Merge pull request #484 from fnordahl/update-nova-security-checklist
nova: Conditional security checklist based on presence of vault
This commit is contained in:
Aurelien Lourot
GitHub
@@ -495,17 +495,24 @@ class SecurityTests(test_utils.OpenStackBaseTest):
|
||||
# Changes fixing the below expected failures will be made following
|
||||
# this initial work to get validation in. There will be bugs targeted
|
||||
# to each one and resolved independently where possible.
|
||||
|
||||
expected_failures = [
|
||||
'is-volume-encryption-enabled',
|
||||
'validate-uses-tls-for-glance',
|
||||
'validate-uses-tls-for-keystone',
|
||||
]
|
||||
expected_passes = [
|
||||
'validate-file-ownership',
|
||||
'validate-file-permissions',
|
||||
'validate-uses-keystone',
|
||||
]
|
||||
tls_checks = [
|
||||
'validate-uses-tls-for-glance',
|
||||
'validate-uses-tls-for-keystone',
|
||||
]
|
||||
if zaza.model.get_relation_id(
|
||||
'nova-cloud-controller',
|
||||
'vault',
|
||||
remote_interface_name='certificates'):
|
||||
expected_passes.extend(tls_checks)
|
||||
else:
|
||||
expected_failures.extend(tls_checks)
|
||||
|
||||
for unit in zaza.model.get_units(self.application_name,
|
||||
model_name=self.model_name):
|
||||
@@ -519,4 +526,4 @@ class SecurityTests(test_utils.OpenStackBaseTest):
|
||||
action_params={}),
|
||||
expected_passes,
|
||||
expected_failures,
|
||||
expected_to_pass=False)
|
||||
expected_to_pass=not len(expected_failures))
|
||||
|
||||
Reference in New Issue
Block a user