Create experimental gate job to test Nova’s image signature verification

Registered by Dane Fichter

In order to support Nova’s image signature verification feature, we propose creating an experimental gate which tests this feature in a Tempest scenario. This will require adding a Tempest test which signs an image, uploads the signing certificate to a key manager, uploads the signed image to Glance with signature metadata, and boots the signed image in Nova. Once the proper Tempest scenario is created, we will add a non-voting gate job to Nova’s experimental queue which performs this scenario.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Dane Fichter
Direction:
Needs approval
Assignee:
Dane Fichter
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/image-signing-experimental-gate,n,z

Addressed by: https://review.openstack.org/390085
    Add signed image Tempest scenario (ABANDONED)

Addressed by: https://review.openstack.org/392329
    Add key_manager service to Tempest (ABANDONED)

Note: This is now implemented in the barbican-tempest-plugin project

Addressed by: https://review.openstack.org/#/c/443167/
    Add barbican-tempest-plugin tests to Nova

Addressed by: https://review.openstack.org/#/c/431241/
    Add image signing scenario (MERGED)

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.