[openstack-dev] [keystone][qa] PCI-DSS (security compliance tests)
Rodrigo Duarte
rodrigodsousa at gmail.com
Fri Oct 14 15:21:56 UTC 2016
Hi all,
Recently in keystone we got merged the PCI-DSS feature [1]. Basically, we
have new settings that enforce password security practices. For example, if
we set the password history setting to 2, a user won't be able to update
its password to one of the last 2 that have been set in the past.
The issue is that, this settings, can break a couple of tests in Tempest.
Assuming the non-admin users in this tests don't affect any other test,
I've inserted a "security_compliance" feature flag and skipped the portion
of the tests that can break when the PCI-DSS settings are enabled [2].
With that, I've pushed another patch that sets these settings upon DevStack
deployment [3] and added the actual tests for the feature at [4]. So we
have a "tempest -> devstack -> tempest" chain of patches dependencies.
I want your feedback regarding this, if this approach is acceptable and, if
not, what are the options.
Thanks!
[1] https://blueprints.launchpad.net/keystone/+spec/pci-dss
[2] https://review.openstack.org/#/c/382018/
[3] https://review.openstack.org/#/c/377004/
[4] https://review.openstack.org/#/c/378624/
--
Rodrigo Duarte Sousa
Senior Quality Engineer @ Red Hat
MSc in Computer Science
http://rodrigods.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161014/50045a0d/attachment.html>
More information about the OpenStack-dev
mailing list