a0d71d6fff
The keystone functional tests are currently not using tempest, and are quite lacking in functionality. This PR adds tempest testing to the keystone role. We use the tempest.api.identity tests but exclude the tests for credentials and ec2 which we don't currently support. TODO: (andymccr) We need to add support for these (and remove the exclusion) by performing a 'keystone-manage credential_setup --keystone-user keystone --keystone-group keystone' Change-Id: I9a7207e75040c304c53820795cb66ce9be00c350
91 lines
3.0 KiB
YAML
91 lines
3.0 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Test that users/projects etc are consistent on both keystone hosts
|
|
- name: Playbook for functional testing keystone
|
|
hosts: keystone_all
|
|
user: root
|
|
gather_facts: false
|
|
tasks:
|
|
- name: Check the keystone api
|
|
uri:
|
|
url: "http://localhost:{{ item }}"
|
|
status_code: 300
|
|
register: result
|
|
until: result.status == 300
|
|
retries: 5
|
|
delay: 10
|
|
with_items:
|
|
- 5000
|
|
- 35357
|
|
- name: Check for expected users
|
|
keystone:
|
|
command: get_user
|
|
user_name: "{{ item }}"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
with_items:
|
|
- "admin"
|
|
- "keystone"
|
|
- name: Check for expected projects
|
|
keystone:
|
|
command: get_project
|
|
project_name: "{{ item }}"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
with_items:
|
|
- "admin"
|
|
- "service"
|
|
- name: Get SSL cert location and permissions
|
|
stat:
|
|
path: "/etc/ssl/certs/keystone.pem"
|
|
register: keystone_ssl_cert_stats
|
|
- name: Check SSL cert location and permissions
|
|
fail:
|
|
msg: "Keystone SSL cert permissions don't match 0640"
|
|
when: keystone_ssl_cert_stats.stat.mode != "0640"
|
|
- name: Get SSL key location and permissions
|
|
stat:
|
|
path: "/etc/ssl/private/keystone.key"
|
|
register: keystone_ssl_key_stats
|
|
- name: Check SSL key location and permissions
|
|
fail:
|
|
msg: "Keystone SSL key permissions don't match 0640"
|
|
when: keystone_ssl_key_stats.stat.mode != "0640"
|
|
|
|
vars_files:
|
|
- playbooks/test-vars.yml
|
|
|
|
# Run tempest identity tests on one keystone host.
|
|
- name: Playbook for functional testing keystone
|
|
hosts: keystone_all[0]
|
|
user: root
|
|
gather_facts: false
|
|
tasks:
|
|
# TODO(andymccr): add credentials functionality to keystone and remove the "credentials" exclusion.
|
|
- name: Run tempest
|
|
shell: |
|
|
. {{ tempest_venv_bin }}/activate
|
|
{{ tempest_venv_bin | dirname }}/run_tempest.sh --no-virtual-env ${RUN_TEMPEST_OPTS} '^tempest.api.identity((?!credentials).)*$'
|
|
environment:
|
|
RUN_TEMPEST_OPTS: "--serial"
|
|
|
|
vars_files:
|
|
- playbooks/test-vars.yml
|