Browse Source

Add config option to skip cert tag verification

When we have TLS-E with public certs, some certs may be not be
provided  by certmonger.  We add a skip list that should be
configured in that case to skip tests for whether a cert tag is
tracked by certmonger for those certs.

The parameter is tripleo_exclude_cert_tags and it is expected to
be a list of cert_tags.  For the case of public TLS +TLS-E, we
expect that to include the haproxy-external-cert

Change-Id: Ia1c609b0d6da4272ee4cd510955b210706767b57
tags/0.0.2^0
Ade Lee 1 month ago
parent
commit
96a8212eb5
2 changed files with 9 additions and 5 deletions
  1. +3
    -0
      novajoin_tempest_plugin/config.py
  2. +6
    -5
      novajoin_tempest_plugin/tests/scenario/test_tripleo_deployment.py

+ 3
- 0
novajoin_tempest_plugin/config.py View File

@@ -52,6 +52,9 @@ NovajoinGroup = [
cfg.ListOpt('tripleo_computes',
default=['overcloud-novacompute-0'],
help='List of overcloud compute short host names'),
cfg.ListOpt('tripleo_exclude_cert_tags',
default=[],
help='List of tags to exclude from certmonger checks'),
cfg.StrOpt('tripleo_undercloud',
default='undercloud',
help='Undercloud short host name'),


+ 6
- 5
novajoin_tempest_plugin/tests/scenario/test_tripleo_deployment.py View File

@@ -139,11 +139,12 @@ class TripleOTest(novajoin_manager.NovajoinScenarioTest):
for host in CONF.novajoin.tripleo_controllers:
server_ip = self.get_overcloud_server_ip(host)
for tag in CONTROLLER_CERT_TAGS:
self.verify_overcloud_cert_tracked(
server_ip,
self.get_ssh_user(),
tag
)
if tag not in CONF.novajoin.tripleo_exclude_cert_tags:
self.verify_overcloud_cert_tracked(
server_ip,
self.get_ssh_user(),
tag
)

def test_verify_compute_certs_are_tracked(self):
for host in CONF.novajoin.tripleo_computes:


Loading…
Cancel
Save