Tempest config options for security compliance Change-Id: I568833306a126f9a6a14e3f84fb266956cdd0b28 Related-prod: PROD-30608 (cherry picked from commit 7e4d7fa75a4d0ac6f426fbd4153440f68f03acf8)

commit: c9e5b18c27d9a26d7c491fa2a30277d779225f4b [log] [tgz]
author: Maksym Shalamov <mshalamov@mirantis.com> Tue Jun 04 17:38:03 2019 +0300
committer: Maksym Shalamov <mshalamov@mirantis.com> Thu Jun 06 15:31:14 2019 +0300
tree: c001017f0f6b6af07951f3f687d4cd6209872b99
parent: 01fecf5e5a22627724fc0bd185953dc5b950069e [diff]
diff --git a/_modules/runtest/tempest_sections/identity.py b/_modules/runtest/tempest_sections/identity.py
index 400830b..7864cda 100644
--- a/_modules/runtest/tempest_sections/identity.py
+++ b/_modules/runtest/tempest_sections/identity.py

@@ -84,17 +84,27 @@
             'keystone.server.bind.private_port', c)
         return "{}://{}:{}/v3".format(protocol, vip, port)
 
+    def _get_security_compliance_value(self, name):
+        c = conditions.BaseRule('keystone.server.enabled', 'eq', True)
+        security_compliance = self.get_item_when_condition_match(
+            'keystone.server.security_compliance', c)
+
+        if not security_compliance:
+            return
+
+        return security_compliance.get(name)
+
     @property
     def user_lockout_duration(self):
-        pass
+        return self._get_security_compliance_value('lockout_duration')
 
     @property
     def user_lockout_failure_attempts(self):
-        pass
+        return self._get_security_compliance_value('lockout_failure_attempts')
 
     @property
     def user_unique_last_password_count(self):
-        pass
+        return self._get_security_compliance_value('unique_last_password_count')
 
     @property
     def v2_admin_endpoint_type(self):

diff --git a/_modules/runtest/tempest_sections/identity_feature_enabled.py b/_modules/runtest/tempest_sections/identity_feature_enabled.py
index 166bebd..b105e4d 100644
--- a/_modules/runtest/tempest_sections/identity_feature_enabled.py
+++ b/_modules/runtest/tempest_sections/identity_feature_enabled.py

@@ -1,6 +1,8 @@
 
 import base_section
 
+from runtest import conditions
+
 class IdentityFeatureEnabled(base_section.BaseSection):
 
     name = "identity-feature-enabled"
@@ -34,7 +36,11 @@
 
     @property
     def domain_specific_drivers(self):
-        pass
+        c = conditions.BaseRule('keystone.server.enabled', 'eq', True)
+        keystone_domain = self.get_item_when_condition_match(
+            'keystone.server.domain', c)
+        if keystone_domain:
+            return True
 
     @property
     def forbid_global_implied_dsr(self):
@@ -42,7 +48,11 @@
 
     @property
     def security_compliance(self):
-        pass
+        c = conditions.BaseRule('keystone.server.enabled', 'eq', True)
+        security_compliance = self.get_item_when_condition_match(
+            'keystone.server.security_compliance', c)
+        if security_compliance:
+            return True
 
     @property
     def trust(self):
commit	c9e5b18c27d9a26d7c491fa2a30277d779225f4b	[log] [tgz]
author	Maksym Shalamov <mshalamov@mirantis.com>	Tue Jun 04 17:38:03 2019 +0300
committer	Maksym Shalamov <mshalamov@mirantis.com>	Thu Jun 06 15:31:14 2019 +0300
tree	c001017f0f6b6af07951f3f687d4cd6209872b99
parent	01fecf5e5a22627724fc0bd185953dc5b950069e [diff]