Refactor security checklist test to be in a separate class #501
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
merge from upstream
This will allow security checks to be logically separate from other functional tests, and adhere to a similar design pattern that is used in other charm tests (see nova [0]) for an example. It will also highight which security checks are currently passing, and which are not. [0] https://github.com/openstack-charmers/zaza-openstack-tests/blob/35840a66d6788dc4899847747ee7523895f46e1b/zaza/openstack/charm_tests/nova/tests.py#L485-L529 Partial-Bug: #1883196
Gleland
changed the title
added 3 commits
February 10, 2021 06:40
See bug 1915293 [0] for more details, but this test is already skipped in the repo's current state, this is just making it more explicit as part of the current refactor. [0] https://bugs.launchpad.net/charm-openstack-dashboard/+bug/1915293
This reverts commit 1210e0c. Rather than using an if statement for gating xenial_mitaka and earlier, test cases can be customized in tests/tests.yaml for individual bundles. This will be handled in review 774305. [0] https://review.opendev.org/c/openstack/charm-openstack-dashboard/+/774305
thedac
approved these changes
Feb 12, 2021
There was a problem hiding this comment.
This looks good. We will land it when https://review.opendev.org/c/openstack/charm-openstack-dashboard/+/774305 has run its charm-recheck-full and lands.
openstack-mirroring
pushed a commit
to openstack/charm-openstack-dashboard
that referenced
this pull request
Feb 12, 2021
This setting is a behavior change, requring the admin password to be provided when changing the password of an admin user. Enabling this setting by default adheres to the security recommendation provided in the OpenStack security guide [0]. To enable this setting for Queens (the oldest supported OpenStack release at the time of this commit), a new local_settings.py file was copied from the Ocata template to ensure that any future versions will inherit this setting until a new change is made. Due to the security-checklist action currently failing [1], these have been extracted to another class, and refactored in the zaza-openstack-tests repo [2]. [0] https://docs.openstack.org/security-guide/dashboard/checklist.html [1] https://github.com/openstack-charmers/zaza-openstack-tests/blob/2ef404be7563ab9a4907376c3b33719fee41679f/zaza/openstack/charm_tests/openstack_dashboard/tests.py#L418 [2] openstack-charmers/zaza-openstack-tests#501 func-test-pr: openstack-charmers/zaza-openstack-tests#501 Closes-Bug: #1883196 Change-Id: Idfd8654732289481806aea8b47ffa28cf3f97697
openstack-mirroring
pushed a commit
to openstack/openstack
that referenced
this pull request
Feb 12, 2021
* Update charm-openstack-dashboard from branch 'master'
to 8e4dc4844a0cf52b32c9bea6d9553be7d6f93906
- Add ENFORCE_PASSWORD_CHECK setting
This setting is a behavior change, requring the admin password
to be provided when changing the password of an admin user. Enabling
this setting by default adheres to the security recommendation
provided in the OpenStack security guide [0].
To enable this setting for Queens (the oldest supported OpenStack
release at the time of this commit), a new local_settings.py file was
copied from the Ocata template to ensure that any future versions will
inherit this setting until a new change is made.
Due to the security-checklist action currently failing [1], these have been
extracted to another class, and refactored in the zaza-openstack-tests
repo [2].
[0] https://docs.openstack.org/security-guide/dashboard/checklist.html
[1] https://github.com/openstack-charmers/zaza-openstack-tests/blob/2ef404be7563ab9a4907376c3b33719fee41679f/zaza/openstack/charm_tests/openstack_dashboard/tests.py#L418
[2] openstack-charmers/zaza-openstack-tests#501
func-test-pr: openstack-charmers/zaza-openstack-tests#501
Closes-Bug: #1883196
Change-Id: Idfd8654732289481806aea8b47ffa28cf3f97697
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This resolves the comments left on review 774305 for the openstack-dashboard repository, in partial work to fix bug 1883196.
Note that line 538 includes a new test that will be submitted as part of the second patchset for review 774305, so these tests might not pass until the other PR is merged.