Add keystone SecurityTests class

2019-03-01 09:12:49 +01:00
parent 2268fc8006
commit 16c282b220
1 changed files with 34 additions and 25 deletions
@@ -153,31 +153,6 @@ class CharmOperationTest(BaseKeystoneTest):
                             .format(pprint.pformat(unit_repo),
                                     pprint.pformat(lead_repo)))

-    def test_security_checklist(self):
-        """Verify expected state with security-checklist."""
-        expected_failures = [
-            'check-max-request-body-size',
-            'disable-admin-token',
-            'uses-sha256-for-hashing-tokens',
-            'validate-file-ownership',
-            'validate-file-permissions',
-        ]
-        expected_passes = [
-            'uses-fernet-token-after-default',
-            'insecure-debug-is-false',
-        ]
-
-        logging.info('Running `security-checklist` action'
-                     ' on Keystone leader unit')
-        test_utils.audit_assertions(
-            zaza.model.run_action_on_leader(
-                'keystone',
-                'security-checklist',
-                action_params={}),
-            expected_passes,
-            expected_failures,
-            expected_to_pass=False)
-

 class AuthenticationAuthorizationTest(BaseKeystoneTest):
    """Keystone authentication and authorization tests."""
@@ -350,3 +325,37 @@ class AuthenticationAuthorizationTest(BaseKeystoneTest):
                    openrc.update(
                        {'OS_AUTH_URL': 'http://{}:5000/v3'.format(ip)})
                    _validate_token_data(openrc)
+
+
+class SecurityTests(BaseKeystoneTest):
+    """Keystone security tests tests."""
+
+    @classmethod
+    def setUpClass(cls):
+        """Run class setup for running Keystone aa-tests."""
+        super(SecurityTests, cls).setUpClass()
+
+    def test_security_checklist(self):
+        """Verify expected state with security-checklist."""
+        expected_failures = [
+            'check-max-request-body-size',
+            'disable-admin-token',
+            'uses-sha256-for-hashing-tokens',
+            'validate-file-ownership',
+            'validate-file-permissions',
+        ]
+        expected_passes = [
+            'uses-fernet-token-after-default',
+            'insecure-debug-is-false',
+        ]
+
+        logging.info('Running `security-checklist` action'
+                     ' on Keystone leader unit')
+        test_utils.audit_assertions(
+            zaza.model.run_action_on_leader(
+                'keystone',
+                'security-checklist',
+                action_params={}),
+            expected_passes,
+            expected_failures,
+            expected_to_pass=False)