Tempest and a few other plugins such as manila-tempest-plugin registers
the option to enable scope enforcement tests in the [enforce_scope]
option. This renames the option so that this plugin follows that
standard.
Change-Id: Ibd6962947c64f04ff1948a19c4afe9f26d0b47bb
This patch adds enable_certificate_validation config option. This option
can be used to skip tests that rely on image signature certificate
validation being enabled on the test environment
(test_signed_image_invalid_cert_boot_failure).
Change-Id: Id4134a2e87378487baa9e3d5f49e7ded48daa765
This patch adds basic RBAC test for the Secret Stores API for
the reader, member and admin personas with project scope.
The tests are skipped by a config option, as they require
the multiple-backends feature to be enabled in barbican.
The devstack instace we're using for gate tests does not have
this enabled, so we default to False for now.
Change-Id: Ibca9d44fb3d0f4fd9945a7e6c636e0fbf6beb42e
Without this patch, if the barbican tempest plugin is installed in an
environment running with `[glance]/verify_glance_signatures] set to
false in nova.conf, which is the default value, the test will fail.
Enabling glance signature verification unconditionally in order to
support this test is not realistic, as it then prevents users from
booting from unsigned images which may not always be desired. This patch
adds a configuration option to allow for disabling the
`test_signed_image_upload_boot_failure` test, so that we can still run
the majority of the plugin tests for a standard environment with default
nova configuration. The new option defaults to `True`, meaning assume
that nova's configuration has been overrridden to enforce image
verification, which allows the barbican CI to run as normal with no
configuration changes, but it allows operators to explicitly disable the
test as needed.
Change-Id: Ibb5c06ce2773e0ee13bda97717e8e18e77e0be7c
Adds ephemeral-disk-encryption group to Barbican Tempest configuration
options.
Enables ephemeral disk encryption for Barbican Tempest tests by updating
pre_test_hook.sh, which is run at the start of relevant gate tests.
Adds an ephemeral disk encryption scenario test to verify the
functionality of encrypted ephemeral storage. The test creates an image,
boots an instance from the created image, and writes to a new file in
the instance. Improper calls to encrypt the LVM ephemeral disk that is
being written to will be caught with this test.
Change-Id: I5f194f3c2a91263d4d34204db5cd5845197169bb
Takashi Kajinami