From 79ac6f7ad8ee58d02e416c0a3234596561931d03 Mon Sep 17 00:00:00 2001
From: Liran Rotenberg <lrotenbe@redhat.com>
Date: Mon, 27 Nov 2023 15:44:14 +0200
Subject: [PATCH] Validate TPM device

Signed-off-by: Liran Rotenberg <lrotenbe@redhat.com>
---
 .../io/konveyor/forklift/ovirt/tpm.rego         | 16 ++++++++++++++++
 .../io/konveyor/forklift/ovirt/tpm_test.rego    | 17 +++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 validation/policies/io/konveyor/forklift/ovirt/tpm.rego
 create mode 100644 validation/policies/io/konveyor/forklift/ovirt/tpm_test.rego

diff --git a/validation/policies/io/konveyor/forklift/ovirt/tpm.rego b/validation/policies/io/konveyor/forklift/ovirt/tpm.rego
new file mode 100644
index 000000000..2cd4902fd
--- /dev/null
+++ b/validation/policies/io/konveyor/forklift/ovirt/tpm.rego
@@ -0,0 +1,16 @@
+package io.konveyor.forklift.ovirt
+
+default has_tpm_enabled = false
+
+has_tpm_enabled = value {
+   value :=  input.tpmEnabled
+}
+
+concerns[flag] {
+    has_tpm_enabled
+    flag := {
+        "category": "Warning",
+        "label": "VM configured with TPM device",
+        "assessment": "The VM is configured with TPM device. TPM data will be loss during the migration."
+    }
+}
diff --git a/validation/policies/io/konveyor/forklift/ovirt/tpm_test.rego b/validation/policies/io/konveyor/forklift/ovirt/tpm_test.rego
new file mode 100644
index 000000000..638af442b
--- /dev/null
+++ b/validation/policies/io/konveyor/forklift/ovirt/tpm_test.rego
@@ -0,0 +1,17 @@
+package io.konveyor.forklift.ovirt
+ 
+test_without_tpm_enabled {
+    mock_vm := { "name": "test",
+                 "tpmEnabled": false
+                }
+    results = concerns with input as mock_vm
+    count(results) == 0
+}
+
+test_with_tpm_enabled {
+    mock_vm := { "name": "test",
+                 "tpmEnabled": true
+                }
+    results = concerns with input as mock_vm
+    count(results) == 1
+}
\ No newline at end of file