Create experimental gate job to test Nova’s image signature verification

Registered by Dane Fichter on 2016-10-17

In order to support Nova’s image signature verification feature, we propose creating an experimental gate which tests this feature in a Tempest scenario. This will require adding a Tempest test which signs an image, uploads the signing certificate to a key manager, uploads the signed image to Glance with signature metadata, and boots the signed image in Nova. Once the proper Tempest scenario is created, we will add a non-voting gate job to Nova’s experimental queue which performs this scenario.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Dane Fichter
Direction:
Needs approval
Assignee:
Dane Fichter
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/image-signing-experimental-gate,n,z

Addressed by: https://review.openstack.org/390085
    Add signed image Tempest scenario (ABANDONED)

Addressed by: https://review.openstack.org/392329
    Add key_manager service to Tempest (ABANDONED)

Note: This is now implemented in the barbican-tempest-plugin project

Addressed by: https://review.openstack.org/#/c/443167/
    Add barbican-tempest-plugin tests to Nova

Addressed by: https://review.openstack.org/#/c/431241/
    Add image signing scenario (MERGED)

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.