Add config option to skip cert tag verification
When we have TLS-E with public certs, some certs may be not be provided by certmonger. We add a skip list that should be configured in that case to skip tests for whether a cert tag is tracked by certmonger for those certs. The parameter is tripleo_exclude_cert_tags and it is expected to be a list of cert_tags. For the case of public TLS +TLS-E, we expect that to include the haproxy-external-cert Change-Id: Ia1c609b0d6da4272ee4cd510955b210706767b57
This commit is contained in:
parent
c8a180f215
commit
96a8212eb5
|
@ -52,6 +52,9 @@ NovajoinGroup = [
|
|||
cfg.ListOpt('tripleo_computes',
|
||||
default=['overcloud-novacompute-0'],
|
||||
help='List of overcloud compute short host names'),
|
||||
cfg.ListOpt('tripleo_exclude_cert_tags',
|
||||
default=[],
|
||||
help='List of tags to exclude from certmonger checks'),
|
||||
cfg.StrOpt('tripleo_undercloud',
|
||||
default='undercloud',
|
||||
help='Undercloud short host name'),
|
||||
|
|
|
@ -139,11 +139,12 @@ class TripleOTest(novajoin_manager.NovajoinScenarioTest):
|
|||
for host in CONF.novajoin.tripleo_controllers:
|
||||
server_ip = self.get_overcloud_server_ip(host)
|
||||
for tag in CONTROLLER_CERT_TAGS:
|
||||
self.verify_overcloud_cert_tracked(
|
||||
server_ip,
|
||||
self.get_ssh_user(),
|
||||
tag
|
||||
)
|
||||
if tag not in CONF.novajoin.tripleo_exclude_cert_tags:
|
||||
self.verify_overcloud_cert_tracked(
|
||||
server_ip,
|
||||
self.get_ssh_user(),
|
||||
tag
|
||||
)
|
||||
|
||||
def test_verify_compute_certs_are_tracked(self):
|
||||
for host in CONF.novajoin.tripleo_computes:
|
||||
|
|
Loading…
Reference in New Issue