Add enable_certificate_validation config option

This patch adds enable_certificate_validation config option. This option can be used to skip tests that rely on image signature certificate validation being enabled on the test environment (test_signed_image_invalid_cert_boot_failure). Change-Id: Id4134a2e87378487baa9e3d5f49e7ded48daa765
2023-04-20 12:00:47 +02:00 · 2023-04-20 12:00:47 +02:00 · bf80ee01bb
commit bf80ee01bb
parent 01da5615db
2 changed files with 8 additions and 0 deletions
--- a/barbican_tempest_plugin/config.py
+++ b/barbican_tempest_plugin/config.py
@ -90,6 +90,10 @@ ImageSignatureVerificationGroup = [
                default=True,
                help="Does the test environment enforce glance image "
                     "verification?"),
+    cfg.BoolOpt('certificate_validation',
+                default=True,
+                help="Does the test environment enforce image signature"
+                     "certificate validation?")
 ]

 barbican_rbac_scope_verification_group = cfg.OptGroup(
--- a/barbican_tempest_plugin/tests/scenario/test_certificate_validation.py
+++ b/barbican_tempest_plugin/tests/scenario/test_certificate_validation.py
@ -11,6 +11,7 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
+import testtools

 from oslo_log import log as logging
 from tempest.common import utils
@ -79,6 +80,9 @@ class CertificateValidationTest(barbican_manager.BarbicanScenarioTest):

    @decorators.idempotent_id('6d354881-35a6-4568-94b8-2204bbf67b29')
    @utils.services('compute', 'image')
+    @testtools.skipUnless(
+        CONF.image_signature_verification.certificate_validation,
+        "Image signature certificate validation is not enforced")
    def test_signed_image_invalid_cert_boot_failure(self):
        """Test that Nova refuses to boot an unvalidated signed image.