From 4f561ea1e33be580c6d31b807779aaf3f3c92149 Mon Sep 17 00:00:00 2001
From: Sergey Novikov <snovikov@mirantis.com>
Date: Fri, 11 Dec 2015 16:23:59 +0300
Subject: [PATCH] Add negative test for reconfiguration of keystone to use LDAP

Change-Id: I8e74459292a6fc9e8b740d4dc2b5a33be51d0a6a
Implements: blueprint test-openstack-config-change
---
 .../config_templates/keystone_ldap.yaml       | 64 +++++++++++++++++++
 .../tests/test_services_reconfiguration.py    | 56 ++++++++++++++++
 2 files changed, 120 insertions(+)
 create mode 100644 fuelweb_test/config_templates/keystone_ldap.yaml

diff --git a/fuelweb_test/config_templates/keystone_ldap.yaml b/fuelweb_test/config_templates/keystone_ldap.yaml
new file mode 100644
index 000000000..275c7873c
--- /dev/null
+++ b/fuelweb_test/config_templates/keystone_ldap.yaml
@@ -0,0 +1,64 @@
+---
+keystone_config:
+  ldap/url:
+    value: ldap://dc.example.com
+  ldap/user:
+    value: CN=ldap,OU=Users,DC=example,DC=com
+  ldap/password:
+    value: ldap_test
+  ldap/suffix:
+    value: DC=example,DC=com
+  ldap/use_dumb_member:
+    value: True
+  ldap/dumb_member:
+    value: CN=ldap,OU=Users,DC=example,DC=com
+  ldap/user_tree_dn:
+    value: OU=Users,DC=example,DC=com
+  ldap/user_objectclass:
+    value: person
+  ldap/user_filter:
+    ensure: absent
+  ldap/user_id_attribute:
+    value: cn
+  ldap/user_name_attribute:
+    value: cn
+  ldap/user_mail_attribute:
+    value: mail
+  ldap/user_pass_attribute:
+    ensure: absent
+  ldap/user_enabled_attribute:
+    value: userAccountControl
+  ldap/user_enabled_mask:
+    value: 2
+  ldap/user_enabled_default:
+    value: 512
+  ldap/user_attribute_ignore:
+    value: password,tenant_id,tenants
+  ldap/user_allow_create:
+    value: False
+  ldap/user_allow_update:
+    value: False
+  ldap/user_allow_delete:
+    value: False
+  ldap/role_tree_dn:
+    value: OU=Roles,DC=example,DC=com
+  ldap/role_filter:
+    ensure: absent
+  ldap/role_objectclass:
+    value: organizationalRole
+  ldap/role_id_attribute:
+    value: cn
+  ldap/role_name_attribute:
+    value: ou
+  ldap/role_name_attribute:
+    value: roleOccupant
+  ldap/role_attribute_ignore:
+    ensure: absent
+  ldap/role_allow_create:
+    value: True
+  ldap/role_allow_create:
+    value: True
+  ldap/role_allow_create:
+    value: True
+  identity/driver:
+    value: keystone.identity.backends.ldap.Identity
\ No newline at end of file
diff --git a/fuelweb_test/tests/test_services_reconfiguration.py b/fuelweb_test/tests/test_services_reconfiguration.py
index ac4c5cd10..864c7dd58 100644
--- a/fuelweb_test/tests/test_services_reconfiguration.py
+++ b/fuelweb_test/tests/test_services_reconfiguration.py
@@ -249,3 +249,59 @@ class ServicesReconfiguration(TestBasic):
         os_conn.delete_instance(excessive_server)
         self.env.make_snapshot("reconfigure_overcommit_ratio",
                                is_make=True)
+
+    @test(depends_on_groups=['deploy_neutron_vlan_ha'],
+          groups=["services_reconfiguration",
+                  "reconfigure_keystone_to_use_ldap"])
+    @log_snapshot_after_test
+    def reconfigure_keystone_to_use_ldap(self):
+        """Reconfigure neutron ml2 VLAN range
+
+        Scenario:
+            1. Revert snapshot "deploy_neutron_vlan_ha"
+            2. Upload a new openstack configuration
+            3. Try to apply a new keystone configuration
+            4. Wait for failing of deployment task
+            5. Check that reason of failing is impossibility of
+               the connection to LDAP server
+
+        Snapshot reconfigure_keystone_to_use_ldap
+
+        """
+        self.show_step(1)
+        self.env.revert_snapshot("deploy_neutron_vlan_ha")
+
+        cluster_id = self.fuel_web.get_last_created_cluster()
+        controllers = self.fuel_web.get_nailgun_cluster_nodes_by_roles(
+            cluster_id, ['controller'])
+
+        ldap_cntrllr = controllers[0]
+
+        self.show_step(2)
+        config = utils.get_config_template('keystone_ldap')
+        self.fuel_web.client.upload_configuration(
+            config,
+            cluster_id,
+            node_id=ldap_cntrllr['id'])
+
+        self.show_step(3)
+        task = self.fuel_web.client.apply_configuration(
+            cluster_id,
+            node_id=ldap_cntrllr['id'])
+
+        self.show_step(4)
+        try:
+            self.fuel_web.assert_task_success(task, timeout=1800, interval=30)
+        except AssertionError:
+            pass
+        else:
+            raise Exception("New configuration was not applied")
+
+        self.show_step(5)
+        with self.env.d_env.get_ssh_to_remote(ldap_cntrllr['ip']) as remote:
+            log_path = '/var/log/puppet.log'
+            cmd = "grep \"Can't contact LDAP server\" {0}".format(log_path)
+            utils.run_on_remote_get_results(remote, cmd)
+
+        self.env.make_snapshot("reconfigure_keystone_to_use_ldap",
+                               is_make=True)