From 16c282b22086fc8cb559f7f0bc4f756e214b6579 Mon Sep 17 00:00:00 2001
From: Chris MacNaughton <chris@centaurisolutions.nl>
Date: Fri, 1 Mar 2019 09:12:49 +0100
Subject: [PATCH] Add keystone SecurityTests class

---
 zaza/charm_tests/keystone/tests.py | 59 +++++++++++++++++-------------
 1 file changed, 34 insertions(+), 25 deletions(-)

diff --git a/zaza/charm_tests/keystone/tests.py b/zaza/charm_tests/keystone/tests.py
index a0041cb..72cf885 100644
--- a/zaza/charm_tests/keystone/tests.py
+++ b/zaza/charm_tests/keystone/tests.py
@@ -153,31 +153,6 @@ class CharmOperationTest(BaseKeystoneTest):
                              .format(pprint.pformat(unit_repo),
                                      pprint.pformat(lead_repo)))
 
-    def test_security_checklist(self):
-        """Verify expected state with security-checklist."""
-        expected_failures = [
-            'check-max-request-body-size',
-            'disable-admin-token',
-            'uses-sha256-for-hashing-tokens',
-            'validate-file-ownership',
-            'validate-file-permissions',
-        ]
-        expected_passes = [
-            'uses-fernet-token-after-default',
-            'insecure-debug-is-false',
-        ]
-
-        logging.info('Running `security-checklist` action'
-                     ' on Keystone leader unit')
-        test_utils.audit_assertions(
-            zaza.model.run_action_on_leader(
-                'keystone',
-                'security-checklist',
-                action_params={}),
-            expected_passes,
-            expected_failures,
-            expected_to_pass=False)
-
 
 class AuthenticationAuthorizationTest(BaseKeystoneTest):
     """Keystone authentication and authorization tests."""
@@ -350,3 +325,37 @@ class AuthenticationAuthorizationTest(BaseKeystoneTest):
                     openrc.update(
                         {'OS_AUTH_URL': 'http://{}:5000/v3'.format(ip)})
                     _validate_token_data(openrc)
+
+
+class SecurityTests(BaseKeystoneTest):
+    """Keystone security tests tests."""
+
+    @classmethod
+    def setUpClass(cls):
+        """Run class setup for running Keystone aa-tests."""
+        super(SecurityTests, cls).setUpClass()
+
+    def test_security_checklist(self):
+        """Verify expected state with security-checklist."""
+        expected_failures = [
+            'check-max-request-body-size',
+            'disable-admin-token',
+            'uses-sha256-for-hashing-tokens',
+            'validate-file-ownership',
+            'validate-file-permissions',
+        ]
+        expected_passes = [
+            'uses-fernet-token-after-default',
+            'insecure-debug-is-false',
+        ]
+
+        logging.info('Running `security-checklist` action'
+                     ' on Keystone leader unit')
+        test_utils.audit_assertions(
+            zaza.model.run_action_on_leader(
+                'keystone',
+                'security-checklist',
+                action_params={}),
+            expected_passes,
+            expected_failures,
+            expected_to_pass=False)