1890a97952
The pre-patch version of unit-testing tested the git-repo version of charm-helpers instead of the version that was synced to the charm. The git-repo version of charmhelpers is pip installed to obtain the testing part of charm-helpers, for the unit tests. Whilst this is a bug (really), it was compounded in that - due to how the paths worked - the unit tests' git version of charm-helpers was in the path first, and thus all unit tests were performed using that version of charm-helpers, and not the version actually synced into the charm. This has led to all sorts of 'odd' double mocking of config in the tests as there are potentially two copies of charm-helpers (as was the case for py27). A further commit will undo that madness. This patchset moves the charm synced version of charm-helpers earlier into the path so it gets picked first when the modules are loaded. Change-Id: Iff0566c52a283ff0cd2fc7707d981d8c47f3e6b2
64 lines
1.7 KiB
Python
Executable File
64 lines
1.7 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
#
|
|
# Copyright 2019 Canonical Ltd
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import configparser
|
|
import os
|
|
import sys
|
|
|
|
_path = os.path.dirname(os.path.realpath(__file__))
|
|
_hooks = os.path.abspath(os.path.join(_path, '../hooks'))
|
|
|
|
|
|
def _add_path(path):
|
|
if path not in sys.path:
|
|
sys.path.insert(1, path)
|
|
|
|
|
|
_add_path(_hooks)
|
|
|
|
|
|
import charmhelpers.contrib.openstack.audits as audits
|
|
from charmhelpers.contrib.openstack.audits import (
|
|
openstack_security_guide,
|
|
)
|
|
|
|
|
|
# Via the openstack_security_guide above, we are running the following
|
|
# security assertions automatically:
|
|
#
|
|
# - Check-Neutron-01 - validate-file-ownership
|
|
# - Check-Neutron-02 - validate-file-permissions
|
|
|
|
|
|
def main():
|
|
config = {
|
|
'audit_type': audits.AuditType.OpenStackSecurityGuide,
|
|
'files': openstack_security_guide.FILE_ASSERTIONS['neutron-gateway'],
|
|
'excludes': [
|
|
'validate-uses-keystone',
|
|
'validate-uses-tls-for-glance',
|
|
'validate-uses-tls-for-keystone',
|
|
],
|
|
}
|
|
conf = configparser.ConfigParser()
|
|
conf.read("/etc/neutron/neutron.conf")
|
|
config['neutron_config'] = dict(conf)
|
|
return audits.action_parse_results(audits.run(config))
|
|
|
|
|
|
if __name__ == "__main__":
|
|
sys.exit(main())
|