Add ephemeral disk encryption scenario test
Adds ephemeral-disk-encryption group to Barbican Tempest configuration
options.
Enables ephemeral disk encryption for Barbican Tempest tests by updating
pre_test_hook.sh, which is run at the start of relevant gate tests.
Adds an ephemeral disk encryption scenario test to verify the
functionality of encrypted ephemeral storage. The test creates an image,
boots an instance from the created image, and writes to a new file in
the instance. Improper calls to encrypt the LVM ephemeral disk that is
being written to will be caught with this test.
Change-Id: I5f194f3c2a91263d4d34204db5cd5845197169bb
diff --git a/barbican_tempest_plugin/config.py b/barbican_tempest_plugin/config.py
index 4326351..eae7a17 100644
--- a/barbican_tempest_plugin/config.py
+++ b/barbican_tempest_plugin/config.py
@@ -19,3 +19,27 @@
default=True,
help="Whether or not barbican is expected to be "
"available")
+
+ephemeral_storage_encryption_group = cfg.OptGroup(
+ name="ephemeral_storage_encryption",
+ title="Ephemeral storage encryption options")
+
+EphemeralStorageEncryptionGroup = [
+ cfg.BoolOpt('enabled',
+ default=False,
+ help="Does the test environment support ephemeral storage "
+ "encryption?"),
+ cfg.StrOpt('cipher',
+ default='aes-xts-plain64',
+ help="The cipher and mode used to encrypt ephemeral storage. "
+ "AES-XTS is recommended by NIST specifically for disk "
+ "storage, and the name is shorthand for AES encryption "
+ "using the XTS encryption mode. Available ciphers depend "
+ "on kernel support. At the command line, type "
+ "'cryptsetup benchmark' to determine the available "
+ "options (and see benchmark results), or go to "
+ "/proc/crypto."),
+ cfg.IntOpt('key_size',
+ default=256,
+ help="The key size used to encrypt ephemeral storage."),
+]