From 75f2d3b7fc7d4af0e8891073e03ada14280ed248 Mon Sep 17 00:00:00 2001
From: Amit Uniyal <auniyal@redhat.com>
Date: Wed, 10 Jul 2024 03:35:12 -0400
Subject: [PATCH] verify vencrypt feature

Verify vnc console is exported such that it can use tls via the vencrypt
feature.

Change-Id: I5f2ae58b909fb005be9bf1a88d55d9a2ff452e46
---
 .../api/compute/test_console_encryption.py    | 55 +++++++++++++++++++
 whitebox_tempest_plugin/config.py             |  3 +
 2 files changed, 58 insertions(+)
 create mode 100644 whitebox_tempest_plugin/api/compute/test_console_encryption.py

diff --git a/whitebox_tempest_plugin/api/compute/test_console_encryption.py b/whitebox_tempest_plugin/api/compute/test_console_encryption.py
new file mode 100644
index 00000000..089fef66
--- /dev/null
+++ b/whitebox_tempest_plugin/api/compute/test_console_encryption.py
@@ -0,0 +1,55 @@
+# Copyright 2024 Red Hat Inc.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest import config
+from whitebox_tempest_plugin.api.compute import base
+from whitebox_tempest_plugin.services.clients import SSHClient
+
+CONF = config.CONF
+
+
+class TestVencrypt(base.BaseWhiteboxComputeTest):
+
+    @classmethod
+    def skip_checks(cls):
+        super(TestVencrypt, cls).skip_checks()
+        if not CONF.compute_feature_enabled.vencrypt:
+            raise cls.skipException("vencrypt is not enabled")
+
+    def setUp(self):
+        super(TestVencrypt, self).setUp()
+        server = self.create_test_server(wait_until='ACTIVE')
+        server = self.os_admin.servers_client.show_server(server["id"])[
+            'server']
+        self.instance = server["OS-EXT-SRV-ATTR:instance_name"]
+        self.host = self.get_host_for_server(server['id'])
+        self.ssh_cl = SSHClient(self.host)
+
+    def test_via_qemu_logs(self):
+        cmd = f'cat /var/log/libvirt/qemu/{self.instance}.log'
+        cmd += '| grep vnc'
+        data = self.ssh_cl.execute(cmd, sudo=True).splitlines()
+
+        # qemu logs should have vnc-tls object
+        # -object '{
+        #       "qom-type":"tls-creds-x509",
+        #       "id":"vnc-tls-creds0",
+        #       "dir":"/etc/pki/qemu",
+        #       "endpoint":"server",
+        #       "verify-peer":true}'
+        tls_objects = [
+            'vnc-tls' in obj and '"verify-peer":true' in obj for obj in data
+        ]
+        self.assertTrue(any(tls_objects))
diff --git a/whitebox_tempest_plugin/config.py b/whitebox_tempest_plugin/config.py
index e35c176c..8f7dd065 100644
--- a/whitebox_tempest_plugin/config.py
+++ b/whitebox_tempest_plugin/config.py
@@ -348,4 +348,7 @@ compute_features_group_opts = [
     cfg.BoolOpt('cpu_power_management',
                 default=False,
                 help="Libvirt CPU power management is turned on."),
+    cfg.BoolOpt('vencrypt',
+                default=False,
+                help="verify vnc console tls."),
 ]