Merge "Add option to toggle validation of signed image"

barbican_tempest_plugin/config.py

@@ -43,3 +43,14 @@ EphemeralStorageEncryptionGroup = [
                default=256,
                help="The key size used to encrypt ephemeral storage."),
 ]
+
+image_signature_verification_group = cfg.OptGroup(
+    name="image_signature_verification",
+    title="Image Signature Verification Options")
+
+ImageSignatureVerificationGroup = [
+    cfg.BoolOpt('enforced',
+                default=True,
+                help="Does the test environment enforce glance image "
+                     "verification?"),
+]

barbican_tempest_plugin/plugin.py

@@ -37,6 +37,8 @@ class BarbicanTempestPlugin(plugins.TempestPlugin):
         conf.register_group(project_config.ephemeral_storage_encryption_group)
         conf.register_opts(project_config.EphemeralStorageEncryptionGroup,
                            project_config.ephemeral_storage_encryption_group)
+        conf.register_opts(project_config.ImageSignatureVerificationGroup,
+                           project_config.image_signature_verification_group)
 
     def get_opt_lists(self):
         return [('service_available', [project_config.service_option])]

barbican_tempest_plugin/tests/scenario/test_image_signing.py

@@ -70,6 +70,10 @@ class ImageSigningTest(barbican_manager.BarbicanScenarioTest):
             * Attempt to boot the incorrectly signed image
             * Confirm an exception is thrown
         """
+        if not CONF.image_signature_verification.enforced:
+            raise self.skipException("Image signature verification is not "
+                                     "enforced in this environment")
+
         img_uuid = self.sign_and_upload_image()
 
         LOG.debug("Modifying image signature to be incorrect")