Add config option to skip cert tag verification

When we have TLS-E with public certs, some certs may be not be
provided  by certmonger.  We add a skip list that should be
configured in that case to skip tests for whether a cert tag is
tracked by certmonger for those certs.

The parameter is tripleo_exclude_cert_tags and it is expected to
be a list of cert_tags.  For the case of public TLS +TLS-E, we
expect that to include the haproxy-external-cert

Change-Id: Ia1c609b0d6da4272ee4cd510955b210706767b57

novajoin_tempest_plugin/config.py

@@ -52,6 +52,9 @@ NovajoinGroup = [
     cfg.ListOpt('tripleo_computes',
                 default=['overcloud-novacompute-0'],
                 help='List of overcloud compute short host names'),
+    cfg.ListOpt('tripleo_exclude_cert_tags',
+                default=[],
+                help='List of tags to exclude from certmonger checks'),
     cfg.StrOpt('tripleo_undercloud',
                default='undercloud',
                help='Undercloud short host name'),

novajoin_tempest_plugin/tests/scenario/test_tripleo_deployment.py

@@ -139,11 +139,12 @@ class TripleOTest(novajoin_manager.NovajoinScenarioTest):
         for host in CONF.novajoin.tripleo_controllers:
             server_ip = self.get_overcloud_server_ip(host)
             for tag in CONTROLLER_CERT_TAGS:
-                self.verify_overcloud_cert_tracked(
+                if tag not in CONF.novajoin.tripleo_exclude_cert_tags:
-                    server_ip,
+                    self.verify_overcloud_cert_tracked(
-                    self.get_ssh_user(),
+                        server_ip,
-                    tag
+                        self.get_ssh_user(),
-                )
+                        tag
+                    )
 
     def test_verify_compute_certs_are_tracked(self):
         for host in CONF.novajoin.tripleo_computes: