Add hw:tpm_secret_security extra spec validation

Like the image property, it can have the `user`, `host`, or
`deployment` value. Use this opportunity to also add unit testing for
the previous TPM extra specs, hw:tpm_model and hw:tpm_version.

NOTE(artom) The spec used hw:vtpm_secret_security, this patch uses
hw:tpm_secret_security (without the v) to align with the existing
extra specs (and image properties).

Implements: blueprint vtpm-live-migration

Change-Id: Ie6495bef7a2a782d4c70eae7f8ff685afe8fe93a
Signed-off-by: melanie witt <melwittt@gmail.com>

nova/api/validation/extra_specs/hw.py

@@ -505,6 +505,23 @@ feature_flag_validators = [
             ],
         },
     ),
+    base.ExtraSpecValidator(
+        name='hw:tpm_secret_security',
+        description=(
+            "The TPM secret security. "
+            "Only supported by the libvirt virt driver."
+        ),
+        value={
+            'type': str,
+            'description': 'The TPM secret security policy to apply. '
+                           'See the TPM documentation for more details',
+            'enum': [
+                'user',
+                'host',
+                'deployment',
+            ],
+        },
+    ),
     base.ExtraSpecValidator(
         name='hw:watchdog_action',
         description=(

nova/tests/unit/api/validation/extra_specs/test_validators.py

@@ -78,6 +78,13 @@ class TestValidators(test.NoDBTestCase):
             ('hw:viommu_model', 'intel'),
             ('hw:viommu_model', 'smmuv3'),
             ('hw:viommu_model', 'virtio'),
+            ('hw:tpm_model', 'tpm-tis'),
+            ('hw:tpm_model', 'tpm-crb'),
+            ('hw:tpm_version', '1.2'),
+            ('hw:tpm_version', '2.0'),
+            ('hw:tpm_secret_security', 'user'),
+            ('hw:tpm_secret_security', 'host'),
+            ('hw:tpm_secret_security', 'deployment'),
         )
         for key, value in valid_specs:
             validators.validate(key, value)
@@ -97,6 +104,9 @@ class TestValidators(test.NoDBTestCase):
             ('hw:pci_numa_affinity_policy', 'prefrred'),
             ('hw:pci_numa_affinity_policy', 'socet'),
             ('hw:viommu_model', 'autt'),
+            ('hw:tpm_model', 'tpm-foo'),
+            ('hw:tpm_version', '4.2'),
+            ('hw:tpm_secret_security', 'bar'),
         )
         for key, value in invalid_specs:
             with testtools.ExpectedException(exception.ValidationError):