diff --git a/nova/api/validation/extra_specs/hw.py b/nova/api/validation/extra_specs/hw.py index e335f8bce3..d4712253e4 100644 --- a/nova/api/validation/extra_specs/hw.py +++ b/nova/api/validation/extra_specs/hw.py @@ -505,6 +505,23 @@ feature_flag_validators = [ ], }, ), + base.ExtraSpecValidator( + name='hw:tpm_secret_security', + description=( + "The TPM secret security. " + "Only supported by the libvirt virt driver." + ), + value={ + 'type': str, + 'description': 'The TPM secret security policy to apply. ' + 'See the TPM documentation for more details', + 'enum': [ + 'user', + 'host', + 'deployment', + ], + }, + ), base.ExtraSpecValidator( name='hw:watchdog_action', description=( diff --git a/nova/tests/unit/api/validation/extra_specs/test_validators.py b/nova/tests/unit/api/validation/extra_specs/test_validators.py index e639c02407..f1d1a14b94 100644 --- a/nova/tests/unit/api/validation/extra_specs/test_validators.py +++ b/nova/tests/unit/api/validation/extra_specs/test_validators.py @@ -78,6 +78,13 @@ class TestValidators(test.NoDBTestCase): ('hw:viommu_model', 'intel'), ('hw:viommu_model', 'smmuv3'), ('hw:viommu_model', 'virtio'), + ('hw:tpm_model', 'tpm-tis'), + ('hw:tpm_model', 'tpm-crb'), + ('hw:tpm_version', '1.2'), + ('hw:tpm_version', '2.0'), + ('hw:tpm_secret_security', 'user'), + ('hw:tpm_secret_security', 'host'), + ('hw:tpm_secret_security', 'deployment'), ) for key, value in valid_specs: validators.validate(key, value) @@ -97,6 +104,9 @@ class TestValidators(test.NoDBTestCase): ('hw:pci_numa_affinity_policy', 'prefrred'), ('hw:pci_numa_affinity_policy', 'socet'), ('hw:viommu_model', 'autt'), + ('hw:tpm_model', 'tpm-foo'), + ('hw:tpm_version', '4.2'), + ('hw:tpm_secret_security', 'bar'), ) for key, value in invalid_specs: with testtools.ExpectedException(exception.ValidationError):