Merge "Add option to toggle validation of signed image"
This commit is contained in:
commit
375a7d69bd
|
@ -43,3 +43,14 @@ EphemeralStorageEncryptionGroup = [
|
|||
default=256,
|
||||
help="The key size used to encrypt ephemeral storage."),
|
||||
]
|
||||
|
||||
image_signature_verification_group = cfg.OptGroup(
|
||||
name="image_signature_verification",
|
||||
title="Image Signature Verification Options")
|
||||
|
||||
ImageSignatureVerificationGroup = [
|
||||
cfg.BoolOpt('enforced',
|
||||
default=True,
|
||||
help="Does the test environment enforce glance image "
|
||||
"verification?"),
|
||||
]
|
||||
|
|
|
@ -37,6 +37,8 @@ class BarbicanTempestPlugin(plugins.TempestPlugin):
|
|||
conf.register_group(project_config.ephemeral_storage_encryption_group)
|
||||
conf.register_opts(project_config.EphemeralStorageEncryptionGroup,
|
||||
project_config.ephemeral_storage_encryption_group)
|
||||
conf.register_opts(project_config.ImageSignatureVerificationGroup,
|
||||
project_config.image_signature_verification_group)
|
||||
|
||||
def get_opt_lists(self):
|
||||
return [('service_available', [project_config.service_option])]
|
||||
|
|
|
@ -70,6 +70,10 @@ class ImageSigningTest(barbican_manager.BarbicanScenarioTest):
|
|||
* Attempt to boot the incorrectly signed image
|
||||
* Confirm an exception is thrown
|
||||
"""
|
||||
if not CONF.image_signature_verification.enforced:
|
||||
raise self.skipException("Image signature verification is not "
|
||||
"enforced in this environment")
|
||||
|
||||
img_uuid = self.sign_and_upload_image()
|
||||
|
||||
LOG.debug("Modifying image signature to be incorrect")
|
||||
|
|
Loading…
Reference in New Issue