Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / c1714402c4a28bd96ae86c5447ed98169c7f10c4^1..c1714402c4a28bd96ae86c5447ed98169c7f10c4 / .
commitc1714402c4a28bd96ae86c5447ed98169c7f10c4[log] [tgz]
authorZuul <zuul@review.opendev.org>Mon Jun 24 19:18:44 2019 +0000
committerGerrit Code Review <review@openstack.org>Mon Jun 24 19:18:44 2019 +0000
tree2edc580595ab77fe5b30c417cc689464f196733d
parent3eb3c29e979fd3f13c205d62119748952d63054a [diff]
parent7f7c232b29fe4e3f1cb446a810112db43d7dccdc [diff]
Merge "compute: Make image certificate validation a configurable feature"
diff --git a/releasenotes/notes/config_image_certificate_compute_feature-c56efb520d54aff5.yaml b/releasenotes/notes/config_image_certificate_compute_feature-c56efb520d54aff5.yaml
new file mode 100644
index 0000000..8475f50
--- /dev/null
+++ b/releasenotes/notes/config_image_certificate_compute_feature-c56efb520d54aff5.yaml

@@ -0,0 +1,8 @@
+---
+other:
+  - |
+    New configuration options ``[compute]/certified_image_ref`` and
+    ``[compute]/certified_image_trusted_certs`` have been introduced. These
+    are required in order to run the ``ServerShowV263Test`` test and allow a
+    signed image with the required img_signature_* properties set along
+    with a list of trusted certificates to be used during the test.

diff --git a/tempest/api/compute/servers/test_servers.py b/tempest/api/compute/servers/test_servers.py
index e8b1161..91ebbc0 100644
--- a/tempest/api/compute/servers/test_servers.py
+++ b/tempest/api/compute/servers/test_servers.py

@@ -186,10 +186,17 @@
     min_microversion = '2.63'
     max_microversion = 'latest'
 
+    @testtools.skipUnless(CONF.compute.certified_image_ref,
+                          '``[compute]/certified_image_ref`` required to test '
+                          'image certificate validation.')
+    @testtools.skipUnless(CONF.compute.certified_image_trusted_certs,
+                          '``[compute]/certified_image_trusted_certs`` '
+                          'required to test image certificate validation.')
     @decorators.idempotent_id('71b8e3d5-11d2-494f-b917-b094a4afed3c')
     def test_show_update_rebuild_list_server(self):
-        trusted_certs = ['test-cert-1', 'test-cert-2']
+        trusted_certs = CONF.compute.certified_image_trusted_certs
         server = self.create_test_server(
+            imageRef=CONF.compute.certified_image_ref,
             trusted_image_certificates=trusted_certs,
             wait_until='ACTIVE')
 

diff --git a/tempest/config.py b/tempest/config.py
index c608261..4f0774f 100644
--- a/tempest/config.py
+++ b/tempest/config.py

@@ -271,6 +271,17 @@
                help="Valid secondary image reference to be used in tests. "
                     "This is a required option, but if only one image is "
                     "available duplicate the value of image_ref above"),
+    cfg.StrOpt('certified_image_ref',
+               help="Valid image reference to be used in image certificate "
+                    "validation tests when enabled. This image must also "
+                    "have the required img_signature_* properties set. "
+                    "Additional details available within the following Nova "
+                    "documentation: https://docs.openstack.org/nova/latest/"
+                    "user/certificate-validation.html"),
+    cfg.ListOpt('certified_image_trusted_certs',
+                help="A list of trusted certificates to be used when the "
+                     "image certificate validation compute feature is "
+                     "enabled."),
     cfg.StrOpt('flavor_ref',
                default="1",
                help="Valid primary flavor to use in tests."),