Add doctor tests on security_compliance and rename
This patch adds symptom tests for the checks in doctor security_compliance. In addition, this renames one security compliance symptom to follow the convention of the other symptom names Change-Id: Ic47404021c328f74523b00b67cb7d25d43022039 Partial-Bug: #1641621
This commit is contained in:
parent
3f850d5d00
commit
e4ecc046c8
|
@ -18,7 +18,7 @@ import keystone.conf
|
|||
CONF = keystone.conf.CONF
|
||||
|
||||
|
||||
def symptom_minimum_password_age_should_be_less_than_password_expires_days():
|
||||
def symptom_minimum_password_age_greater_than_expires_days():
|
||||
"""Minimum password age should be less than the password expires days.
|
||||
|
||||
If the minimum password age is greater than or equal to the password
|
||||
|
|
|
@ -28,6 +28,7 @@ from keystone.cmd import cli
|
|||
from keystone.cmd.doctor import caching
|
||||
from keystone.cmd.doctor import debug
|
||||
from keystone.cmd.doctor import federation
|
||||
from keystone.cmd.doctor import security_compliance
|
||||
from keystone.common import dependency
|
||||
from keystone.common.sql import upgrades
|
||||
import keystone.conf
|
||||
|
@ -785,3 +786,109 @@ class FederationDoctorTests(unit.TestCase):
|
|||
self.config_fixture.config(group='saml', keyfile='signing_key.pem')
|
||||
self.assertFalse(
|
||||
federation.symptom_comma_in_SAML_private_key_file_path())
|
||||
|
||||
|
||||
class SecurityComplianceDoctorTests(unit.TestCase):
|
||||
|
||||
def test_minimum_password_age_greater_than_password_expires_days(self):
|
||||
# Symptom Detected: Minimum password age is greater than the password
|
||||
# expires days. Both values are positive integers greater than zero.
|
||||
self.config_fixture.config(group='security_compliance',
|
||||
minimum_password_age=2)
|
||||
self.config_fixture.config(group='security_compliance',
|
||||
password_expires_days=1)
|
||||
self.assertTrue(
|
||||
security_compliance.
|
||||
symptom_minimum_password_age_greater_than_expires_days())
|
||||
|
||||
def test_minimum_password_age_equal_to_password_expires_days(self):
|
||||
# Symptom Detected: Minimum password age is equal to the password
|
||||
# expires days. Both values are positive integers greater than zero.
|
||||
self.config_fixture.config(group='security_compliance',
|
||||
minimum_password_age=1)
|
||||
self.config_fixture.config(group='security_compliance',
|
||||
password_expires_days=1)
|
||||
self.assertTrue(
|
||||
security_compliance.
|
||||
symptom_minimum_password_age_greater_than_expires_days())
|
||||
|
||||
def test_minimum_password_age_less_than_password_expires_days(self):
|
||||
# No Symptom Detected: Minimum password age is less than password
|
||||
# expires days. Both values are positive integers greater than zero.
|
||||
self.config_fixture.config(group='security_compliance',
|
||||
minimum_password_age=1)
|
||||
self.config_fixture.config(group='security_compliance',
|
||||
password_expires_days=2)
|
||||
self.assertFalse(
|
||||
security_compliance.
|
||||
symptom_minimum_password_age_greater_than_expires_days())
|
||||
|
||||
def test_minimum_password_age_and_password_expires_days_deactivated(self):
|
||||
# No Symptom Detected: Both values are deactivated to 0
|
||||
self.config_fixture.config(group='security_compliance',
|
||||
minimum_password_age=0)
|
||||
self.config_fixture.config(group='security_compliance',
|
||||
password_expires_days=0)
|
||||
self.assertFalse(
|
||||
security_compliance.
|
||||
symptom_minimum_password_age_greater_than_expires_days())
|
||||
|
||||
def test_invalid_password_regular_expression(self):
|
||||
# Symptom Detected: Regular expression is invalid
|
||||
self.config_fixture.config(
|
||||
group='security_compliance',
|
||||
password_regex='^^(??=.*\d)$')
|
||||
self.assertTrue(
|
||||
security_compliance.symptom_invalid_password_regular_expression())
|
||||
|
||||
def test_valid_password_regular_expression(self):
|
||||
# No Symptom Detected: Regular expression is valid
|
||||
self.config_fixture.config(
|
||||
group='security_compliance',
|
||||
password_regex='^(?=.*\d)(?=.*[a-zA-Z]).{7,}$')
|
||||
self.assertFalse(
|
||||
security_compliance.symptom_invalid_password_regular_expression())
|
||||
|
||||
def test_password_regular_expression_deactivated(self):
|
||||
# No Symptom Detected: Regular expression deactivated to None
|
||||
self.config_fixture.config(
|
||||
group='security_compliance',
|
||||
password_regex=None)
|
||||
self.assertFalse(
|
||||
security_compliance.symptom_invalid_password_regular_expression())
|
||||
|
||||
def test_password_regular_expression_description_not_set(self):
|
||||
# Symptom Detected: Regular expression is set but description is not
|
||||
self.config_fixture.config(
|
||||
group='security_compliance',
|
||||
password_regex='^(?=.*\d)(?=.*[a-zA-Z]).{7,}$')
|
||||
self.config_fixture.config(
|
||||
group='security_compliance',
|
||||
password_regex_description=None)
|
||||
self.assertTrue(
|
||||
security_compliance.
|
||||
symptom_password_regular_expression_description_not_set())
|
||||
|
||||
def test_password_regular_expression_description_set(self):
|
||||
# No Symptom Detected: Regular expression and description are set
|
||||
desc = '1 letter, 1 digit, and a minimum length of 7 is required'
|
||||
self.config_fixture.config(
|
||||
group='security_compliance',
|
||||
password_regex='^(?=.*\d)(?=.*[a-zA-Z]).{7,}$')
|
||||
self.config_fixture.config(
|
||||
group='security_compliance',
|
||||
password_regex_description=desc)
|
||||
self.assertFalse(
|
||||
security_compliance.
|
||||
symptom_password_regular_expression_description_not_set())
|
||||
|
||||
def test_password_regular_expression_description_deactivated(self):
|
||||
# No Symptom Detected: Regular expression and description are
|
||||
# deactivated to None
|
||||
self.config_fixture.config(
|
||||
group='security_compliance', password_regex=None)
|
||||
self.config_fixture.config(
|
||||
group='security_compliance', password_regex_description=None)
|
||||
self.assertFalse(
|
||||
security_compliance.
|
||||
symptom_password_regular_expression_description_not_set())
|
||||
|
|
Loading…
Reference in New Issue