Michael Johnson c2e51939b4 Update designate for RBAC "direction change"
The RBAC goal has changed[1] and system scope is no longer going to be
used. This patch updates Designate to align to this change in direction
by removing the system scope from the policies.
It also updates the functional tests to be ready for the switch to using
the new keystone roles by default.

[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#direction-change

Depends-On: https://review.opendev.org/c/openstack/designate-tempest-plugin/+/879111
Change-Id: I1937e215dbd072b0a095df659c75f17a3f48c937
2023-03-31 00:38:50 +00:00

225 lines
6.0 KiB
YAML

- job:
name: designate-base
parent: devstack-tempest
nodeset: openstack-single-node-jammy
vars: &base_vars
devstack_localrc:
DESIGNATE_SERVICE_PORT_DNS: 5322
TEMPEST_PLUGINS: /opt/stack/designate-tempest-plugin
USE_PYTHON3: true
API_WORKERS: 2
devstack_plugins:
designate: https://opendev.org/openstack/designate
devstack_services:
designate: true
s-account: false
s-container: false
s-object: false
s-proxy: false
cinder: false
c-api: false
c-bak: false
c-vol: false
tox_envlist: all
tempest_test_regex: |
designate_tempest_plugin.*
required-projects: &base_required_projects
- openstack/designate
- openstack/designate-dashboard
- openstack/designate-tempest-plugin
- openstack/python-designateclient
timeout: 4200
irrelevant-files: &base_irrelevant_files
- ^.*\.rst$
- ^api-ref/.*$
- ^doc/.*$
- ^etc/.*$
- ^releasenotes/.*$
- job:
name: designate-base-ipv6-only
parent: devstack-tempest-ipv6
nodeset: openstack-single-node-jammy
description: |
Designate devstack-tempest base job for IPv6-only deployment
irrelevant-files: *base_irrelevant_files
required-projects: *base_required_projects
vars: *base_vars
- job:
name: designate-bind9
post-run: playbooks/designate-bind9/post.yaml
parent: designate-base
- job:
name: designate-bind9-centos9stream-fips
parent: designate-bind9
nodeset: devstack-single-node-centos-9-stream
description: |
Functional testing for a FIPS enabled Centos 9 stream system
pre-run: playbooks/enable-fips.yaml
vars:
nslookup_target: 'opendev.org'
- job:
name: designate-bind9-keystone-default-roles
post-run: playbooks/designate-bind9/post.yaml
parent: designate-base
vars:
devstack_local_conf:
post-config:
$DESIGNATE_CONF:
oslo_policy:
enforce_new_defaults: True
test-config:
"$TEMPEST_CONFIG":
dns_feature_enabled:
enforce_new_defaults: True
- job:
name: designate-bind9-centos-9-stream
parent: designate-bind9
nodeset: devstack-single-node-centos-9-stream
- job:
name: designate-pdns4
post-run: playbooks/designate-pdns4/post.yaml
parent: designate-base
vars:
devstack_localrc:
DESIGNATE_BACKEND_DRIVER: pdns4
- job:
name: designate-pdns4-postgres
parent: designate-pdns4
vars:
devstack_services:
mysql: False
postgresql: True
voting: false
- job:
name: designate-ipv6-only-bind9
post-run: playbooks/designate-bind9/post.yaml
parent: designate-base-ipv6-only
- job:
name: designate-ipv6-only-pdns4
post-run: playbooks/designate-pdns4/post.yaml
parent: designate-base-ipv6-only
vars:
devstack_localrc:
DESIGNATE_BACKEND_DRIVER: pdns4
- job:
name: designate-grenade-common
parent: grenade
required-projects:
- opendev.org/openstack/horizon
- opendev.org/openstack/designate
- opendev.org/openstack/designate-dashboard
- opendev.org/openstack/designate-tempest-plugin
- opendev.org/openstack/python-designateclient
vars:
devstack_plugins:
designate: https://opendev.org/openstack/designate
devstack_services:
designate: true
designate-api: true
designate-central: true
designate-producer: true
designate-worker: true
designate-mdns: true
designate-agent: true
designate-sink: true
horizon: true
s-account: false
s-container: false
s-object: false
s-proxy: false
c-bak: false
grenade_localrc:
BASE_RUN_SMOKE: False
tox_envlist: all
tempest_plugins:
- designate-tempest-plugin
tempest_test_regex: designate_tempest_plugin(?!\.tests.api.v1).*
irrelevant-files:
- ^.*\.rst$
- ^api-ref/.*$
- ^doc/.*$
- ^etc/.*$
- ^releasenotes/.*$
- job:
name: designate-grenade-pdns4
parent: designate-grenade-common
post-run: playbooks/designate-pdns4/post.yaml
vars:
grenade_devstack_localrc:
shared:
DESIGNATE_BACKEND_DRIVER: pdns4
DESIGNATE_SERVICE_PORT_DNS: 5322
- job:
name: designate-grenade-bind9
parent: designate-grenade-common
post-run: playbooks/designate-bind9/post.yaml
voting: false
- job:
name: designate-tox-dnspython-latest
parent: openstack-tox
description: |
Run the Designate unit tests with the latest release of dnspython.
irrelevant-files: *base_irrelevant_files
vars:
tox_envlist: dnspython-latest
- project-template:
name: designate-devstack-jobs
queue: designate
check:
jobs:
- designate-bind9
- designate-bind9-centos9stream-fips:
voting: false
- designate-bind9-centos-9-stream:
voting: false
- designate-bind9-keystone-default-roles
- designate-pdns4
- designate-grenade-bind9
- designate-grenade-pdns4
- designate-ipv6-only-pdns4
- designate-ipv6-only-bind9
gate:
fail-fast: true
jobs:
- designate-bind9
- designate-bind9-keystone-default-roles
- designate-pdns4
- designate-grenade-pdns4
- designate-ipv6-only-pdns4
- designate-ipv6-only-bind9
- project:
templates:
- designate-devstack-jobs
- openstack-cover-jobs
- openstack-python3-jobs
- publish-openstack-docs-pti
- periodic-stable-jobs
- check-requirements
- release-notes-jobs-python3
check:
jobs:
- neutron-tempest-plugin-designate-scenario
- designate-tox-dnspython-latest:
voting: false
gate:
jobs:
- neutron-tempest-plugin-designate-scenario
experimental:
jobs:
- designate-pdns4-postgres