Drop cbitpos and reducedPhysBits from the API spec

Recent libvirt automatically fetches the values from domcapabilities therefore no need to have them in the VMI spec. Signed-off-by: Vasiliy Ulyanov <[email protected]>
rbo · Dec 21, 2021 · 5786d9c · 5786d9c
1 parent 8d691b6
commit 5786d9c
Show file tree

Hide file tree

Showing 19 changed files with 15 additions and 803 deletions.
diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json
@@ -14687,23 +14687,13 @@
    "v1.SEV": {
     "type": "object",
     "properties": {
-     "cbitpos": {
-      "description": "CBit Position",
-      "type": "integer",
-      "format": "int32"
-     },
      "policy": {
       "description": "Guest SEV policy",
       "type": "array",
       "items": {
        "type": "string"
       },
       "x-kubernetes-list-type": "set"
-     },
-     "reducedPhysBits": {
-      "description": "No. of physical bits in address space",
-      "type": "integer",
-      "format": "int32"
      }
     }
    },

diff --git a/pkg/virt-launcher/virtwrap/BUILD.bazel b/pkg/virt-launcher/virtwrap/BUILD.bazel
@@ -41,7 +41,6 @@ go_library(
         "//pkg/virt-launcher/virtwrap/device/hostdevice/sriov:go_default_library",
         "//pkg/virt-launcher/virtwrap/efi:go_default_library",
         "//pkg/virt-launcher/virtwrap/errors:go_default_library",
-        "//pkg/virt-launcher/virtwrap/launchsecurity:go_default_library",
         "//pkg/virt-launcher/virtwrap/stats:go_default_library",
         "//pkg/virt-launcher/virtwrap/util:go_default_library",
         "//staging/src/kubevirt.io/api/core/v1:go_default_library",
@@ -74,7 +73,6 @@ go_test(
         "//pkg/virt-launcher/virtwrap/api:go_default_library",
         "//pkg/virt-launcher/virtwrap/cli:go_default_library",
         "//pkg/virt-launcher/virtwrap/converter:go_default_library",
-        "//pkg/virt-launcher/virtwrap/launchsecurity:go_default_library",
         "//pkg/virt-launcher/virtwrap/stats:go_default_library",
         "//staging/src/kubevirt.io/api/core/v1:go_default_library",
         "//staging/src/kubevirt.io/client-go/api:go_default_library",

diff --git a/pkg/virt-launcher/virtwrap/converter/BUILD.bazel b/pkg/virt-launcher/virtwrap/converter/BUILD.bazel
@@ -53,7 +53,6 @@ go_test(
         "//pkg/testutils:go_default_library",
         "//pkg/virt-controller/services:go_default_library",
         "//pkg/virt-launcher/virtwrap/api:go_default_library",
-        "//pkg/virt-launcher/virtwrap/launchsecurity:go_default_library",
         "//staging/src/kubevirt.io/api/core/v1:go_default_library",
         "//staging/src/kubevirt.io/client-go/api:go_default_library",
         "//staging/src/kubevirt.io/client-go/testutils:go_default_library",

diff --git a/pkg/virt-launcher/virtwrap/converter/converter.go b/pkg/virt-launcher/virtwrap/converter/converter.go
@@ -121,7 +121,6 @@ type ConverterContext struct {
 	CpuScheduler          *api.VCPUScheduler
 	ExpandDisksEnabled    bool
 	UseLaunchSecurity     bool
-	SEVConfiguration      *launchsecurity.SEVConfiguration
 }
 
 func contains(volumes []string, name string) bool {
@@ -1265,17 +1264,10 @@ func Convert_v1_VirtualMachineInstance_To_api_Domain(vmi *v1.VirtualMachineInsta
 		if err != nil {
 			return err
 		}
+		// Cbitpos and ReducedPhysBits will be filled automatically by libvirt from the domain capabilities
 		domain.Spec.LaunchSecurity = &api.LaunchSecurity{
-			Type:            "sev",
-			Cbitpos:         c.SEVConfiguration.Cbitpos,
-			ReducedPhysBits: c.SEVConfiguration.ReducedPhysBits,
-			Policy:          "0x" + strconv.FormatUint(uint64(sevPolicyBits), 16),
-		}
-		if vmi.Spec.Domain.LaunchSecurity.SEV.Cbitpos != nil {
-			domain.Spec.LaunchSecurity.Cbitpos = strconv.FormatUint(uint64(*vmi.Spec.Domain.LaunchSecurity.SEV.Cbitpos), 10)
-		}
-		if vmi.Spec.Domain.LaunchSecurity.SEV.ReducedPhysBits != nil {
-			domain.Spec.LaunchSecurity.ReducedPhysBits = strconv.FormatUint(uint64(*vmi.Spec.Domain.LaunchSecurity.SEV.ReducedPhysBits), 10)
+			Type:   "sev",
+			Policy: "0x" + strconv.FormatUint(uint64(sevPolicyBits), 16),
 		}
 		controllerDriver = &api.ControllerDriver{
 			IOMMU: "on",

diff --git a/pkg/virt-launcher/virtwrap/converter/converter_test.go b/pkg/virt-launcher/virtwrap/converter/converter_test.go
@@ -44,7 +44,6 @@ import (
 	"kubevirt.io/kubevirt/pkg/ephemeral-disk/fake"
 	"kubevirt.io/kubevirt/pkg/testutils"
 	"kubevirt.io/kubevirt/pkg/virt-launcher/virtwrap/api"
-	"kubevirt.io/kubevirt/pkg/virt-launcher/virtwrap/launchsecurity"
 
 	v1 "kubevirt.io/api/core/v1"
 	kvapi "kubevirt.io/client-go/api"
@@ -3193,15 +3192,6 @@ var _ = Describe("Converter", func() {
 			c   *ConverterContext
 		)
 
-		sevConfiguration := launchsecurity.SEVConfiguration{
-			Cbitpos:         "5",
-			ReducedPhysBits: "3",
-		}
-
-		uintPtr := func(val uint) *uint {
-			return &val
-		}
-
 		BeforeEach(func() {
 			vmi = kvapi.NewMinimalVMI("testvmi")
 			v1.SetObjectDefaults_VirtualMachineInstance(vmi)
@@ -3232,7 +3222,6 @@ var _ = Describe("Converter", func() {
 				AllowEmulation:    true,
 				EFIConfiguration:  &EFIConfiguration{},
 				UseLaunchSecurity: true,
-				SEVConfiguration:  &sevConfiguration,
 			}
 		})
 
@@ -3280,47 +3269,6 @@ var _ = Describe("Converter", func() {
 			Expect(domain.Spec.Devices.Interfaces[1].Rom).ToNot(BeNil())
 			Expect(domain.Spec.Devices.Interfaces[1].Rom.Enabled).To(Equal("no"))
 		})
-
-		table.DescribeTable("convertion", func(expectErr bool, sev *v1.SEV, expectation *api.LaunchSecurity) {
-			domain := &api.Domain{}
-			vmi.Spec.Domain.LaunchSecurity.SEV = sev
-			if expectErr {
-				Expect(Convert_v1_VirtualMachineInstance_To_api_Domain(vmi, domain, c)).ToNot(Succeed())
-				Expect(domain.Spec.LaunchSecurity).To(BeNil())
-			} else {
-				Expect(Convert_v1_VirtualMachineInstance_To_api_Domain(vmi, domain, c)).To(Succeed())
-				Expect(domain.Spec.LaunchSecurity).ToNot(BeNil())
-				Expect(*domain.Spec.LaunchSecurity).To(Equal(*expectation))
-			}
-		},
-			table.Entry("should succeed with default values", false,
-				&v1.SEV{},
-				&api.LaunchSecurity{
-					Type:            "sev",
-					Cbitpos:         sevConfiguration.Cbitpos,
-					ReducedPhysBits: sevConfiguration.ReducedPhysBits,
-					Policy:          "0x0",
-				}),
-			table.Entry("should succeed with correct values", false,
-				&v1.SEV{
-					Cbitpos:         uintPtr(1),
-					ReducedPhysBits: uintPtr(2),
-					Policy:          []v1.SEVPolicy{v1.SEVPolicyNoDebug, v1.SEVPolicyNoKeysSharing},
-				},
-				&api.LaunchSecurity{
-					Type:            "sev",
-					Cbitpos:         "1",
-					ReducedPhysBits: "2",
-					Policy:          "0x3",
-				}),
-			table.Entry("should fail with wrong values", true,
-				&v1.SEV{
-					Cbitpos:         uintPtr(1),
-					ReducedPhysBits: uintPtr(2),
-					Policy:          []v1.SEVPolicy{v1.SEVPolicy("WrongPolicy")},
-				},
-				nil),
-		)
 	})
 })
 

diff --git a/pkg/virt-launcher/virtwrap/launchsecurity/BUILD.bazel b/pkg/virt-launcher/virtwrap/launchsecurity/BUILD.bazel
@@ -2,17 +2,10 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
     name = "go_default_library",
-    srcs = [
-        "generated_mock_virsh.go",
-        "sev.go",
-        "virsh.go",
-    ],
+    srcs = ["sev.go"],
     importpath = "kubevirt.io/kubevirt/pkg/virt-launcher/virtwrap/launchsecurity",
     visibility = ["//visibility:public"],
-    deps = [
-        "//staging/src/kubevirt.io/api/core/v1:go_default_library",
-        "//vendor/github.com/golang/mock/gomock:go_default_library",
-    ],
+    deps = ["//staging/src/kubevirt.io/api/core/v1:go_default_library"],
 )
 
 go_test(
@@ -26,7 +19,6 @@ go_test(
         ":go_default_library",
         "//staging/src/kubevirt.io/api/core/v1:go_default_library",
         "//staging/src/kubevirt.io/client-go/testutils:go_default_library",
-        "//vendor/github.com/golang/mock/gomock:go_default_library",
         "//vendor/github.com/onsi/ginkgo:go_default_library",
         "//vendor/github.com/onsi/gomega:go_default_library",
     ],

diff --git a/pkg/virt-launcher/virtwrap/launchsecurity/generated_mock_virsh.go b/pkg/virt-launcher/virtwrap/launchsecurity/generated_mock_virsh.go
diff --git a/pkg/virt-launcher/virtwrap/launchsecurity/sev.go b/pkg/virt-launcher/virtwrap/launchsecurity/sev.go
@@ -20,34 +20,11 @@
 package launchsecurity
 
 import (
-	"encoding/xml"
 	"fmt"
 
 	v1 "kubevirt.io/api/core/v1"
 )
 
-type Features struct {
-	SEV SEVConfiguration `xml:"features>sev"`
-}
-
-type SEVConfiguration struct {
-	Supported       string `xml:"supported,attr"`
-	Cbitpos         string `xml:"cbitpos"`
-	ReducedPhysBits string `xml:"reducedPhysBits"`
-}
-
-func QuerySEVConfiguration(virsh Virsh) (*SEVConfiguration, error) {
-	out, err := virsh.Domcapabilities()
-	if err != nil {
-		return nil, fmt.Errorf("failed to query domain capabilities: %v", err)
-	}
-	features := &Features{}
-	if err := xml.Unmarshal(out, features); err != nil {
-		return nil, fmt.Errorf("failed to parse domain capabilities: %v", err)
-	}
-	return &features.SEV, nil
-}
-
 func SEVPolicyToBits(policy []v1.SEVPolicy) (uint, error) {
 	sevPolicyToBitMap := map[v1.SEVPolicy]uint{
 		v1.SEVPolicyNoDebug:        (1 << 0),

diff --git a/pkg/virt-launcher/virtwrap/launchsecurity/sev_test.go b/pkg/virt-launcher/virtwrap/launchsecurity/sev_test.go
@@ -20,10 +20,6 @@
 package launchsecurity_test
 
 import (
-	"fmt"
-	"io/ioutil"
-
-	"github.com/golang/mock/gomock"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 
@@ -32,57 +28,6 @@ import (
 )
 
 var _ = Describe("LaunchSecurity: AMD Secure Encrypted Virtualization (SEV)", func() {
-	Context("SEV capabilities detection", func() {
-		var ctrl *gomock.Controller
-		var virsh *launchsecurity.MockVirsh
-
-		BeforeEach(func() {
-			ctrl = gomock.NewController(GinkgoT())
-			virsh = launchsecurity.NewMockVirsh(ctrl)
-		})
-
-		AfterEach(func() {
-			ctrl.Finish()
-		})
-
-		It("should return a valid configuration when SEV is supported", func() {
-			virsh.EXPECT().Domcapabilities().DoAndReturn(func() ([]byte, error) {
-				bytes, err := ioutil.ReadFile("testdata/domcapabilities_sev.xml")
-				Expect(err).ToNot(HaveOccurred())
-				return bytes, err
-			})
-			sevConfiguration, err := launchsecurity.QuerySEVConfiguration(virsh)
-			Expect(err).ToNot(HaveOccurred())
-			Expect(sevConfiguration).ToNot(BeNil())
-			Expect(sevConfiguration.Supported).To(Equal("yes"))
-			Expect(sevConfiguration.Cbitpos).To(Equal("47"))
-			Expect(sevConfiguration.ReducedPhysBits).To(Equal("1"))
-		})
-
-		It("should return an empty configuration when SEV is not supported", func() {
-			virsh.EXPECT().Domcapabilities().DoAndReturn(func() ([]byte, error) {
-				bytes, err := ioutil.ReadFile("testdata/domcapabilities_nosev.xml")
-				Expect(err).ToNot(HaveOccurred())
-				return bytes, err
-			})
-			sevConfiguration, err := launchsecurity.QuerySEVConfiguration(virsh)
-			Expect(err).ToNot(HaveOccurred())
-			Expect(sevConfiguration).ToNot(BeNil())
-			Expect(sevConfiguration.Supported).To(Equal("no"))
-			Expect(sevConfiguration.Cbitpos).To(BeEmpty())
-			Expect(sevConfiguration.ReducedPhysBits).To(BeEmpty())
-		})
-
-		It("should return an error when domain capabilities cannot be fetched", func() {
-			virsh.EXPECT().Domcapabilities().DoAndReturn(func() ([]byte, error) {
-				return nil, fmt.Errorf("error")
-			})
-			sevConfiguration, err := launchsecurity.QuerySEVConfiguration(virsh)
-			Expect(err).To(HaveOccurred())
-			Expect(sevConfiguration).To(BeNil())
-		})
-	})
-
 	Context("SEV policy conversion", func() {
 		It("should succeed when correct values are provided", func() {
 			policy := []v1.SEVPolicy{