Hi all, Recently in keystone we got merged the PCI-DSS feature [1]. Basically, we have new settings that enforce password security practices. For example, if we set the password history setting to 2, a user won't be able to update its password to one of the last 2 that have been set in the past.
The issue is that, this settings, can break a couple of tests in Tempest. Assuming the non-admin users in this tests don't affect any other test, I've inserted a "security_compliance" feature flag and skipped the portion of the tests that can break when the PCI-DSS settings are enabled [2]. With that, I've pushed another patch that sets these settings upon DevStack deployment [3] and added the actual tests for the feature at [4]. So we have a "tempest -> devstack -> tempest" chain of patches dependencies. I want your feedback regarding this, if this approach is acceptable and, if not, what are the options. Thanks! [1] https://blueprints.launchpad.net/keystone/+spec/pci-dss [2] https://review.openstack.org/#/c/382018/ [3] https://review.openstack.org/#/c/377004/ [4] https://review.openstack.org/#/c/378624/ -- Rodrigo Duarte Sousa Senior Quality Engineer @ Red Hat MSc in Computer Science http://rodrigods.com
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev