openstack/fuel-qa
Code Issues Proposed changes

Add negative test for reconfiguration of keystone to use LDAP

Browse Source 
Change-Id: I8e74459292a6fc9e8b740d4dc2b5a33be51d0a6a
Implements: blueprint test-openstack-config-change
This commit is contained in:
Sergey Novikov 2015-12-11 16:23:59 +03:00
parent 6c9c975be3
commit 4f561ea1e3
2 changed files with 120 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
fuelweb_test/config_templates/keystone_ldap.yaml Normal file
View File

@ -0,0 +1,64 @@
---
keystone_config:
ldap/url:
value: ldap://dc.example.com
ldap/user:
value: CN=ldap,OU=Users,DC=example,DC=com
ldap/password:
value: ldap_test
ldap/suffix:
value: DC=example,DC=com
ldap/use_dumb_member:
value: True
ldap/dumb_member:
value: CN=ldap,OU=Users,DC=example,DC=com
ldap/user_tree_dn:
value: OU=Users,DC=example,DC=com
ldap/user_objectclass:
value: person
ldap/user_filter:
ensure: absent
ldap/user_id_attribute:
value: cn
ldap/user_name_attribute:
value: cn
ldap/user_mail_attribute:
value: mail
ldap/user_pass_attribute:
ensure: absent
ldap/user_enabled_attribute:
value: userAccountControl
ldap/user_enabled_mask:
value: 2
ldap/user_enabled_default:
value: 512
ldap/user_attribute_ignore:
value: password,tenant_id,tenants
ldap/user_allow_create:
value: False
ldap/user_allow_update:
value: False
ldap/user_allow_delete:
value: False
ldap/role_tree_dn:
value: OU=Roles,DC=example,DC=com
ldap/role_filter:
ensure: absent
ldap/role_objectclass:
value: organizationalRole
ldap/role_id_attribute:
value: cn
ldap/role_name_attribute:
value: ou
ldap/role_name_attribute:
value: roleOccupant
ldap/role_attribute_ignore:
ensure: absent
ldap/role_allow_create:
value: True
ldap/role_allow_create:
value: True
ldap/role_allow_create:
value: True
identity/driver:
value: keystone.identity.backends.ldap.Identity

56
fuelweb_test/tests/test_services_reconfiguration.py
View File

@ -249,3 +249,59 @@ class ServicesReconfiguration(TestBasic):
os_conn.delete_instance(excessive_server)
self.env.make_snapshot("reconfigure_overcommit_ratio",
is_make=True)
@test(depends_on_groups=['deploy_neutron_vlan_ha'],
groups=["services_reconfiguration",
"reconfigure_keystone_to_use_ldap"])
@log_snapshot_after_test
def reconfigure_keystone_to_use_ldap(self):
"""Reconfigure neutron ml2 VLAN range
Scenario:
1. Revert snapshot "deploy_neutron_vlan_ha"
2. Upload a new openstack configuration
3. Try to apply a new keystone configuration
4. Wait for failing of deployment task
5. Check that reason of failing is impossibility of
the connection to LDAP server
Snapshot reconfigure_keystone_to_use_ldap
"""
self.show_step(1)
self.env.revert_snapshot("deploy_neutron_vlan_ha")
cluster_id = self.fuel_web.get_last_created_cluster()
controllers = self.fuel_web.get_nailgun_cluster_nodes_by_roles(
cluster_id, ['controller'])
ldap_cntrllr = controllers[0]
self.show_step(2)
config = utils.get_config_template('keystone_ldap')
self.fuel_web.client.upload_configuration(
config,
cluster_id,
node_id=ldap_cntrllr['id'])
self.show_step(3)
task = self.fuel_web.client.apply_configuration(
cluster_id,
node_id=ldap_cntrllr['id'])
self.show_step(4)
try:
self.fuel_web.assert_task_success(task, timeout=1800, interval=30)
except AssertionError:
pass
else:
raise Exception("New configuration was not applied")
self.show_step(5)
with self.env.d_env.get_ssh_to_remote(ldap_cntrllr['ip']) as remote:
log_path = '/var/log/puppet.log'
cmd = "grep \"Can't contact LDAP server\" {0}".format(log_path)
utils.run_on_remote_get_results(remote, cmd)
self.env.make_snapshot("reconfigure_keystone_to_use_ldap",
is_make=True)