openstack/tempest
Code Issues Proposed changes

Skip failing tests affected by minimum password age

Browse Source 
Some identity api tests are failing, when keystone parameter
minimum_password_age is set to value greater than 0. It causes inability
to update user's password more than once per test suite. As in this test
suite it is required total of four times, this patch suggests skipping
these tests to avoid complicated workaround.

This bug has been discussed in several patches [1][2].

Additionaly, config option for user_minimum_password_age is added into
tempest/config.py, to allow users to work with this keystone parameter.

[1] https://review.opendev.org/c/openstack/tempest/+/806671
[2] https://review.opendev.org/c/openstack/tempest/+/838726

Related-Bug: #1946459
Change-Id: I418e4001b0aa27f10a78f3490cc233293c30c274
This commit is contained in:
Katarina Strenkova 2023-08-07 12:53:28 +00:00
parent 47a9c1c1a2
commit 702f0befce
3 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
releasenotes/notes/add-keystone-config-opt-minimum-password-age-426e9d225f743137.yaml Normal file
View File

@ -0,0 +1,8 @@
---
features:
- |
Adding a new config option `[identity]/user_minimum_password_age`
which allows to specify the number of days that a password must
be used before the user can change it. For this option to take
effect, identity-feature-enabled.security_compliance must be set
to True.

8
tempest/api/identity/v3/test_users.py
View File

@ -88,6 +88,10 @@ class IdentityV3UsersTest(base.BaseIdentityV3Test):
'Skipped because environment has an ' 'Skipped because environment has an '
'immutable user source and solely ' 'immutable user source and solely '
'provides read-only access to users.') 'provides read-only access to users.')
@testtools.skipIf(CONF.identity.user_minimum_password_age > 0,
'Skipped because password cannot '
'be changed immediately, resulting '
'in failed password update.')
def test_user_update_own_password(self): def test_user_update_own_password(self):
"""Test updating user's own password""" """Test updating user's own password"""
old_pass = self.creds.password old_pass = self.creds.password
@ -116,6 +120,10 @@ class IdentityV3UsersTest(base.BaseIdentityV3Test):
'Skipped because environment has an ' 'Skipped because environment has an '
'immutable user source and solely ' 'immutable user source and solely '
'provides read-only access to users.') 'provides read-only access to users.')
@testtools.skipIf(CONF.identity.user_minimum_password_age > 0,
'Skipped because password cannot '
'be changed immediately, resulting '
'in failed password update.')
def test_password_history_check_self_service_api(self): def test_password_history_check_self_service_api(self):
"""Test checking password changing history""" """Test checking password changing history"""
old_pass = self.creds.password old_pass = self.creds.password

11
tempest/config.py
View File

@ -199,8 +199,15 @@ IdentityGroup = [
"default value is 0 meaning disabling this feature. " "default value is 0 meaning disabling this feature. "
"NOTE: This config option value must be same as " "NOTE: This config option value must be same as "
"keystone.conf: security_compliance.unique_last_password_" "keystone.conf: security_compliance.unique_last_password_"
"count otherwise test might fail" "count otherwise test might fail"),
), cfg.IntOpt('user_minimum_password_age',
default=0,
help="The number of days that a password must be used before "
"the user can change it. This only takes effect when "
"identity-feature-enabled.security_compliance is set to "
"'True'. For more details, refer to keystone config "
"options "
"keystone.conf:security_compliance.minimum_password_age.")
] ]
service_clients_group = cfg.OptGroup(name='service-clients', service_clients_group = cfg.OptGroup(name='service-clients',