Add Puppet Litmus
With fixes. Depends-On: https://review.opendev.org/#/c/751890/ Change-Id: Iab69bf0ff66740126ec09688813e52973159c222
This commit is contained in:
parent
e2ceb9db06
commit
09d05f617a
|
@ -3,7 +3,7 @@
|
||||||
- puppet-openstack-check-jobs
|
- puppet-openstack-check-jobs
|
||||||
- puppet-openstack-module-unit-jobs
|
- puppet-openstack-module-unit-jobs
|
||||||
- puppet-openstack-integration-jobs-all
|
- puppet-openstack-integration-jobs-all
|
||||||
- puppet-openstack-beaker-jobs
|
- puppet-openstack-litmus-jobs
|
||||||
- release-notes-jobs-python3
|
- release-notes-jobs-python3
|
||||||
check:
|
check:
|
||||||
jobs:
|
jobs:
|
||||||
|
|
21
README.md
21
README.md
|
@ -15,11 +15,10 @@ keystone
|
||||||
3. [Setup - The basics of getting started with keystone](#setup)
|
3. [Setup - The basics of getting started with keystone](#setup)
|
||||||
4. [Implementation - An under-the-hood peek at what the module is doing](#implementation)
|
4. [Implementation - An under-the-hood peek at what the module is doing](#implementation)
|
||||||
5. [Limitations - OS compatibility, etc.](#limitations)
|
5. [Limitations - OS compatibility, etc.](#limitations)
|
||||||
6. [Beaker-Rspec - Beaker-rspec tests for the project](#beaker-rspec)
|
6. [Development - Guide for contributing to the module](#development)
|
||||||
7. [Development - Guide for contributing to the module](#development)
|
7. [Contributors - Those with commits](#contributors)
|
||||||
8. [Contributors - Those with commits](#contributors)
|
8. [Release Notes - Release notes for the project](#release-notes)
|
||||||
9. [Release Notes - Release notes for the project](#release-notes)
|
9. [Repository - The project source code repository](#repository)
|
||||||
10. [Repository - The project source code repository](#repository)
|
|
||||||
|
|
||||||
Overview
|
Overview
|
||||||
--------
|
--------
|
||||||
|
@ -294,18 +293,6 @@ Limitations
|
||||||
|
|
||||||
* If you've setup OpenStack using previous versions of this module you need to be aware that it used UUID as the default for the token_format parameter but now defaults to PKI. If you're using this module to manage a Grizzly OpenStack deployment that was set up using a development release of the modules or are attempting an upgrade from Folsom then you'll need to make sure you set the token_format to UUID at classification time.
|
* If you've setup OpenStack using previous versions of this module you need to be aware that it used UUID as the default for the token_format parameter but now defaults to PKI. If you're using this module to manage a Grizzly OpenStack deployment that was set up using a development release of the modules or are attempting an upgrade from Folsom then you'll need to make sure you set the token_format to UUID at classification time.
|
||||||
|
|
||||||
Beaker-Rspec
|
|
||||||
------------
|
|
||||||
|
|
||||||
This module has beaker-rspec tests
|
|
||||||
|
|
||||||
To run:
|
|
||||||
|
|
||||||
```shell
|
|
||||||
bundle install
|
|
||||||
bundle exec rspec spec/acceptance
|
|
||||||
```
|
|
||||||
|
|
||||||
Development
|
Development
|
||||||
-----------
|
-----------
|
||||||
|
|
||||||
|
|
|
@ -62,22 +62,23 @@ describe 'basic keystone server with changed domain id' do
|
||||||
it 'should work with no errors and catch deprecation warning' do
|
it 'should work with no errors and catch deprecation warning' do
|
||||||
apply_manifest(pp, :catch_failures => true) do |result|
|
apply_manifest(pp, :catch_failures => true) do |result|
|
||||||
expect(result.stderr)
|
expect(result.stderr)
|
||||||
.to include_regexp([/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/])
|
.to match(/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should be idempotent' do
|
it 'should be idempotent' do
|
||||||
apply_manifest(pp, :catch_changes => true) do |result|
|
apply_manifest(pp, :catch_changes => true) do |result|
|
||||||
expect(result.stderr)
|
expect(result.stderr)
|
||||||
.to include_regexp([/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/])
|
.to match(/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
describe 'puppet resources are successful created' do
|
describe 'puppet resources are successful created' do
|
||||||
it 'for tenant' do
|
it 'for tenant' do
|
||||||
shell('puppet resource keystone_tenant') do |result|
|
command('puppet resource keystone_tenant') do |result|
|
||||||
expect(result.stdout)
|
expect(result.stdout)
|
||||||
.to include_regexp([/keystone_tenant { 'project_in_my_default_domain':/,
|
.to match(/keystone_tenant { 'project_in_my_default_domain':/)
|
||||||
/keystone_tenant { 'project_in_my_default_domain::other_domain':/])
|
expect(result.stdout)
|
||||||
|
.to match(/keystone_tenant { 'project_in_my_default_domain::other_domain':/)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -12,10 +12,10 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
|
||||||
include openstack_integration::mysql
|
include openstack_integration::mysql
|
||||||
include openstack_integration::keystone
|
include openstack_integration::keystone
|
||||||
|
|
||||||
::keystone::resource::service_identity { 'beaker-ci':
|
keystone::resource::service_identity { 'ci':
|
||||||
service_type => 'beaker',
|
service_type => 'ci',
|
||||||
service_description => 'beaker service',
|
service_description => 'ci service',
|
||||||
service_name => 'beaker',
|
service_name => 'ci service',
|
||||||
password => 'secret',
|
password => 'secret',
|
||||||
public_url => 'http://127.0.0.1:1234',
|
public_url => 'http://127.0.0.1:1234',
|
||||||
admin_url => 'http://127.0.0.1:1234',
|
admin_url => 'http://127.0.0.1:1234',
|
||||||
|
@ -54,10 +54,10 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
|
||||||
}
|
}
|
||||||
# service user exists only in the service_domain - must
|
# service user exists only in the service_domain - must
|
||||||
# use v3 api
|
# use v3 api
|
||||||
::keystone::resource::service_identity { 'beaker-civ3::service_domain':
|
keystone::resource::service_identity { 'civ3::service_domain':
|
||||||
service_type => 'beakerv3',
|
service_type => 'civ3',
|
||||||
service_description => 'beakerv3 service',
|
service_description => 'civ3 service',
|
||||||
service_name => 'beakerv3',
|
service_name => 'civ3',
|
||||||
password => 'secret',
|
password => 'secret',
|
||||||
tenant => 'servicesv3::service_domain',
|
tenant => 'servicesv3::service_domain',
|
||||||
public_url => 'http://127.0.0.1:1234/v3',
|
public_url => 'http://127.0.0.1:1234/v3',
|
||||||
|
@ -84,32 +84,32 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
|
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
|
||||||
it 'should find beaker user' do
|
it 'should find ci user' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
|
||||||
expect(r.stdout).to match(/beaker/)
|
expect(r.stdout).to match(/ci/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should find services tenant' do
|
it 'should find services tenant' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
|
||||||
expect(r.stdout).to match(/services/)
|
expect(r.stdout).to match(/services/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should find beaker service' do
|
it 'should find ci service' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
|
||||||
expect(r.stdout).to match(/beaker/)
|
expect(r.stdout).to match(/ci/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should find admin role' do
|
it 'should find admin role' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
|
||||||
expect(r.stdout).to match(/admin/)
|
expect(r.stdout).to match(/admin/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should find beaker endpoints' do
|
it 'should find ci endpoints' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
|
||||||
expect(r.stdout).to match(/1234/)
|
expect(r.stdout).to match(/1234/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
|
@ -121,7 +121,7 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
|
||||||
end
|
end
|
||||||
describe "with v2 service with v3 credentials" do
|
describe "with v2 service with v3 credentials" do
|
||||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||||
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
|
'--os-username ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
|
||||||
end
|
end
|
||||||
describe 'with v3 admin with v3 credentials' do
|
describe 'with v3 admin with v3 credentials' do
|
||||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||||
|
@ -129,7 +129,7 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
|
||||||
end
|
end
|
||||||
describe "with v3 service with v3 credentials" do
|
describe "with v3 service with v3 credentials" do
|
||||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||||
'--os-username beaker-civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
|
'--os-username civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -12,10 +12,10 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
|
||||||
include openstack_integration::mysql
|
include openstack_integration::mysql
|
||||||
include openstack_integration::keystone
|
include openstack_integration::keystone
|
||||||
|
|
||||||
::keystone::resource::service_identity { 'beaker-ci':
|
keystone::resource::service_identity { 'ci':
|
||||||
service_type => 'beaker',
|
service_type => 'ci',
|
||||||
service_description => 'beaker service',
|
service_description => 'ci service',
|
||||||
service_name => 'beaker',
|
service_name => 'ci',
|
||||||
password => 'secret',
|
password => 'secret',
|
||||||
public_url => 'http://127.0.0.1:1234',
|
public_url => 'http://127.0.0.1:1234',
|
||||||
admin_url => 'http://127.0.0.1:1234',
|
admin_url => 'http://127.0.0.1:1234',
|
||||||
|
@ -54,10 +54,10 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
|
||||||
}
|
}
|
||||||
# service user exists only in the service_domain - must
|
# service user exists only in the service_domain - must
|
||||||
# use v3 api
|
# use v3 api
|
||||||
::keystone::resource::service_identity { 'beaker-civ3::service_domain':
|
keystone::resource::service_identity { 'civ3::service_domain':
|
||||||
service_type => 'beakerv3',
|
service_type => 'civ3',
|
||||||
service_description => 'beakerv3 service',
|
service_description => 'civ3 service',
|
||||||
service_name => 'beakerv3',
|
service_name => 'civ3',
|
||||||
password => 'secret',
|
password => 'secret',
|
||||||
tenant => 'servicesv3::service_domain',
|
tenant => 'servicesv3::service_domain',
|
||||||
public_url => 'http://127.0.0.1:1234/v3',
|
public_url => 'http://127.0.0.1:1234/v3',
|
||||||
|
@ -82,32 +82,32 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
|
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
|
||||||
it 'should find beaker user' do
|
it 'should find ci user' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
|
||||||
expect(r.stdout).to match(/beaker/)
|
expect(r.stdout).to match(/ci/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should find services tenant' do
|
it 'should find services tenant' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
|
||||||
expect(r.stdout).to match(/services/)
|
expect(r.stdout).to match(/services/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should find beaker service' do
|
it 'should find ci service' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
|
||||||
expect(r.stdout).to match(/beaker/)
|
expect(r.stdout).to match(/ci/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should find admin role' do
|
it 'should find admin role' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
|
||||||
expect(r.stdout).to match(/admin/)
|
expect(r.stdout).to match(/admin/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should find beaker endpoints' do
|
it 'should find ci endpoints' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
|
||||||
expect(r.stdout).to match(/1234/)
|
expect(r.stdout).to match(/1234/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
|
@ -119,7 +119,7 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
|
||||||
end
|
end
|
||||||
describe "with v2 service with v3 credentials" do
|
describe "with v2 service with v3 credentials" do
|
||||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||||
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
|
'--os-username ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
|
||||||
end
|
end
|
||||||
describe 'with v3 admin with v3 credentials' do
|
describe 'with v3 admin with v3 credentials' do
|
||||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||||
|
@ -127,7 +127,7 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
|
||||||
end
|
end
|
||||||
describe "with v3 service with v3 credentials" do
|
describe "with v3 service with v3 credentials" do
|
||||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||||
'--os-username beaker-civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
|
'--os-username civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -12,10 +12,10 @@ describe 'keystone server running with Apache/WSGI with resources' do
|
||||||
include openstack_integration::mysql
|
include openstack_integration::mysql
|
||||||
include openstack_integration::keystone
|
include openstack_integration::keystone
|
||||||
|
|
||||||
::keystone::resource::service_identity { 'beaker-ci':
|
keystone::resource::service_identity { 'ci':
|
||||||
service_type => 'beaker',
|
service_type => 'ci',
|
||||||
service_description => 'beaker service',
|
service_description => 'ci service',
|
||||||
service_name => 'beaker',
|
service_name => 'ci',
|
||||||
password => 'secret',
|
password => 'secret',
|
||||||
public_url => 'http://127.0.0.1:1234',
|
public_url => 'http://127.0.0.1:1234',
|
||||||
admin_url => 'http://127.0.0.1:1234',
|
admin_url => 'http://127.0.0.1:1234',
|
||||||
|
@ -54,10 +54,10 @@ describe 'keystone server running with Apache/WSGI with resources' do
|
||||||
}
|
}
|
||||||
# service user exists only in the service_domain - must
|
# service user exists only in the service_domain - must
|
||||||
# use v3 api
|
# use v3 api
|
||||||
::keystone::resource::service_identity { 'beaker-civ3::service_domain':
|
keystone::resource::service_identity { 'civ3::service_domain':
|
||||||
service_type => 'beakerv3',
|
service_type => 'civ3',
|
||||||
service_description => 'beakerv3 service',
|
service_description => 'civ3 service',
|
||||||
service_name => 'beakerv3',
|
service_name => 'civ3',
|
||||||
password => 'secret',
|
password => 'secret',
|
||||||
tenant => 'servicesv3::service_domain',
|
tenant => 'servicesv3::service_domain',
|
||||||
public_url => 'http://127.0.0.1:1234/v3',
|
public_url => 'http://127.0.0.1:1234/v3',
|
||||||
|
@ -78,32 +78,32 @@ describe 'keystone server running with Apache/WSGI with resources' do
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
|
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
|
||||||
it 'should find beaker user' do
|
it 'should find ci user' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
|
||||||
expect(r.stdout).to match(/beaker/)
|
expect(r.stdout).to match(/ci/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should find services tenant' do
|
it 'should find services tenant' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
|
||||||
expect(r.stdout).to match(/services/)
|
expect(r.stdout).to match(/services/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should find beaker service' do
|
it 'should find ci service' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
|
||||||
expect(r.stdout).to match(/beaker/)
|
expect(r.stdout).to match(/ci/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should find admin role' do
|
it 'should find admin role' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
|
||||||
expect(r.stdout).to match(/admin/)
|
expect(r.stdout).to match(/admin/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'should find beaker endpoints' do
|
it 'should find ci endpoints' do
|
||||||
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
|
||||||
expect(r.stdout).to match(/1234/)
|
expect(r.stdout).to match(/1234/)
|
||||||
expect(r.stderr).to be_empty
|
expect(r.stderr).to be_empty
|
||||||
end
|
end
|
||||||
|
@ -115,7 +115,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
|
||||||
end
|
end
|
||||||
describe "with v2 service with v3 credentials" do
|
describe "with v2 service with v3 credentials" do
|
||||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||||
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
|
'--os-username ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
|
||||||
end
|
end
|
||||||
describe 'with v3 admin with v3 credentials' do
|
describe 'with v3 admin with v3 credentials' do
|
||||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||||
|
@ -125,7 +125,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
|
||||||
end
|
end
|
||||||
describe "with v3 service with v3 credentials" do
|
describe "with v3 service with v3 credentials" do
|
||||||
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
|
||||||
'--os-username beaker-civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
|
'--os-username civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -197,19 +197,21 @@ describe 'keystone server running with Apache/WSGI with resources' do
|
||||||
end
|
end
|
||||||
describe 'puppet service are created' do
|
describe 'puppet service are created' do
|
||||||
it 'for service' do
|
it 'for service' do
|
||||||
shell('puppet resource keystone_service') do |result|
|
command('puppet resource keystone_service') do |result|
|
||||||
expect(result.stdout)
|
expect(result.stdout)
|
||||||
.to include_regexp([/keystone_service { 'service_1::type_1':/,
|
.to match(/keystone_service { 'service_1::type_1':/)
|
||||||
/keystone_service { 'service_1::type_2':/])
|
expect(result.stdout)
|
||||||
|
.to match(/keystone_service { 'service_1::type_2':/)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
describe 'puppet endpoints are created' do
|
describe 'puppet endpoints are created' do
|
||||||
it 'for service' do
|
it 'for service' do
|
||||||
shell('puppet resource keystone_endpoint') do |result|
|
command('puppet resource keystone_endpoint') do |result|
|
||||||
expect(result.stdout)
|
expect(result.stdout)
|
||||||
.to include_regexp([/keystone_endpoint { 'RegionOne\/service_1::type_1':/,
|
.to match(/keystone_endpoint { 'RegionOne\/service_1::type_1':/)
|
||||||
/keystone_endpoint { 'RegionOne\/service_1::type_2':/])
|
expect(result.stdout)
|
||||||
|
.to match(/keystone_endpoint { 'RegionOne\/service_1::type_2':/)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -219,97 +221,114 @@ describe 'keystone server running with Apache/WSGI with resources' do
|
||||||
# make sure everything is clean before playing the manifest
|
# make sure everything is clean before playing the manifest
|
||||||
shared_examples 'clean_domain_configuration', :clean_domain_cfg => true do
|
shared_examples 'clean_domain_configuration', :clean_domain_cfg => true do
|
||||||
before(:context) do
|
before(:context) do
|
||||||
hosts.each do |host|
|
run_shell('rm -rf /etc/keystone/domains')
|
||||||
on host, 'rm -rf /etc/keystone/domains >/dev/null 2>&1'
|
run_shell('rm -rf /tmp/keystone.*.conf')
|
||||||
on host, 'rm -rf /tmp/keystone.*.conf >/dev/null 2>&1'
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'one domain configuration', :clean_domain_cfg => true do
|
context 'one domain configuration', :clean_domain_cfg => true do
|
||||||
context 'simple use case' do
|
context 'simple use case' do
|
||||||
it_behaves_like 'puppet_apply_success', <<-EOM
|
let(:pp) do
|
||||||
file { '/etc/keystone/domains': ensure => directory }
|
<<-EOM
|
||||||
keystone_domain_config { 'services::ldap/url':
|
file { '/etc/keystone/domains': ensure => directory }
|
||||||
value => 'http://auth.com/1',
|
keystone_domain_config { 'services::ldap/url':
|
||||||
}
|
value => 'http://auth.com/1',
|
||||||
EOM
|
}
|
||||||
|
EOM
|
||||||
|
end
|
||||||
|
|
||||||
context '/etc/keystone/domains/keystone.services.conf' do
|
it 'should apply and be idempotent' do
|
||||||
# the idiom
|
apply_manifest(pp, :catch_failures => true)
|
||||||
|
apply_manifest(pp, :catch_changes => true)
|
||||||
|
end
|
||||||
|
|
||||||
# note: cannot use neither instance variable nor let on
|
describe file('/etc/keystone/domains/keystone.services.conf') do
|
||||||
# parameter for shared_example
|
it { is_expected.to be_file }
|
||||||
it_behaves_like 'a_valid_configuration', <<-EOC
|
it { is_expected.to exist }
|
||||||
|
its(:content) { should match /\[ldap\]\nurl=http:\/\/auth.com\/1/ }
|
||||||
[ldap]
|
|
||||||
url=http://auth.com/1
|
|
||||||
EOC
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a non default identity/domain_config_dir' do
|
context 'with a non default identity/domain_config_dir' do
|
||||||
it_behaves_like 'puppet_apply_success', <<-EOM
|
let(:pp) do
|
||||||
keystone_config { 'identity/domain_config_dir': value => '/tmp' }
|
<<-EOM
|
||||||
keystone_domain_config { 'services::ldap/url':
|
keystone_config { 'identity/domain_config_dir': value => '/tmp' }
|
||||||
value => 'http://auth.com/1',
|
keystone_domain_config { 'services::ldap/url':
|
||||||
}
|
value => 'http://auth.com/1',
|
||||||
EOM
|
}
|
||||||
|
EOM
|
||||||
|
end
|
||||||
|
|
||||||
context '/tmp/keystone.services.conf' do
|
it 'should apply and be idempotent' do
|
||||||
it_behaves_like 'a_valid_configuration', <<-EOC
|
apply_manifest(pp, :catch_failures => true)
|
||||||
|
apply_manifest(pp, :catch_changes => true)
|
||||||
|
end
|
||||||
|
|
||||||
[ldap]
|
describe file('/tmp/keystone.services.conf') do
|
||||||
url=http://auth.com/1
|
it { is_expected.to be_file }
|
||||||
EOC
|
it { is_expected.to exist }
|
||||||
|
its(:content) { should match /\[ldap\]\nurl=http:\/\/auth.com\/1/ }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a multiple configurations', :clean_domain_cfg => true do
|
context 'with a multiple configurations', :clean_domain_cfg => true do
|
||||||
it_behaves_like 'puppet_apply_success', <<-EOM
|
let(:pp) do
|
||||||
file { '/etc/keystone/domains': ensure => directory }
|
<<-EOM
|
||||||
keystone_config { 'identity/domain_config_dir': value => '/etc/keystone/domains' }
|
file { '/etc/keystone/domains': ensure => directory }
|
||||||
keystone_domain_config { 'services::ldap/url':
|
keystone_config { 'identity/domain_config_dir': value => '/etc/keystone/domains' }
|
||||||
value => 'http://auth.com/1',
|
keystone_domain_config { 'services::ldap/url':
|
||||||
}
|
value => 'http://auth.com/1',
|
||||||
keystone_domain_config { 'services::http/url':
|
}
|
||||||
value => 'http://auth.com/2',
|
keystone_domain_config { 'services::http/url':
|
||||||
}
|
value => 'http://auth.com/2',
|
||||||
keystone_domain_config { 'external::ldap/url':
|
}
|
||||||
value => 'http://ext-auth.com/1',
|
keystone_domain_config { 'external::ldap/url':
|
||||||
}
|
value => 'http://ext-auth.com/1',
|
||||||
EOM
|
}
|
||||||
|
EOM
|
||||||
describe command('puppet resource keystone_domain_config') do
|
|
||||||
its(:exit_status) { is_expected.to eq(0) }
|
|
||||||
end
|
end
|
||||||
|
|
||||||
describe '/etc/keystone/domains/keystone.external.conf' do
|
it 'should apply and be idempotent' do
|
||||||
it_behaves_like 'a_valid_configuration', <<EOC
|
apply_manifest(pp, :catch_failures => true)
|
||||||
|
apply_manifest(pp, :catch_changes => true)
|
||||||
|
end
|
||||||
|
|
||||||
[ldap]
|
it 'should list puppet resources' do
|
||||||
url=http://ext-auth.com/1
|
command('puppet resource keystone_domain_config') do |r|
|
||||||
EOC
|
expect(r.exit_code).to eq 0
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe file('/etc/keystone/domains/keystone.external.conf') do
|
||||||
|
it { is_expected.to be_file }
|
||||||
|
it { is_expected.to exist }
|
||||||
|
its(:content) { should match /\[ldap\]\nurl=http:\/\/ext-auth.com\/1/ }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'checking that the purge is working' do
|
context 'checking that the purge is working' do
|
||||||
it_behaves_like 'puppet_apply_success', <<-EOM
|
let(:pp) do
|
||||||
resources { 'keystone_domain_config': purge => true }
|
<<-EOM
|
||||||
keystone_domain_config { 'services::ldap/url':
|
resources { 'keystone_domain_config': purge => true }
|
||||||
value => 'http://auth.com/1',
|
keystone_domain_config { 'services::ldap/url':
|
||||||
}
|
value => 'http://auth.com/1',
|
||||||
EOM
|
}
|
||||||
|
EOM
|
||||||
|
end
|
||||||
|
|
||||||
context '/etc/keystone/domains/keystone.services.conf' do
|
it 'should apply and be idempotent' do
|
||||||
it_behaves_like 'a_valid_configuration', <<-EOC
|
apply_manifest(pp, :catch_failures => true)
|
||||||
|
apply_manifest(pp, :catch_changes => true)
|
||||||
|
end
|
||||||
|
|
||||||
[ldap]
|
describe file('/etc/keystone/domains/keystone.services.conf') do
|
||||||
url=http://auth.com/1
|
it { is_expected.to be_file }
|
||||||
EOC
|
it { is_expected.to exist }
|
||||||
|
its(:content) { should match /\[ldap\]\nurl=http:\/\/auth.com\/1/ }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context '#ldap_backend', :clean_domain_cfg => true do
|
context '#ldap_backend', :clean_domain_cfg => true do
|
||||||
context 'manifest' do
|
context 'manifest' do
|
||||||
let(:pp) do
|
let(:pp) do
|
||||||
|
@ -342,37 +361,39 @@ EOC
|
||||||
|
|
||||||
# TODO: Sould we add a working ldap server ?
|
# TODO: Sould we add a working ldap server ?
|
||||||
end
|
end
|
||||||
context '/etc/keystone/domains/keystone.domain_1_ldap_backend.conf' do
|
|
||||||
it_behaves_like 'a_valid_configuration', <<-EOC
|
|
||||||
|
|
||||||
[ldap]
|
describe file('/etc/keystone/domains/keystone.domain_1_ldap_backend.conf') do
|
||||||
url=ldap://foo
|
it { is_expected.to be_file }
|
||||||
user=cn=foo,dc=example,dc=com
|
it { is_expected.to exist }
|
||||||
EOC
|
its(:content) { should match /\[ldap\]\nurl=ldap:\/\/foo\nuser=cn=foo,dc=example,dc=com/ }
|
||||||
end
|
end
|
||||||
|
|
||||||
context '/etc/keystone/domains/keystone.domain_2_ldap_backend.conf' do
|
describe file('/etc/keystone/domains/keystone.domain_2_ldap_backend.conf') do
|
||||||
it_behaves_like 'a_valid_configuration', <<-EOC
|
it { is_expected.to be_file }
|
||||||
|
it { is_expected.to exist }
|
||||||
[ldap]
|
its(:content) { should match /\[ldap\]\nurl=ldap:\/\/bar\nuser=cn=bar,dc=test,dc=com/ }
|
||||||
url=ldap://bar
|
|
||||||
user=cn=bar,dc=test,dc=com
|
|
||||||
EOC
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
context 'clean up', :clean_domain_cfg => true do
|
context 'clean up', :clean_domain_cfg => true do
|
||||||
# we must revert the changes as ldap backend is not fully
|
# we must revert the changes as ldap backend is not fully
|
||||||
# functional and are "domain read only". All subsequent tests
|
# functional and are "domain read only". All subsequent tests
|
||||||
# will fail without this.
|
# will fail without this.
|
||||||
it_behaves_like 'puppet_apply_success', <<-EOM
|
let(:pp) do
|
||||||
keystone_config {
|
<<-EOM
|
||||||
'identity/driver': value => 'sql';
|
keystone_config {
|
||||||
'credential/driver': ensure => absent;
|
'identity/driver': value => 'sql';
|
||||||
'assignment/driver': ensure => absent;
|
'credential/driver': ensure => absent;
|
||||||
'identity/domain_specific_drivers_enabled': ensure => absent;
|
'assignment/driver': ensure => absent;
|
||||||
'identity/domain_config_dir': ensure => absent;
|
'identity/domain_specific_drivers_enabled': ensure => absent;
|
||||||
}
|
'identity/domain_config_dir': ensure => absent;
|
||||||
EOM
|
}
|
||||||
|
EOM
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should apply and be idempotent' do
|
||||||
|
apply_manifest(pp, :catch_failures => true)
|
||||||
|
apply_manifest(pp, :catch_changes => true)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
HOSTS:
|
|
||||||
centos-server-70-x64:
|
|
||||||
roles:
|
|
||||||
- master
|
|
||||||
platform: el-7-x86_64
|
|
||||||
box: puppetlabs/centos-7.0-64-nocm
|
|
||||||
box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm
|
|
||||||
hypervisor: vagrant
|
|
||||||
CONFIG:
|
|
||||||
log_level: debug
|
|
||||||
type: foss
|
|
|
@ -1,10 +0,0 @@
|
||||||
HOSTS:
|
|
||||||
ubuntu-server-14.04-amd64:
|
|
||||||
roles:
|
|
||||||
- master
|
|
||||||
platform: ubuntu-14.04-amd64
|
|
||||||
box: puppetlabs/ubuntu-14.04-64-nocm
|
|
||||||
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
|
|
||||||
hypervisor: vagrant
|
|
||||||
CONFIG:
|
|
||||||
type: foss
|
|
|
@ -1,10 +0,0 @@
|
||||||
HOSTS:
|
|
||||||
ubuntu-18.04-amd64:
|
|
||||||
roles:
|
|
||||||
- master
|
|
||||||
platform: ubuntu-18.04-amd64
|
|
||||||
hypervisor: none
|
|
||||||
ip: 127.0.0.1
|
|
||||||
CONFIG:
|
|
||||||
type: foss
|
|
||||||
set_env: false
|
|
|
@ -1,10 +0,0 @@
|
||||||
HOSTS:
|
|
||||||
centos-70-x64:
|
|
||||||
roles:
|
|
||||||
- master
|
|
||||||
platform: el-7-x86_64
|
|
||||||
hypervisor: none
|
|
||||||
ip: 127.0.0.1
|
|
||||||
CONFIG:
|
|
||||||
type: foss
|
|
||||||
set_env: false
|
|
|
@ -1,10 +0,0 @@
|
||||||
HOSTS:
|
|
||||||
centos-80-x64:
|
|
||||||
roles:
|
|
||||||
- master
|
|
||||||
platform: el-8-x86_64
|
|
||||||
hypervisor: none
|
|
||||||
ip: 127.0.0.1
|
|
||||||
CONFIG:
|
|
||||||
type: foss
|
|
||||||
set_env: false
|
|
|
@ -1,10 +0,0 @@
|
||||||
HOSTS:
|
|
||||||
ubuntu-14.04-amd64:
|
|
||||||
roles:
|
|
||||||
- master
|
|
||||||
platform: ubuntu-14.04-amd64
|
|
||||||
hypervisor: none
|
|
||||||
ip: 127.0.0.1
|
|
||||||
CONFIG:
|
|
||||||
type: foss
|
|
||||||
set_env: false
|
|
|
@ -1,10 +0,0 @@
|
||||||
HOSTS:
|
|
||||||
ubuntu-16.04-amd64:
|
|
||||||
roles:
|
|
||||||
- master
|
|
||||||
platform: ubuntu-16.04-amd64
|
|
||||||
hypervisor: none
|
|
||||||
ip: 127.0.0.1
|
|
||||||
CONFIG:
|
|
||||||
type: foss
|
|
||||||
set_env: false
|
|
|
@ -1,11 +0,0 @@
|
||||||
HOSTS:
|
|
||||||
ubuntu-server-14.04-amd64:
|
|
||||||
roles:
|
|
||||||
- master
|
|
||||||
platform: ubuntu-14.04-amd64
|
|
||||||
box: puppetlabs/ubuntu-14.04-64-nocm
|
|
||||||
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
|
|
||||||
hypervisor: vagrant
|
|
||||||
CONFIG:
|
|
||||||
log_level: debug
|
|
||||||
type: foss
|
|
|
@ -1,34 +0,0 @@
|
||||||
# Test a normal puppet run with idempotency.
|
|
||||||
shared_examples_for 'puppet_apply_success' do |manifest|
|
|
||||||
it 'should apply the manifest without error' do
|
|
||||||
apply_manifest(manifest, :catch_failures => true)
|
|
||||||
end
|
|
||||||
it 'should be idempotent' do
|
|
||||||
apply_manifest(manifest, :catch_changes => true)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Check that a file exists and its content match the one given as
|
|
||||||
# argument. The argument can be a multiline string or an array of
|
|
||||||
# regexp.
|
|
||||||
#
|
|
||||||
# To use it encapsulate it in a context whose name is the file to
|
|
||||||
# test.
|
|
||||||
shared_examples 'a_valid_configuration' do |config_content|
|
|
||||||
let(:configuration_file) do |example|
|
|
||||||
# see the idiom it leads to later in this file
|
|
||||||
example.metadata[:example_group][:parent_example_group][:description]
|
|
||||||
end
|
|
||||||
subject { file(configuration_file) }
|
|
||||||
it { is_expected.to be_file }
|
|
||||||
it { is_expected.to exist }
|
|
||||||
content = nil
|
|
||||||
if config_content.is_a?(Array)
|
|
||||||
content = config_content
|
|
||||||
else
|
|
||||||
content = config_content.split("\n").map { |l| Regexp.quote(l) }
|
|
||||||
end
|
|
||||||
it 'content should be valid' do
|
|
||||||
expect(subject.content).to include_regexp(content)
|
|
||||||
end
|
|
||||||
end
|
|
|
@ -1 +1 @@
|
||||||
require 'puppet-openstack_spec_helper/beaker_spec_helper'
|
require 'puppet-openstack_spec_helper/litmus_spec_helper'
|
||||||
|
|
Loading…
Reference in New Issue