From 022102ab911a631d4dd93f11dfb29db88c19070d Mon Sep 17 00:00:00 2001
From: Liam Young <liam.young@canonical.com>
Date: Tue, 24 Sep 2019 08:19:19 +0100
Subject: [PATCH] Add security actions

---
 zaza/openstack/charm_tests/aodh/tests.py | 39 ++++++++++++++++++++++--
 zaza/openstack/configure/telemetry.py    |  5 ++-
 2 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/zaza/openstack/charm_tests/aodh/tests.py b/zaza/openstack/charm_tests/aodh/tests.py
index 5879ea9..8042cea 100644
--- a/zaza/openstack/charm_tests/aodh/tests.py
+++ b/zaza/openstack/charm_tests/aodh/tests.py
@@ -16,12 +16,10 @@
 
 """Encapsulate masakari testing."""
 
-from datetime import datetime
 import logging
 
 import zaza.model
 import zaza.openstack.charm_tests.test_utils as test_utils
-import zaza.openstack.utilities.juju as juju_utils
 import zaza.openstack.utilities.openstack as openstack_utils
 
 
@@ -39,13 +37,14 @@ class AodhTest(test_utils.OpenStackBaseTest):
 
     @property
     def services(self):
+        """Return a list of the service that should be running."""
         if self.release >= self.xenial_ocata:
             services = [
                 'apache2',
                 'aodh-evaluator: AlarmEvaluationService worker(0)',
                 'aodh-notifier: AlarmNotifierService worker(0)',
                 ('aodh-listener: EventAlarmEvaluationService'
-                ' worker(0)')]
+                 ' worker(0)')]
         elif self.release >= self.xenial_newton:
             services = [
                 ('/usr/bin/python /usr/bin/aodh-api --port 8032 -- '
@@ -98,3 +97,37 @@ class AodhTest(test_utils.OpenStackBaseTest):
                 self.services,
                 pgrep_full=pgrep_full):
             logging.info("Testing pause resume")
+
+
+class SecurityTest(test_utils.OpenStackBaseTest):
+    """Neutron APIsecurity tests tests."""
+
+    def test_security_checklist(self):
+        """Verify expected state with security-checklist."""
+        # Changes fixing the below expected failures will be made following
+        # this initial work to get validation in. There will be bugs targeted
+        # to each one and resolved independently where possible.
+
+        expected_failures = [
+            'validate-enables-tls',
+            'validate-uses-tls-for-keystone',
+        ]
+        expected_passes = [
+            'validate-file-ownership',
+            'validate-file-permissions',
+            'validate-uses-keystone',
+        ]
+
+        for unit in zaza.model.get_units('aodh',
+                                         model_name=self.model_name):
+            logging.info('Running `security-checklist` action'
+                         ' on  unit {}'.format(unit.entity_id))
+            test_utils.audit_assertions(
+                zaza.model.run_action(
+                    unit.entity_id,
+                    'security-checklist',
+                    model_name=self.model_name,
+                    action_params={}),
+                expected_passes,
+                expected_failures,
+                expected_to_pass=False)
diff --git a/zaza/openstack/configure/telemetry.py b/zaza/openstack/configure/telemetry.py
index 880395d..144d447 100644
--- a/zaza/openstack/configure/telemetry.py
+++ b/zaza/openstack/configure/telemetry.py
@@ -18,14 +18,13 @@ Functions for managing masakari resources and simulating compute node loss
 and recovery.
 """
 
-import logging
-
 import zaza.model
 
+
 def ceilometer_upgrade(application_name=None, model_name=None):
+    """Run ceilometer upgrade action."""
     zaza.model.run_action_on_leader(
         application_name,
         'ceilometer-upgrade',
         model_name=model_name,
         action_params={})
-