From 96a8212eb5e9be25042d8f759d25856c49cfdf1e Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Wed, 12 Aug 2020 13:50:28 -0400
Subject: [PATCH] Add config option to skip cert tag verification

When we have TLS-E with public certs, some certs may be not be
provided  by certmonger.  We add a skip list that should be
configured in that case to skip tests for whether a cert tag is
tracked by certmonger for those certs.

The parameter is tripleo_exclude_cert_tags and it is expected to
be a list of cert_tags.  For the case of public TLS +TLS-E, we
expect that to include the haproxy-external-cert

Change-Id: Ia1c609b0d6da4272ee4cd510955b210706767b57
---
 novajoin_tempest_plugin/config.py                     |  3 +++
 .../tests/scenario/test_tripleo_deployment.py         | 11 ++++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/novajoin_tempest_plugin/config.py b/novajoin_tempest_plugin/config.py
index b949887..9493c88 100644
--- a/novajoin_tempest_plugin/config.py
+++ b/novajoin_tempest_plugin/config.py
@@ -52,6 +52,9 @@ NovajoinGroup = [
     cfg.ListOpt('tripleo_computes',
                 default=['overcloud-novacompute-0'],
                 help='List of overcloud compute short host names'),
+    cfg.ListOpt('tripleo_exclude_cert_tags',
+                default=[],
+                help='List of tags to exclude from certmonger checks'),
     cfg.StrOpt('tripleo_undercloud',
                default='undercloud',
                help='Undercloud short host name'),
diff --git a/novajoin_tempest_plugin/tests/scenario/test_tripleo_deployment.py b/novajoin_tempest_plugin/tests/scenario/test_tripleo_deployment.py
index 0d9a0b5..d217d29 100644
--- a/novajoin_tempest_plugin/tests/scenario/test_tripleo_deployment.py
+++ b/novajoin_tempest_plugin/tests/scenario/test_tripleo_deployment.py
@@ -139,11 +139,12 @@ class TripleOTest(novajoin_manager.NovajoinScenarioTest):
         for host in CONF.novajoin.tripleo_controllers:
             server_ip = self.get_overcloud_server_ip(host)
             for tag in CONTROLLER_CERT_TAGS:
-                self.verify_overcloud_cert_tracked(
-                    server_ip,
-                    self.get_ssh_user(),
-                    tag
-                )
+                if tag not in CONF.novajoin.tripleo_exclude_cert_tags:
+                    self.verify_overcloud_cert_tracked(
+                        server_ip,
+                        self.get_ssh_user(),
+                        tag
+                    )
 
     def test_verify_compute_certs_are_tracked(self):
         for host in CONF.novajoin.tripleo_computes: