Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / runtest / 7e4d7fa75a4d0ac6f426fbd4153440f68f03acf8^! / .
commit7e4d7fa75a4d0ac6f426fbd4153440f68f03acf8[log] [tgz]
authorMaksym Shalamov <mshalamov@mirantis.com>Tue Jun 04 17:38:03 2019 +0300
committerMaksym Shalamov <mshalamov@mirantis.com>Thu Jun 06 11:42:18 2019 +0300
tree26f2dfe34986778af516112bd36164562dac02af
parent66e204c1565eb7719b9930bdb8be6221f8373066 [diff]
Tempest config options for security complaince

Change-Id: I568833306a126f9a6a14e3f84fb266956cdd0b28
Related-prod: PROD-30608

diff --git a/_modules/runtest/tempest_sections/identity.py b/_modules/runtest/tempest_sections/identity.py
index 400830b..7864cda 100644
--- a/_modules/runtest/tempest_sections/identity.py
+++ b/_modules/runtest/tempest_sections/identity.py

@@ -84,17 +84,27 @@
             'keystone.server.bind.private_port', c)
         return "{}://{}:{}/v3".format(protocol, vip, port)
 
+    def _get_security_compliance_value(self, name):
+        c = conditions.BaseRule('keystone.server.enabled', 'eq', True)
+        security_compliance = self.get_item_when_condition_match(
+            'keystone.server.security_compliance', c)
+
+        if not security_compliance:
+            return
+
+        return security_compliance.get(name)
+
     @property
     def user_lockout_duration(self):
-        pass
+        return self._get_security_compliance_value('lockout_duration')
 
     @property
     def user_lockout_failure_attempts(self):
-        pass
+        return self._get_security_compliance_value('lockout_failure_attempts')
 
     @property
     def user_unique_last_password_count(self):
-        pass
+        return self._get_security_compliance_value('unique_last_password_count')
 
     @property
     def v2_admin_endpoint_type(self):

diff --git a/_modules/runtest/tempest_sections/identity_feature_enabled.py b/_modules/runtest/tempest_sections/identity_feature_enabled.py
index e3fd4e2..fa9d66f 100644
--- a/_modules/runtest/tempest_sections/identity_feature_enabled.py
+++ b/_modules/runtest/tempest_sections/identity_feature_enabled.py

@@ -1,10 +1,9 @@
-
 import base_section
 
 from runtest import conditions
 
-class IdentityFeatureEnabled(base_section.BaseSection):
 
+class IdentityFeatureEnabled(base_section.BaseSection):
     name = "identity-feature-enabled"
     options = [
         'api_extensions',
@@ -17,7 +16,6 @@
         'trust',
     ]
 
-
     @property
     def api_extensions(self):
         pass
@@ -37,9 +35,10 @@
     @property
     def domain_specific_drivers(self):
         c = conditions.BaseRule('keystone.server.enabled', 'eq', True)
-        keystone_domain = self.get_item_when_condition_match('keystone.server.domain', c)
+        keystone_domain = self.get_item_when_condition_match(
+            'keystone.server.domain', c)
         if keystone_domain:
-           return True
+            return True
 
     @property
     def forbid_global_implied_dsr(self):
@@ -47,7 +46,11 @@
 
     @property
     def security_compliance(self):
-        pass
+        c = conditions.BaseRule('keystone.server.enabled', 'eq', True)
+        security_compliance = self.get_item_when_condition_match(
+            'keystone.server.security_compliance', c)
+        if security_compliance:
+            return True
 
     @property
     def trust(self):