Adds keystone security compliance settings
The PCI-DSS feature has been introduced during the Newton
release and its settings are disabled by default. This
patch adds the possibility to enable some of them during
DevStack setup.
Change-Id: If6b5eb3e3cbc43eb241c94d18af80ad50be08772
Depends-On: Id97ca26f93b742cc3d8d49e98afc581f22360504
diff --git a/lib/tempest b/lib/tempest
index 3915c57..4b8fbb7 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -261,6 +261,9 @@
# Identity
iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/"
iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
+ iniset $TEMPEST_CONFIG identity user_lockout_failure_attempts $KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS
+ iniset $TEMPEST_CONFIG identity user_lockout_duration $KEYSTONE_LOCKOUT_DURATION
+ iniset $TEMPEST_CONFIG identity user_unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT
# Use domain scoped tokens for admin v3 tests, v3 dynamic credentials of v3 account generation
iniset $TEMPEST_CONFIG identity admin_domain_scope True
if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then
@@ -285,6 +288,9 @@
fi
# Identity Features
+ if [[ "$KEYSTONE_SECURITY_COMPLIANCE_ENABLED" = True ]]; then
+ iniset $TEMPEST_CONFIG identity-feature-enabled security_compliance True
+ fi
# TODO(rodrigods): Remove the reseller flag when Kilo and Liberty are end of life.
iniset $TEMPEST_CONFIG identity-feature-enabled reseller True