diff --git a/zaza/charm_tests/keystone/tests.py b/zaza/charm_tests/keystone/tests.py index 6c0ebb6..05db548 100644 --- a/zaza/charm_tests/keystone/tests.py +++ b/zaza/charm_tests/keystone/tests.py @@ -24,6 +24,7 @@ import zaza.model import zaza.utilities.exceptions as zaza_exceptions import zaza.utilities.juju as juju_utils import zaza.utilities.openstack as openstack_utils +import zaza.utilities.generic as generic_utils from zaza.charm_tests.keystone import ( BaseKeystoneTest, @@ -153,15 +154,7 @@ class CharmOperationTest(BaseKeystoneTest): pprint.pformat(lead_repo))) def test_security_checklist(self): - """Verify expected state with security-checklist""" - logging.info('Running `security-checklist` action on Keystone leader unit') - action = zaza.model.run_action_on_leader( - 'keystone', - 'security-checklist', - action_params={}) - assert action.data["status"] == "failed", \ - "Security check is expected to not pass by default" - results = action.data['results'] + """Verify expected state with security-checklist.""" expected_failures = [ 'check-max-request-body-size', 'disable-admin-token', @@ -169,19 +162,20 @@ class CharmOperationTest(BaseKeystoneTest): 'validate-file-ownership', 'validate-file-permissions', ] - expected_pass = [ + expected_passes = [ 'uses-fernet-token-after-default', 'insecure-debug-is-false', ] - for key, value in results.items(): - if key in expected_failures: - assert "FAIL" in value, "Unexpected test pass: {}".format(key) - if key in expected_pass: - self.assertEqual(value, - "PASS", - "Unexpected failure: {}".format(key)) - assert results['uses-fernet-token-after-default'] == 'PASS' - assert results['insecure-debug-is-false'] == 'PASS' + + logging.info('Running `security-checklist` action' + ' on Keystone leader unit') + generic_utils.audit_assertions( + zaza.model.run_action_on_leader( + 'keystone', + 'security-checklist', + action_params={}), + expected_passes, + expected_failures) class AuthenticationAuthorizationTest(BaseKeystoneTest): diff --git a/zaza/utilities/generic.py b/zaza/utilities/generic.py index e9e9e4c..72c7d21 100644 --- a/zaza/utilities/generic.py +++ b/zaza/utilities/generic.py @@ -68,6 +68,33 @@ def get_network_config(net_topology, ignore_env_vars=False, return net_info +def audit_assertions(action, expected_passes, expected_failures=None): + """Check expected assertion failures in security-checklist actions. + + :param action: Action object from running the security-checklist action + :type action: juju.action.Action + :param expected_passes: List of test names that are expected to pass + :type expected_passes: List(str) + :param expected_failures: List of test names that are expected to fail + :type expexted_failures: List(str) + """ + if expected_failures is None: + expected_failures = [] + if expected_failures: + assert action.data["status"] == "failed", \ + "Security check is not expected to pass by default" + else: + assert action.data["status"] == "completed", \ + "Security check is expected to pass by default" + + results = action.data['results'] + for key, value in results.items(): + if key in expected_failures: + assert "FAIL" in value, "Unexpected test pass: {}".format(key) + if key in expected_passes: + assert value == "PASS", "Unexpected failure: {}".format(key) + + def get_pkg_version(application, pkg): """Return package version.