This task will adapt existing implementation to run full certificate
expiration audit in "health-query-upgrade" and return fail in
_check_alarms in case of existence of any cert alarm in the system.
Both "expiring soon" and "expired" alarms will block upgrades, but
can be skipped with the use of the force flag. This change will also
add a information about certificate expiration alarms to the line
related to existing alarms of the output in "health-query-upgrade".
Note: Now that 'keystone_opt_group' is used for both cert_alarm and
health.py, the variable 'keystone_authtoken' had to be changed
to 'KEYSTONE_AUTHTOKEN' to match with the key that is used by
the CONF object from health.py which is configured as
uppercase in line 118 of openstack.py.
Test Plan:
PASS: Run "health-query-upgrade" with one or more 'expiring soon'or
'expired' alarms and verify that a message is show in
'health-query-upgrade' output saying that there is certificate
expiration alarms.
PASS: Run 'health-query-upgrade' with no active certificate alarm and
verify that no certificate alarms were shown in the output of
'health-query-upgrade'.
PASS: Run 'system upgrade-start' with the --force flag with one or more
certificate alarms and verify that the upgrade can be started
normally.
PASS: Add a new certificate with expiry date of less than 30 days
and run 'health-query-upgrade' before the scheduled full audit
runs and check if the alarm was created and detected by
'health-query-upgrade'.
PASS: Delete secret from a certificate that is monitored by cert-mon
and check if cert-mon was able to reinstall the secret to the
filesystem.
Task: 47478
Story: 2009303
Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Change-Id: Iaba585b6ecd7f63e0ed186f87c7274c4b9778889