Merge "Skip failing tests affected by minimum password age"

2023-08-14 16:42:26 +00:00
parent 054c06aec9 702f0befce
commit 5cf76f44e6
3 changed files with 25 additions and 2 deletions
--- a/releasenotes/notes/add-keystone-config-opt-minimum-password-age-426e9d225f743137.yaml
+++ b/releasenotes/notes/add-keystone-config-opt-minimum-password-age-426e9d225f743137.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Adding a new config option `[identity]/user_minimum_password_age`
+    which allows to specify the number of days that a password must
+    be used before the user can change it. For this option to take
+    effect, identity-feature-enabled.security_compliance must be set
+    to True.
--- a/tempest/api/identity/v3/test_users.py
+++ b/tempest/api/identity/v3/test_users.py
@@ -88,6 +88,10 @@ class IdentityV3UsersTest(base.BaseIdentityV3Test):
                      'Skipped because environment has an '
                      'immutable user source and solely '
                      'provides read-only access to users.')
+    @testtools.skipIf(CONF.identity.user_minimum_password_age > 0,
+                      'Skipped because password cannot '
+                      'be changed immediately, resulting '
+                      'in failed password update.')
    def test_user_update_own_password(self):
        """Test updating user's own password"""
        old_pass = self.creds.password
@@ -116,6 +120,10 @@ class IdentityV3UsersTest(base.BaseIdentityV3Test):
                      'Skipped because environment has an '
                      'immutable user source and solely '
                      'provides read-only access to users.')
+    @testtools.skipIf(CONF.identity.user_minimum_password_age > 0,
+                      'Skipped because password cannot '
+                      'be changed immediately, resulting '
+                      'in failed password update.')
    def test_password_history_check_self_service_api(self):
        """Test checking password changing history"""
        old_pass = self.creds.password
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -199,8 +199,15 @@ IdentityGroup = [
                    "default value is 0 meaning disabling this feature. "
                    "NOTE: This config option value must be same as "
                    "keystone.conf: security_compliance.unique_last_password_"
-                    "count otherwise test might fail"
-               ),
+                    "count otherwise test might fail"),
+    cfg.IntOpt('user_minimum_password_age',
+               default=0,
+               help="The number of days that a password must be used before "
+                    "the user can change it. This only takes effect when "
+                    "identity-feature-enabled.security_compliance is set to "
+                    "'True'. For more details, refer to keystone config "
+                    "options "
+                    "keystone.conf:security_compliance.minimum_password_age.")
 ]

 service_clients_group = cfg.OptGroup(name='service-clients',