Add option to toggle validation of signed image
Without this patch, if the barbican tempest plugin is installed in an
environment running with `[glance]/verify_glance_signatures] set to
false in nova.conf, which is the default value, the test will fail.
Enabling glance signature verification unconditionally in order to
support this test is not realistic, as it then prevents users from
booting from unsigned images which may not always be desired. This patch
adds a configuration option to allow for disabling the
`test_signed_image_upload_boot_failure` test, so that we can still run
the majority of the plugin tests for a standard environment with default
nova configuration. The new option defaults to `True`, meaning assume
that nova's configuration has been overrridden to enforce image
verification, which allows the barbican CI to run as normal with no
configuration changes, but it allows operators to explicitly disable the
test as needed.
Change-Id: Ibb5c06ce2773e0ee13bda97717e8e18e77e0be7c
diff --git a/barbican_tempest_plugin/plugin.py b/barbican_tempest_plugin/plugin.py
index a586eb0..1914ecb 100644
--- a/barbican_tempest_plugin/plugin.py
+++ b/barbican_tempest_plugin/plugin.py
@@ -37,6 +37,8 @@
conf.register_group(project_config.ephemeral_storage_encryption_group)
conf.register_opts(project_config.EphemeralStorageEncryptionGroup,
project_config.ephemeral_storage_encryption_group)
+ conf.register_opts(project_config.ImageSignatureVerificationGroup,
+ project_config.image_signature_verification_group)
def get_opt_lists(self):
return [('service_available', [project_config.service_option])]