Create experimental gate job to test Nova’s image signature verification
In order to support Nova’s image signature verification feature, we propose creating an experimental gate which tests this feature in a Tempest scenario. This will require adding a Tempest test which signs an image, uploads the signing certificate to a key manager, uploads the signed image to Glance with signature metadata, and boots the signed image in Nova. Once the proper Tempest scenario is created, we will add a non-voting gate job to Nova’s experimental queue which performs this scenario.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Dane Fichter
- Direction:
- Needs approval
- Assignee:
- Dane Fichter
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add signed image Tempest scenario (ABANDONED)
Addressed by: https:/
Add key_manager service to Tempest (ABANDONED)
Note: This is now implemented in the barbican-
Addressed by: https:/
Add barbican-
Addressed by: https:/
Add image signing scenario (MERGED)