Merge "Update Ceph-rgw helm tests"

ceph-rgw/templates/bin/_helm-tests.sh.tpl

@@ -15,18 +15,110 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
+
 set -ex
 
-function rgw_replicas_validation()
+#NOTE: This function tests keystone based auth. It uses ceph_config_helper
+#container image that has openstack and ceph installed
+function rgw_keystone_bucket_validation ()
 {
-  available_rgw_count=$(ceph -s -f json-pretty | jq '.servicemap.services.rgw.daemons | del(.["summary"]) | length')
+  echo "function: rgw_keystone_bucket_validation"
+  openstack service list
 
-  if [ "x${available_rgw_count}" == "x${CEPH_RGW_REPLICAS}" ]; then
+  echo "--> creating openstack_test_container container"
-    echo "Correct number of RGWs available: ${available_rgw_count}"
+  openstack container create 'openstack_test_container'
+
+  echo "--> rgw bucket list"
+  radosgw-admin bucket list
+
+  all_buckets_stats=$(radosgw-admin bucket stats --format json)
+  bucket_stat=$(echo $all_buckets_stats | jq -c '.[] | select(.bucket | contains("openstack_test_container"))')
+  if [[ -z ${bucket_stat} ]]; then
+    echo "--> rgw bucket openstack_test_container not found"
+    exit 1
   else
-    echo "Incorrect number of RGWs. Expected count: ${CEPH_RGW_REPLICAS}, Available count: ${available_rgw_count}"
+    echo "--> rgw bucket openstack_test_container found"
+
+    echo "--> deleting openstack_test_container container"
+    openstack container delete openstack_test_container
+
+    echo "--> bucket list after deleting container"
+    radosgw-admin bucket list
+  fi
+}
+
+#NOTE: This function tests s3 based auto. It uses ceph_rgw container image which has
+# s3cmd util install
+function rgw_s3_bucket_validation ()
+{
+  echo "function: rgw_s3_bucket_validation"
+
+  bucket=s3://rgw-test-bucket
+  create_bucket_output=$(s3cmd mb $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate)
+
+  if [ $? -eq 0 ]; then
+    echo "Bucket $bucket created"
+    echo "Hello world!" > /tmp/hello.txt
+
+    s3cmd put /tmp/hello.txt $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
+    if [ $? -ne 0 ]; then
+      echo "Error during s3cmd execution"
+      exit 1
+    else
+      echo "File uploaded to bucket"
+    fi
+
+    s3cmd get s3://rgw-test-bucket/hello.txt -> /tmp/output.txt --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
+    if [ $? -ne 0 ]; then
+      echo "Error during s3cmd execution"
+      exit 1
+    else
+      echo "File downloaded from bucket"
+    fi
+
+    content=$(cat /tmp/output.txt)
+    echo $content
+    if [ "Hello" == "${content}" ]; then
+      echo "Content matches from downloaded file using s3cmd"
+    fi
+
+    s3cmd ls $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
+    if [ $? -ne 0 ]; then
+      echo "Error during s3cmd execution"
+      exit 1
+    fi
+
+    s3cmd del s3://rgw-test-bucket/hello.txt --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
+    if [ $? -ne 0 ]; then
+      echo "Error during s3cmd execution"
+      exit 1
+    else
+      echo "File from bucket is deleted"
+    fi
+
+    s3cmd del --recursive --force $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
+    if [ $? -ne 0 ]; then
+      echo "Error during s3cmd execution"
+      exit 1
+    else
+      echo "Bucket is deleted"
+    fi
+
+  else
+    echo "Error during s3cmd execution"
     exit 1
   fi
 }
 
-rgw_replicas_validation
+if [ {{ .Values.conf.rgw_ks.enabled }} == true ];
+then
+  echo "--> Keystone is enabled. Calling function to test keystone based auth "
+  rgw_keystone_bucket_validation
+fi
+
+if [ {{ .Values.conf.rgw_s3.enabled }} == true ];
+then
+  echo "--> S3 is enabled. Calling function to test S2 based auth "
+  rgw_s3_bucket_validation
+fi
+

ceph-rgw/templates/pod-helm-tests.yaml

@@ -62,6 +62,7 @@ spec:
   serviceAccountName: {{ $serviceAccountName }}
   initContainers:
 {{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
+{{ if .Values.conf.rgw_ks.enabled }}
     - name: ceph-keyring-placement
 {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }}
       securityContext:
@@ -80,14 +81,23 @@ spec:
           subPath: key
           readOnly: true
   containers:
-    - name: ceph-rgw-validation
+    - name: ceph-rgw-ks-validation
 {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }}
 {{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
       env:
-        - name: CEPH_DEPLOYMENT_NAMESPACE
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user_rgw }}
-          value: {{ .Values.endpoints.ceph_mon.namespace }}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
-        - name: CEPH_RGW_REPLICAS
+        - name: OS_AUTH_TYPE
-          value: "{{ .Values.pod.replicas.rgw }}"
+          valueFrom:
+            secretKeyRef:
+              name: {{ $.Values.secrets.identity.user_rgw }}
+              key: OS_AUTH_TYPE
+        - name: OS_TENANT_NAME
+          valueFrom:
+            secretKeyRef:
+              name: {{ $.Values.secrets.identity.user_rgw }}
+              key: OS_TENANT_NAME
+{{- end }}
       command:
         - /tmp/helm-tests.sh
       volumeMounts:
@@ -120,3 +130,28 @@ spec:
         name: ceph-rgw-etc
         defaultMode: 0444
 {{- end }}
+{{ if .Values.conf.rgw_s3.enabled }}
+  containers:
+    - name: ceph-rgw-s3-validation
+{{ tuple $envAll "ceph_rgw" | include "helm-toolkit.snippets.image" | indent 6 }}
+{{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+      env:
+{{- with $env := dict "s3AdminSecret" $envAll.Values.secrets.rgw_s3.admin }}
+{{- include "helm-toolkit.snippets.rgw_s3_admin_env_vars" $env | indent 8 }}
+{{- end }}
+        - name: RGW_HOST
+          value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
+      command:
+        - /tmp/helm-tests.sh
+      volumeMounts:
+        - name: ceph-rgw-bin
+          mountPath: /tmp/helm-tests.sh
+          subPath: helm-tests.sh
+          readOnly: true
+  volumes:
+    - name: ceph-rgw-bin
+      configMap:
+        name: ceph-rgw-bin
+        defaultMode: 0555
+{{- end }}
+{{- end }}

ceph-rgw/templates/secret-keystone-rgw.yaml

@@ -18,6 +18,9 @@ limitations under the License.
 {{- $envAll := . }}
 {{- range $key1, $userClass := tuple "swift" }}
 {{- $secretName := index $envAll.Values.secrets.identity "user_rgw" }}
+{{- $auth := index $envAll.Values.endpoints.identity.auth $userClass }}
+{{ $osAuthType := $auth.os_auth_type }}
+{{ $osTenantName := $auth.os_tenant_name }}
 ---
 apiVersion: v1
 kind: Secret
@@ -25,6 +28,8 @@ metadata:
   name: {{ $secretName }}
 type: Opaque
 data:
-{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
+{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 }}
-{{- end }}
+  OS_AUTH_TYPE: {{ $osAuthType  | b64enc }}
+  OS_TENANT_NAME: {{ $osTenantName | b64enc }}
+{{ end }}
 {{- end }}

ceph-rgw/values.yaml

@@ -396,6 +396,8 @@ endpoints:
         project_name: admin
         user_domain_name: default
         project_domain_name: default
+        os_auth_type: password
+        os_tenant_name: admin
       swift:
         role: admin
         region_name: RegionOne
@@ -404,6 +406,8 @@ endpoints:
         project_name: service
         user_domain_name: service
         project_domain_name: service
+        os_auth_type: password
+        os_tenant_name: admin
     hosts:
       default: keystone
       internal: keystone-api
@@ -496,4 +500,4 @@ manifests:
   secret_keystone: true
   service_ingress_rgw: true
   service_rgw: true
-  helm_tests: false
+  helm_tests: true