Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / 5cf76f44e6684cb29905253ff4186575217a2c5d^1..5cf76f44e6684cb29905253ff4186575217a2c5d / .
commit5cf76f44e6684cb29905253ff4186575217a2c5d[log] [tgz]
authorZuul <zuul@review.opendev.org>Mon Aug 14 16:42:26 2023 +0000
committerGerrit Code Review <review@openstack.org>Mon Aug 14 16:42:26 2023 +0000
treea5376c26e22deb9df72678ad6cce5679db32e14f
parent054c06aec9b5ba5f7e08833f0d0382260a1a1415 [diff]
parent702f0befcea128ac2bc95bad787d592056f18ad4 [diff]
Merge "Skip failing tests affected by minimum password age"
diff --git a/releasenotes/notes/add-keystone-config-opt-minimum-password-age-426e9d225f743137.yaml b/releasenotes/notes/add-keystone-config-opt-minimum-password-age-426e9d225f743137.yaml
new file mode 100644
index 0000000..06f993e
--- /dev/null
+++ b/releasenotes/notes/add-keystone-config-opt-minimum-password-age-426e9d225f743137.yaml

@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Adding a new config option `[identity]/user_minimum_password_age`
+    which allows to specify the number of days that a password must
+    be used before the user can change it. For this option to take
+    effect, identity-feature-enabled.security_compliance must be set
+    to True.

diff --git a/tempest/api/identity/v3/test_users.py b/tempest/api/identity/v3/test_users.py
index b95bd75..53814ad 100644
--- a/tempest/api/identity/v3/test_users.py
+++ b/tempest/api/identity/v3/test_users.py

@@ -88,6 +88,10 @@
                       'Skipped because environment has an '
                       'immutable user source and solely '
                       'provides read-only access to users.')
+    @testtools.skipIf(CONF.identity.user_minimum_password_age > 0,
+                      'Skipped because password cannot '
+                      'be changed immediately, resulting '
+                      'in failed password update.')
     def test_user_update_own_password(self):
         """Test updating user's own password"""
         old_pass = self.creds.password
@@ -116,6 +120,10 @@
                       'Skipped because environment has an '
                       'immutable user source and solely '
                       'provides read-only access to users.')
+    @testtools.skipIf(CONF.identity.user_minimum_password_age > 0,
+                      'Skipped because password cannot '
+                      'be changed immediately, resulting '
+                      'in failed password update.')
     def test_password_history_check_self_service_api(self):
         """Test checking password changing history"""
         old_pass = self.creds.password

diff --git a/tempest/config.py b/tempest/config.py
index a174fdd..5107726 100644
--- a/tempest/config.py
+++ b/tempest/config.py

@@ -199,8 +199,15 @@
                     "default value is 0 meaning disabling this feature. "
                     "NOTE: This config option value must be same as "
                     "keystone.conf: security_compliance.unique_last_password_"
-                    "count otherwise test might fail"
-               ),
+                    "count otherwise test might fail"),
+    cfg.IntOpt('user_minimum_password_age',
+               default=0,
+               help="The number of days that a password must be used before "
+                    "the user can change it. This only takes effect when "
+                    "identity-feature-enabled.security_compliance is set to "
+                    "'True'. For more details, refer to keystone config "
+                    "options "
+                    "keystone.conf:security_compliance.minimum_password_age.")
 ]
 
 service_clients_group = cfg.OptGroup(name='service-clients',