Unhardcoded [security_compliance] section.
Change-Id: I075e4b7171e037e656f0ee330dbfb1cb15836d2c
Related-PROD: PROD-26638
Related-PROD: PROD-27663
diff --git a/tests/integration/ocata/single/config_spec.rb b/tests/integration/ocata/single/config_spec.rb
index 3975487..acead69 100644
--- a/tests/integration/ocata/single/config_spec.rb
+++ b/tests/integration/ocata/single/config_spec.rb
@@ -118,6 +118,18 @@
'remote_id_attribute' => 'HTTP_OIDC_ISS'
}
+keystone_security_compliance = {
+ 'disable_user_account_days_inactive' => '90',
+ 'lockout_failure_attempts' => '5',
+ 'lockout_duration' => '600',
+ 'password_expires_days' => '90',
+ 'unique_last_password_count' => '10',
+ 'minimum_password_age' => '0',
+ 'password_regex' => '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$',
+ 'password_regex_description' => 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters',
+ 'change_password_upon_first_use' => 'True',
+}
+
keystone_federation = {
'cache_group_membership_in_db' => 'True',
}
@@ -215,6 +227,9 @@
its('saml2') {
should include(keystone_saml2)
}
+ its('security_compliance') {
+ should include(keystone_security_compliance)
+ }
its('federation') {
should include(keystone_federation)
}
diff --git a/tests/integration/pike/single/config_spec.rb b/tests/integration/pike/single/config_spec.rb
index 5937921..7f7bd01 100644
--- a/tests/integration/pike/single/config_spec.rb
+++ b/tests/integration/pike/single/config_spec.rb
@@ -118,6 +118,18 @@
'remote_id_attribute' => 'HTTP_OIDC_ISS'
}
+keystone_security_compliance = {
+ 'disable_user_account_days_inactive' => '90',
+ 'lockout_failure_attempts' => '5',
+ 'lockout_duration' => '600',
+ 'password_expires_days' => '90',
+ 'unique_last_password_count' => '10',
+ 'minimum_password_age' => '0',
+ 'password_regex' => '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$',
+ 'password_regex_description' => 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters',
+ 'change_password_upon_first_use' => 'True',
+}
+
keystone_federation = {
'cache_group_membership_in_db' => 'True',
}
@@ -215,6 +227,9 @@
its('saml2') {
should include(keystone_saml2)
}
+ its('security_compliance') {
+ should include(keystone_security_compliance)
+ }
its('federation') {
should include(keystone_federation)
}
diff --git a/tests/integration/queens/single/config_spec.rb b/tests/integration/queens/single/config_spec.rb
index d47ef22..cda5269 100644
--- a/tests/integration/queens/single/config_spec.rb
+++ b/tests/integration/queens/single/config_spec.rb
@@ -170,6 +170,18 @@
'remote_id_attribute' => 'HTTP_OIDC_ISS'
}
+keystone_security_compliance = {
+ 'disable_user_account_days_inactive' => '90',
+ 'lockout_failure_attempts' => '5',
+ 'lockout_duration' => '600',
+ 'password_expires_days' => '90',
+ 'unique_last_password_count' => '10',
+ 'minimum_password_age' => '0',
+ 'password_regex' => '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$',
+ 'password_regex_description' => 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters',
+ 'change_password_upon_first_use' => 'True',
+}
+
keystone_federation = {
'cache_group_membership_in_db' => 'True',
}
@@ -267,6 +279,9 @@
its('saml2') {
should include(keystone_saml2)
}
+ its('security_compliance') {
+ should include(keystone_security_compliance)
+ }
its('federation') {
should include(keystone_federation)
}
diff --git a/tests/integration/rocky/single/config_spec.rb b/tests/integration/rocky/single/config_spec.rb
index bbff67d..e07be3e 100644
--- a/tests/integration/rocky/single/config_spec.rb
+++ b/tests/integration/rocky/single/config_spec.rb
@@ -142,6 +142,18 @@
'remote_id_attribute' => 'HTTP_OIDC_ISS'
}
+keystone_security_compliance = {
+ 'disable_user_account_days_inactive' => '90',
+ 'lockout_failure_attempts' => '5',
+ 'lockout_duration' => '600',
+ 'password_expires_days' => '90',
+ 'unique_last_password_count' => '10',
+ 'minimum_password_age' => '0',
+ 'password_regex' => '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$',
+ 'password_regex_description' => 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters',
+ 'change_password_upon_first_use' => 'True',
+}
+
keystone_federation = {
'cache_group_membership_in_db' => 'True',
}
@@ -239,6 +251,9 @@
its('saml2') {
should include(keystone_saml2)
}
+ its('security_compliance') {
+ should include(keystone_security_compliance)
+ }
its('federation') {
should include(keystone_federation)
}
diff --git a/tests/pillar/cluster.sls b/tests/pillar/cluster.sls
index d00b666..24b17f4 100644
--- a/tests/pillar/cluster.sls
+++ b/tests/pillar/cluster.sls
@@ -28,6 +28,16 @@
location: /etc/keystone/fernet-keys/
notification: false
notification_format: cadf
+ security_compliance:
+ disable_user_account_days_inactive: 90
+ lockout_failure_attempts: 5
+ lockout_duration: 600
+ password_expires_days: 90
+ unique_last_password_count: 10
+ minimum_password_age: 0
+ password_regex: '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$'
+ password_regex_description: 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters'
+ change_password_upon_first_use: True
logging:
log_appender: false
log_handlers:
diff --git a/tests/pillar/single.sls b/tests/pillar/single.sls
index 052657f..f870998 100644
--- a/tests/pillar/single.sls
+++ b/tests/pillar/single.sls
@@ -73,6 +73,16 @@
allow_expired_window: 86400
notification: true
notification_format: cadf
+ security_compliance:
+ disable_user_account_days_inactive: 90
+ lockout_failure_attempts: 5
+ lockout_duration: 600
+ password_expires_days: 90
+ unique_last_password_count: 10
+ minimum_password_age: 0
+ password_regex: '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$'
+ password_regex_description: 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters'
+ change_password_upon_first_use: True
logging:
debug: true
log_file: 'logfile.log'