes)) self.compare_obj(computes[0], fake_compute_node, subs=self.subs(), comparators=self.comparators())
def test_get_by_hypervisor(self): self.mox.StubOutWithMock(db, 'compute_node_search_by_hypervisor') db.compute_node_search_by_hypervisor(self.context, 'hyper').AndReturn( [fake_compute_node]) self.mox.ReplayAll() computes = compute_node.ComputeNodeList.get_by_hypervisor( self.context, 'hyper') self.assertEqual(1, len(computes)) self.compare_obj(computes[0], fake_compute_node)
def test_get_by_hypervisor(self): self.mox.StubOutWithMock(db, 'compute_node_search_by_hypervisor') db.compute_node_search_by_hypervisor(self.context, 'hyper').AndReturn( [fake_compute_node]) self.mox.ReplayAll() computes = compute_node.ComputeNodeList.get_by_hypervisor(self.context, 'hyper') self.assertEqual(1, len(computes)) self.compare_obj(computes[0], fake_compute_node)
def host_passes(self, host_state, spec_obj): """Only return hosts with required Trust level.""" verify_asset_tag = False verify_trust_status = False #spec = filter_properties.get('request_spec', {}) image_props = spec_obj.image.properties trust_verify = image_props.get('trust') if('mtwilson_trustpolicy_location' in image_props): LOG.info(image_props.get('mtwilson_trustpolicy_location')) trust_verify = 'true' LOG.debug("trust_verify : %s" % trust_verify) #if tag_selections is None or tag_selections == 'Trust': if trust_verify == 'true': verify_trust_status = True # Get the Tag verification flag from the image properties tag_selections = image_props.get('tags') # comma separated values LOG.debug("tag_selections : %s" % tag_selections) if tag_selections != None and tag_selections != {} and tag_selections != 'None': verify_asset_tag = True LOG.debug("verify_trust_status : %s" % verify_trust_status) LOG.debug("verify_asset_tag : %s" % verify_asset_tag) if not verify_trust_status: # Filter returns success/true if neither trust or tag has to be verified. return True #Fetch compute node record for this hypervisor compute_node = db.compute_node_search_by_hypervisor(self.admin, host_state.hypervisor_hostname) compute_node_id = compute_node[0]['id'] LOG.debug("compute_node_is : %s" % compute_node_id) trust_report = self.utils.getTrustReport(compute_node_id) LOG.debug("trust_report : %s" % trust_report) if trust_report is None: #No attestation found for this host return False trust, asset_tag = asset_tag_utils.isHostTrusted(trust_report) LOG.debug("trust : %s" % trust) LOG.debug("asset_tag : %s" % asset_tag) if not trust: return False if verify_asset_tag: # Verify the asset tag restriction return asset_tag_utils.isAssetTagsPresent(asset_tag, tag_selections) return True
def search(self, req, id): context = req.environ['nova.context'] authorize(context) hypervisors = db.compute_node_search_by_hypervisor(context, id) if hypervisors: return dict(hypervisors=[self._view_hypervisor(hyp, False) for hyp in hypervisors]) else: msg = _("No hypervisor matching '%s' could be found.") % id raise webob.exc.HTTPNotFound(explanation=msg)
def search(self, req, id): context = req.environ['nova.context'] authorize(context) hypervisors = db.compute_node_search_by_hypervisor(context, id) if hypervisors: return dict(hypervisors=[ self._view_hypervisor(hyp, False) for hyp in hypervisors ]) else: msg = _("No hypervisor matching '%s' could be found.") % id raise webob.exc.HTTPNotFound(explanation=msg)
def get_by_hypervisor(cls, context, hypervisor_match): db_computes = db.compute_node_search_by_hypervisor(context, hypervisor_match) return base.obj_make_list(context, ComputeNodeList(), ComputeNode, db_computes)
def get_by_hypervisor(cls, context, hypervisor_match): db_computes = db.compute_node_search_by_hypervisor( context, hypervisor_match) return base.obj_make_list(context, cls(context), objects.ComputeNode, db_computes)
class TrustAssertionFilter(filters.BaseHostFilter): def __init__(self): self.utils = host_trust_utils.HostTrustUtils() self.compute_nodes = {} self.admin = context.get_admin_context() # Fetch compute node list to initialize the compute_nodes, # so that we don't need poll OAT service one by one for each # host in the first round that scheduler invokes us. self.compute_nodes = db.compute_node_get_all(self.admin) def host_passes(self, host_state, filter_properties): """Only return hosts with required Trust level.""" verify_asset_tag = False verify_trust_status = False spec = filter_properties.get('request_spec', {}) image_props = spec.get('image', {}).get('properties', {}) trust_verify = image_props.get('trust') if('mtwilson_trustpolicy_location' in image_props): LOG.info(image_props.get('mtwilson_trustpolicy_location')) trust_verify = 'true' LOG.debug("trust_verify : %s" % trust_verify) if trust_verify == 'true': verify_trust_status = True # Get the Tag verification flag from the image properties tag_selections = image_props.get('tags') # comma separated values LOG.debug("tag_selections : %s" % tag_selections) if tag_selections != None and tag_selections != {} and tag_selections != 'None': verify_asset_tag = True LOG.debug("verify_trust_status : %s" % verify_trust_status) LOG.debug("verify_asset_tag : %s" % verify_asset_tag) if not verify_trust_status: # Filter returns success/true if neither trust or tag has to be verified. return True #Fetch compute node record for this hypervisor compute_node = db.compute_node_search_by_hypervisor(self.admin, host_state.hypervisor_hostname) compute_node_id = compute_node[0]['id'] LOG.debug("compute_node_is : %s" % compute_node_id) trust_report = self.utils.getTrustReport(compute_node_id) LOG.debug("trust_report : %s" % trust_report) if trust_report is None: #No attestation found for this host return False trust, asset_tag = asset_tag_utils.isHostTrusted(trust_report) LOG.debug("trust : %s" % trust) LOG.debug("asset_tag : %s" % asset_tag) if not trust: return False if verify_asset_tag: # Verify the asset tag restriction return asset_tag_utils.isAssetTagsPresent(asset_tag, tag_selections) return True
def get_by_hypervisor(cls, context, hypervisor_match): db_computes = db.compute_node_search_by_hypervisor( context, hypervisor_match) return _make_list(context, ComputeNodeList(), ComputeNode, db_computes)
verify_trust_status = True # Get the Tag verification flag from the image properties tag_selections = image_props.get('tags') # comma separated values LOG.debug("tag_selections : %s" % tag_selections) if tag_selections != None and tag_selections != {} and tag_selections != 'None': verify_asset_tag = True LOG.debug("verify_trust_status : %s" % verify_trust_status) LOG.debug("verify_asset_tag : %s" % verify_asset_tag) if not verify_trust_status: # Filter returns success/true if neither trust or tag has to be verified. return True #Fetch compute node record for this hypervisor compute_node = db.compute_node_search_by_hypervisor(self.admin, host_state.hypervisor_hostname) compute_node_id = compute_node[0]['id'] LOG.debug("compute_node_is : %s" % compute_node_id) trust_report = self.utils.getTrustReport(compute_node_id) LOG.debug("trust_report : %s" % trust_report) if trust_report is None: #No attestation found for this host return False trust, asset_tag = asset_tag_utils.isHostTrusted(trust_report) LOG.debug("trust : %s" % trust) LOG.debug("asset_tag : %s" % asset_tag) if not trust: return False