From bf80ee01bb9aa9366eac533ea32e44ab0729906b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Piwowarski?= Date: Thu, 20 Apr 2023 12:00:47 +0200 Subject: [PATCH] Add enable_certificate_validation config option This patch adds enable_certificate_validation config option. This option can be used to skip tests that rely on image signature certificate validation being enabled on the test environment (test_signed_image_invalid_cert_boot_failure). Change-Id: Id4134a2e87378487baa9e3d5f49e7ded48daa765 --- barbican_tempest_plugin/config.py | 4 ++++ .../tests/scenario/test_certificate_validation.py | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/barbican_tempest_plugin/config.py b/barbican_tempest_plugin/config.py index da78d15..76999b9 100644 --- a/barbican_tempest_plugin/config.py +++ b/barbican_tempest_plugin/config.py @@ -90,6 +90,10 @@ ImageSignatureVerificationGroup = [ default=True, help="Does the test environment enforce glance image " "verification?"), + cfg.BoolOpt('certificate_validation', + default=True, + help="Does the test environment enforce image signature" + "certificate validation?") ] barbican_rbac_scope_verification_group = cfg.OptGroup( diff --git a/barbican_tempest_plugin/tests/scenario/test_certificate_validation.py b/barbican_tempest_plugin/tests/scenario/test_certificate_validation.py index e64952c..2f22329 100644 --- a/barbican_tempest_plugin/tests/scenario/test_certificate_validation.py +++ b/barbican_tempest_plugin/tests/scenario/test_certificate_validation.py @@ -11,6 +11,7 @@ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. +import testtools from oslo_log import log as logging from tempest.common import utils @@ -79,6 +80,9 @@ class CertificateValidationTest(barbican_manager.BarbicanScenarioTest): @decorators.idempotent_id('6d354881-35a6-4568-94b8-2204bbf67b29') @utils.services('compute', 'image') + @testtools.skipUnless( + CONF.image_signature_verification.certificate_validation, + "Image signature certificate validation is not enforced") def test_signed_image_invalid_cert_boot_failure(self): """Test that Nova refuses to boot an unvalidated signed image.