Merge "Add option to toggle validation of signed image"
diff --git a/barbican_tempest_plugin/config.py b/barbican_tempest_plugin/config.py
index eae7a17..0c4a2ac 100644
--- a/barbican_tempest_plugin/config.py
+++ b/barbican_tempest_plugin/config.py
@@ -43,3 +43,14 @@
default=256,
help="The key size used to encrypt ephemeral storage."),
]
+
+image_signature_verification_group = cfg.OptGroup(
+ name="image_signature_verification",
+ title="Image Signature Verification Options")
+
+ImageSignatureVerificationGroup = [
+ cfg.BoolOpt('enforced',
+ default=True,
+ help="Does the test environment enforce glance image "
+ "verification?"),
+]
diff --git a/barbican_tempest_plugin/plugin.py b/barbican_tempest_plugin/plugin.py
index a586eb0..1914ecb 100644
--- a/barbican_tempest_plugin/plugin.py
+++ b/barbican_tempest_plugin/plugin.py
@@ -37,6 +37,8 @@
conf.register_group(project_config.ephemeral_storage_encryption_group)
conf.register_opts(project_config.EphemeralStorageEncryptionGroup,
project_config.ephemeral_storage_encryption_group)
+ conf.register_opts(project_config.ImageSignatureVerificationGroup,
+ project_config.image_signature_verification_group)
def get_opt_lists(self):
return [('service_available', [project_config.service_option])]
diff --git a/barbican_tempest_plugin/tests/scenario/test_image_signing.py b/barbican_tempest_plugin/tests/scenario/test_image_signing.py
index 794d33e..191b613 100644
--- a/barbican_tempest_plugin/tests/scenario/test_image_signing.py
+++ b/barbican_tempest_plugin/tests/scenario/test_image_signing.py
@@ -70,6 +70,10 @@
* Attempt to boot the incorrectly signed image
* Confirm an exception is thrown
"""
+ if not CONF.image_signature_verification.enforced:
+ raise self.skipException("Image signature verification is not "
+ "enforced in this environment")
+
img_uuid = self.sign_and_upload_image()
LOG.debug("Modifying image signature to be incorrect")