diff --git a/Berksfile b/Berksfile index 1958627..219982a 100644 --- a/Berksfile +++ b/Berksfile @@ -14,3 +14,5 @@ cookbook "openstack-network", github: "openstack/cookbook-openstack-network" cookbook "openstack-block-storage", github: "openstack/cookbook-openstack-block-storage" +cookbook "openstackclient", + github: "cloudbau/cookbook-openstackclient" diff --git a/attributes/default.rb b/attributes/default.rb index 96f3eff..d622235 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -29,12 +29,16 @@ default['openstack']['integration-test'] = { 'user1' => { 'user_name' => 'tempest_user1', 'password' => 'tempest_user1_pass', - 'project_name' => 'tempest_project1' + 'project_name' => 'tempest_project1', + 'role' => 'Member', + 'domain_name' => 'Default' }, 'user2' => { 'user_name' => 'tempest_user2', 'password' => 'tempest_user2_pass', - 'project_name' => 'tempest_project2' + 'project_name' => 'tempest_project2', + 'role' => 'Member', + 'domain_name' => 'Default' }, 'image1' => { 'name' => 'cirros', diff --git a/metadata.rb b/metadata.rb index 3be88ef..c7709cd 100644 --- a/metadata.rb +++ b/metadata.rb @@ -19,3 +19,4 @@ depends 'openstack-identity', '>= 14.0.0' depends 'openstack-image', '>= 14.0.0' depends 'openstack-compute', '>= 14.0.0' depends 'openstack-block-storage', '>= 14.0.0' +depends 'openstackclient' diff --git a/recipes/setup.rb b/recipes/setup.rb index 9e83100..779922e 100644 --- a/recipes/setup.rb +++ b/recipes/setup.rb @@ -38,64 +38,64 @@ end package 'curl' identity_admin_endpoint = admin_endpoint 'identity' -# Since this is testing things from the user's perspective, -# use the public identity endpoint -identity_api_endpoint = public_endpoint 'identity' -bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token' -auth_uri = ::URI.decode identity_admin_endpoint.to_s -admin_pass = get_password 'user', node['openstack']['identity']['admin_user'] +identity_public_endpoint = public_endpoint 'identity' +auth_url = ::URI.decode identity_admin_endpoint.to_s -%w(user1 user2).each_with_index do |user, i| - i += 1 +admin_user = node['openstack']['identity']['admin_user'] +admin_pass = get_password 'user', admin_user +admin_project = node['openstack']['identity']['admin_project'] +admin_domain = node['openstack']['identity']['admin_domain_name'] +admin_project_domain_name = node['openstack']['identity']['admin_project_domain'] - openstack_identity_register "Register tempest project #{i}" do - auth_uri auth_uri - bootstrap_token bootstrap_token - tenant_name node['openstack']['integration-test'][user]['project_name'] - tenant_description "Tempest project #{i}" +connection_params = { + openstack_auth_url: "#{auth_url}/auth/tokens", + openstack_username: admin_user, + openstack_api_key: admin_pass, + openstack_project_name: admin_project, + openstack_domain_name: admin_domain +} - action :create_tenant +%w(user1 user2).each_with_index do |user| + service_user = node['openstack']['integration-test'][user]['user_name'] + service_project = node['openstack']['integration-test'][user]['project_name'] + service_role = node['openstack']['integration-test'][user]['role'] + service_domain = node['openstack']['integration-test'][user]['domain_name'] + service_pass = node['openstack']['integration-test'][user]['password'] + + openstack_project service_project do + connection_params connection_params end - openstack_identity_register "Register tempest user #{i}" do - auth_uri auth_uri - bootstrap_token bootstrap_token - tenant_name node['openstack']['integration-test'][user]['project_name'] - user_name node['openstack']['integration-test'][user]['user_name'] - user_pass node['openstack']['integration-test'][user]['password'] - - action :create_user + openstack_role service_role do + connection_params connection_params end - openstack_identity_register "Create tempest role #{i}" do - auth_uri auth_uri - bootstrap_token bootstrap_token - tenant_name node['openstack']['integration-test'][user]['project_name'] - user_name node['openstack']['integration-test'][user]['user_name'] - user_pass node['openstack']['integration-test'][user]['password'] - role_name 'Member' - - action :create_role + openstack_user service_user do + project_name service_project + role_name service_role + password service_pass + connection_params connection_params end - openstack_identity_register "Grant 'member' Role to tempest user for tempest project ##{i}" do - auth_uri auth_uri - bootstrap_token bootstrap_token - tenant_name node['openstack']['integration-test'][user]['project_name'] - user_name node['openstack']['integration-test'][user]['user_name'] - role_name 'Member' - + openstack_user service_user do + role_name service_role + project_name service_project + connection_params connection_params action :grant_role end + + openstack_user service_user do + domain_name service_domain + role_name service_role + user_name service_user + connection_params connection_params + action :grant_domain + end end -# Create role for heat template defined users heat_stack_user_role = node['openstack']['integration-test']['heat_stack_user_role'] -openstack_identity_register "Create '#{heat_stack_user_role}' Role for template defined users" do - auth_uri auth_uri - bootstrap_token bootstrap_token - role_name heat_stack_user_role - action :create_role +openstack_role heat_stack_user_role do + connection_params connection_params end git '/opt/tempest' do @@ -105,16 +105,15 @@ git '/opt/tempest' do action :sync end -admin_user = node['openstack']['identity']['admin_user'] -admin_project = node['openstack']['identity']['admin_tenant_name'] - %w(image1 image2).each do |img| image_name = node['openstack']['integration-test'][img]['name'] openstack_image_image img do identity_user admin_user identity_pass admin_pass identity_tenant admin_project - identity_uri auth_uri + identity_uri auth_url + identity_user_domain_name admin_domain + identity_project_domain_name admin_project_domain_name image_name image_name image_url node['openstack']['integration-test'][img]['source'] end @@ -162,8 +161,8 @@ template '/opt/tempest/etc/tempest.conf' do # get_image_id being executed). variables( 'tempest_disable_ssl_validation' => node['openstack']['integration-test']['disable_ssl_validation'], - 'identity_endpoint_host' => identity_api_endpoint.host, - 'identity_endpoint_port' => identity_api_endpoint.port, + 'identity_endpoint_host' => identity_public_endpoint.host, + 'identity_endpoint_port' => identity_public_endpoint.port, 'tempest_use_dynamic_credentials' => node['openstack']['integration-test']['use_dynamic_credentials'], 'tempest_user1' => node['openstack']['integration-test']['user1']['user_name'], 'tempest_user1_pass' => node['openstack']['integration-test']['user1']['password'], diff --git a/spec/setup_spec.rb b/spec/setup_spec.rb index d1c9363..56311c1 100644 --- a/spec/setup_spec.rb +++ b/spec/setup_spec.rb @@ -11,6 +11,14 @@ describe 'openstack-integration-test::setup' do include_context 'tempest-stubs' + connection_params = { + openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens', + openstack_username: 'admin', + openstack_api_key: 'admin', + openstack_project_name: 'admin', + openstack_domain_name: 'default' + } + it 'installs tempest dependencies' do packages = %w(git libxml2-dev libxslt-dev testrepository python-dev libffi-dev) @@ -20,109 +28,99 @@ describe 'openstack-integration-test::setup' do end end - it 'registers project tempest_project1' do - expect(chef_run).to create_tenant_openstack_identity_register( - 'Register tempest project 1' + it 'registers tempest_project1 Project' do + expect(chef_run).to create_openstack_project( + 'tempest_project1' ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'tempest_project1', - tenant_description: 'Tempest project 1' + connection_params: connection_params ) end - it 'registers user tempest_user1' do - expect(chef_run).to create_user_openstack_identity_register( - 'Register tempest user 1' + it 'registers service user' do + expect(chef_run).to create_openstack_user( + 'tempest_user1' ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'tempest_project1', - user_name: 'tempest_user1', - user_pass: 'tempest_user1_pass' + project_name: 'tempest_project1', + role_name: 'Member', + password: 'tempest_user1_pass', + connection_params: connection_params ) end - it 'creates member role to tempest_user1 for tempest_project1' do - expect(chef_run).to create_role_openstack_identity_register( - 'Create tempest role 1' + it 'create service role' do + expect(chef_run).to create_openstack_role( + 'Member' ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'tempest_project1', - user_name: 'tempest_user1', - user_pass: 'tempest_user1_pass', - role_name: 'Member' + connection_params: connection_params ) end - it 'grants member role to tempest_user1 for tempest_project1' do - expect(chef_run).to grant_role_openstack_identity_register( - "Grant 'member' Role to tempest user for tempest project #1" + it do + expect(chef_run).to grant_domain_openstack_user( + 'tempest_user1' ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'tempest_project1', - user_name: 'tempest_user1', - role_name: 'Member' + domain_name: 'Default', + role_name: 'Member', + connection_params: connection_params ) end - it 'registers project tempest_project2' do - expect(chef_run).to create_tenant_openstack_identity_register( - 'Register tempest project 2' + it do + expect(chef_run).to grant_role_openstack_user( + 'tempest_user1' ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'tempest_project2', - tenant_description: 'Tempest project 2' + project_name: 'tempest_project1', + role_name: 'Member', + password: 'tempest_user1_pass', + connection_params: connection_params ) end - it 'registers user tempest_user2' do - expect(chef_run).to create_user_openstack_identity_register( - 'Register tempest user 2' + it 'registers tempest_project2 Project' do + expect(chef_run).to create_openstack_project( + 'tempest_project2' ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'tempest_project2', - user_name: 'tempest_user2', - user_pass: 'tempest_user2_pass' + connection_params: connection_params ) end - it 'creates member role to tempest_user2 for tempest_project2' do - expect(chef_run).to create_role_openstack_identity_register( - 'Create tempest role 2' + it 'registers service user' do + expect(chef_run).to create_openstack_user( + 'tempest_user2' ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'tempest_project2', - user_name: 'tempest_user2', - user_pass: 'tempest_user2_pass', - role_name: 'Member' + project_name: 'tempest_project2', + role_name: 'Member', + password: 'tempest_user2_pass', + connection_params: connection_params ) end - it 'grants member role to tempest_user2 for tempest_project2' do - expect(chef_run).to grant_role_openstack_identity_register( - "Grant 'member' Role to tempest user for tempest project #2" + it do + expect(chef_run).to grant_domain_openstack_user( + 'tempest_user2' ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'tempest_project2', - user_name: 'tempest_user2', - role_name: 'Member' + domain_name: 'Default', + role_name: 'Member', + connection_params: connection_params ) end - it 'creats heat stack owner role' do - expect(chef_run).to create_role_openstack_identity_register( - "Create 'heat_stack_owner' Role for template defined users" + it do + expect(chef_run).to grant_role_openstack_user( + 'tempest_user2' ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - role_name: 'heat_stack_owner' + project_name: 'tempest_project2', + role_name: 'Member', + password: 'tempest_user2_pass', + connection_params: connection_params + ) + end + + it 'create service role' do + expect(chef_run).to create_openstack_role( + 'heat_stack_owner' + ).with( + connection_params: connection_params ) end @@ -141,7 +139,9 @@ describe 'openstack-integration-test::setup' do identity_user: 'admin', identity_pass: 'admin', identity_tenant: 'admin', - identity_uri: 'http://127.0.0.1:35357/v2.0', + identity_uri: 'http://127.0.0.1:35357/v3', + identity_user_domain_name: 'default', + identity_project_domain_name: 'default', image_name: 'cirros', image_url: 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img' ) @@ -152,7 +152,9 @@ describe 'openstack-integration-test::setup' do identity_user: 'admin', identity_pass: 'admin', identity_tenant: 'admin', - identity_uri: 'http://127.0.0.1:35357/v2.0', + identity_uri: 'http://127.0.0.1:35357/v3', + identity_user_domain_name: 'default', + identity_project_domain_name: 'default', image_name: 'cirros', image_url: 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img' ) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 0cc91d0..d5111e9 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -24,8 +24,8 @@ shared_context 'tempest-stubs' do { 'OS_USERNAME' => 'admin', 'OS_PASSWORD' => 'admin', - 'OS_TENANT_NAME' => 'admin', - 'OS_AUTH_URL' => 'http://127.0.0.1:35357/v2.0' + 'OS_PROJECT_NAME' => 'admin', + 'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3' } allow_any_instance_of(Chef::Recipe).to receive(:get_password) diff --git a/templates/default/tempest.conf.erb b/templates/default/tempest.conf.erb index fcfba86..a6bdd71 100644 --- a/templates/default/tempest.conf.erb +++ b/templates/default/tempest.conf.erb @@ -1,9 +1,11 @@ [auth] use_dynamic_credentials = <%= @tempest_use_dynamic_credentials %> +default_credentials_domain_name = Default admin_username = <%= @tempest_admin %> admin_password = <%= @tempest_admin_pass %> admin_project_name = <%= @tempest_admin_project %> +admin_domain_name = Default [identity] @@ -13,6 +15,7 @@ disable_ssl_certificate_validation = <%= @tempest_disable_ssl_validation %> uri = http://<%= @identity_endpoint_host %>:<%= @identity_endpoint_port %>/v2.0/ uri_v3 = http://<%= @identity_endpoint_host %>:<%= @identity_endpoint_port %>/v3/ +v3_endpoint_type = publicURL strategy = keystone @@ -20,11 +23,15 @@ region = RegionOne username = <%= @tempest_user1 %> password = <%= @tempest_user1_pass %> +user_domain_name = Default +project_domain_name = Default project_name = <%= @tempest_user1_project %> alt_username = <%= @tempest_user2 %> alt_password = <%= @tempest_user2_pass %> alt_project_name = <%= @tempest_user2_project %> +default_domain_id = default +admin_domain_scope = false [validation] image_alt_ssh_user = <%= @tempest_alt_ssh_user %> @@ -69,7 +76,8 @@ use_block_migration_for_live_migration = False disk_config_enabled_override = true [identity-feature-enabled] -api_v3 = false +api_v3 = true +api_v2 = false [whitebox]