Extend cinder testing (#13)

* Extend cinder testing * Run sec checklist on all units of application
2019-05-23 13:48:39 +01:00
parent 748d1ba6e1
commit ce9db8434b
1 changed files with 61 additions and 0 deletions
--- a/zaza/openstack/charm_tests/cinder/tests.py
+++ b/zaza/openstack/charm_tests/cinder/tests.py
@@ -17,8 +17,11 @@
 """Encapsulate Cinder testing."""

 import logging
+
+import zaza.model
 import zaza.openstack.charm_tests.test_utils as test_utils
 import zaza.openstack.utilities.openstack as openstack_utils
+import zaza.openstack.charm_tests.glance.setup as glance_setup


 class CinderTests(test_utils.OpenStackBaseTest):
@@ -32,6 +35,8 @@ class CinderTests(test_utils.OpenStackBaseTest):
        super(CinderTests, cls).setUpClass()
        cls.cinder_client = openstack_utils.get_cinder_session_client(
            cls.keystone_session)
+        cls.nova_client = openstack_utils.get_nova_session_client(
+            cls.keystone_session)

    @classmethod
    def tearDown(cls):
@@ -69,6 +74,20 @@ class CinderTests(test_utils.OpenStackBaseTest):
            expected_status="available",
            msg="Volume status wait")

+    def test_105_volume_create_from_img(self):
+        """Test creating a volume from an image."""
+        image = self.nova_client.glance.find_image(
+            glance_setup.LTS_IMAGE_NAME)
+        vol_img = self.cinder_client.volumes.create(
+            name='{}-105-vol-from-img'.format(self.RESOURCE_PREFIX),
+            size=3,
+            imageRef=image.id)
+        openstack_utils.resource_reaches_status(
+            self.cinder_client.volumes,
+            vol_img.id,
+            expected_status="available",
+            msg="Volume status wait")
+
    def test_110_volume_snap_clone(self):
        """Test creating snapshot and build a volume from it."""
        # Create a 1GB
@@ -166,3 +185,45 @@ class CinderTests(test_utils.OpenStackBaseTest):
            services.append('cinder-api')
        with self.pause_resume(services):
            logging.info("Testing pause resume")
+
+
+class SecurityTests(test_utils.OpenStackBaseTest):
+    """Keystone security tests tests."""
+
+    @classmethod
+    def setUpClass(cls):
+        """Run class setup for running Keystone aa-tests."""
+        super(SecurityTests, cls).setUpClass()
+
+    def test_security_checklist(self):
+        """Verify expected state with security-checklist."""
+        # Changes fixing the below expected failures will be made following
+        # this initial work to get validation in. There will be bugs targeted
+        # to each one and resolved independently where possible.
+
+        expected_failures = [
+            'check-max-request-body-size',
+            'is-volume-encryption-enabled',
+            'uses-tls-for-glance',
+            'uses-tls-for-nova',
+            'validate-uses-tls-for-keystone',
+        ]
+        expected_passes = [
+            'validate-file-ownership',
+            'validate-file-permissions',
+            'validate-nas-uses-secure-environment',
+            'validate-uses-keystone',
+        ]
+
+        for unit in zaza.model.get_units('cinder', model_name=self.model_name):
+            logging.info('Running `security-checklist` action'
+                         ' on  unit {}'.format(unit.entity_id))
+            test_utils.audit_assertions(
+                zaza.model.run_action(
+                    unit.entity_id,
+                    'security-checklist',
+                    model_name=self.model_name,
+                    action_params={}),
+                expected_passes,
+                expected_failures,
+                expected_to_pass=False)