Skip to content

Commit

Permalink
Validate TPM on vsphere
Browse files Browse the repository at this point in the history 
Warn in case TPM device is detected on a VM.

Signed-off-by: Liran Rotenberg <[email protected]>
  • Loading branch information
@liranr23
liranr23 committed Dec 25, 2023
1 parent ff786fc commit 39b7772
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 0 deletions.
16 changes: 16 additions & 0 deletions validation/policies/io/konveyor/forklift/vmware/tpm_enabled.rego
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
package io.konveyor.forklift.vmware

default has_tpm_enabled = false

has_tpm_enabled = true {
input.tpmEnabled == true
}

concerns[flag] {
has_tpm_enabled
flag := {
"category": "Warning",
"label": "VM configured with a TPM device",
"assessment": "The VM is configured with a TPM device. TPM data is not transferred during the migration."
}
}
19 changes: 19 additions & 0 deletions validation/policies/io/konveyor/forklift/vmware/tpm_enabled_test.rego
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
package io.konveyor.forklift.vmware

test_with_tpm_disabled {
mock_vm := {
"name": "test",
"tpmEnabled": false,
}
results := concerns with input as mock_vm
count(results) == 0
}

test_with_cpu_hot_add_enabled {
mock_vm := {
"name": "test",
"tpmEnabled": true
}
results := concerns with input as mock_vm
count(results) == 1
}

0 comments on commit 39b7772

Please sign in to comment.