openstack
/
puppet-keystone
Code Issues Proposed changes

Add Puppet Litmus 

With fixes.

Depends-On: https://review.opendev.org/#/c/751890/
Change-Id: Iab69bf0ff66740126ec09688813e52973159c222
This commit is contained in:
Tobias Urdin 2020-08-31 21:33:22 +02:00
parent e2ceb9db06
commit 09d05f617a
16 changed files with 183 additions and 290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.zuul.yaml
View File

@ -3,7 +3,7 @@
- puppet-openstack-check-jobs - puppet-openstack-check-jobs
- puppet-openstack-module-unit-jobs - puppet-openstack-module-unit-jobs
- puppet-openstack-integration-jobs-all - puppet-openstack-integration-jobs-all
- puppet-openstack-beaker-jobs - puppet-openstack-litmus-jobs
- release-notes-jobs-python3 - release-notes-jobs-python3
check: check:
jobs: jobs:

21
README.md
View File

@ -15,11 +15,10 @@ keystone
3. [Setup - The basics of getting started with keystone](#setup) 3. [Setup - The basics of getting started with keystone](#setup)
4. [Implementation - An under-the-hood peek at what the module is doing](#implementation) 4. [Implementation - An under-the-hood peek at what the module is doing](#implementation)
5. [Limitations - OS compatibility, etc.](#limitations) 5. [Limitations - OS compatibility, etc.](#limitations)
6. [Beaker-Rspec - Beaker-rspec tests for the project](#beaker-rspec) 6. [Development - Guide for contributing to the module](#development)
7. [Development - Guide for contributing to the module](#development) 7. [Contributors - Those with commits](#contributors)
8. [Contributors - Those with commits](#contributors) 8. [Release Notes - Release notes for the project](#release-notes)
9. [Release Notes - Release notes for the project](#release-notes) 9. [Repository - The project source code repository](#repository)
10. [Repository - The project source code repository](#repository)
Overview Overview
-------- --------
@ -294,18 +293,6 @@ Limitations
* If you've setup OpenStack using previous versions of this module you need to be aware that it used UUID as the default for the token_format parameter but now defaults to PKI. If you're using this module to manage a Grizzly OpenStack deployment that was set up using a development release of the modules or are attempting an upgrade from Folsom then you'll need to make sure you set the token_format to UUID at classification time. * If you've setup OpenStack using previous versions of this module you need to be aware that it used UUID as the default for the token_format parameter but now defaults to PKI. If you're using this module to manage a Grizzly OpenStack deployment that was set up using a development release of the modules or are attempting an upgrade from Folsom then you'll need to make sure you set the token_format to UUID at classification time.
Beaker-Rspec
------------
This module has beaker-rspec tests
To run:
```shell
bundle install
bundle exec rspec spec/acceptance
```
Development Development
----------- -----------

11
spec/acceptance/default_domain_spec.rb
View File

@ -62,22 +62,23 @@ describe 'basic keystone server with changed domain id' do
it 'should work with no errors and catch deprecation warning' do it 'should work with no errors and catch deprecation warning' do
apply_manifest(pp, :catch_failures => true) do |result| apply_manifest(pp, :catch_failures => true) do |result|
expect(result.stderr) expect(result.stderr)
.to include_regexp([/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/]) .to match(/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/)
end end
end end
it 'should be idempotent' do it 'should be idempotent' do
apply_manifest(pp, :catch_changes => true) do |result| apply_manifest(pp, :catch_changes => true) do |result|
expect(result.stderr) expect(result.stderr)
.to include_regexp([/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/]) .to match(/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/)
end end
end end
end end
describe 'puppet resources are successful created' do describe 'puppet resources are successful created' do
it 'for tenant' do it 'for tenant' do
shell('puppet resource keystone_tenant') do |result| command('puppet resource keystone_tenant') do |result|
expect(result.stdout) expect(result.stdout)
.to include_regexp([/keystone_tenant { 'project_in_my_default_domain':/, .to match(/keystone_tenant { 'project_in_my_default_domain':/)
/keystone_tenant { 'project_in_my_default_domain::other_domain':/]) expect(result.stdout)
.to match(/keystone_tenant { 'project_in_my_default_domain::other_domain':/)
end end
end end
end end

40
spec/acceptance/keystone_federation_identity_provider_spec.rb
View File

@ -12,10 +12,10 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
include openstack_integration::mysql include openstack_integration::mysql
include openstack_integration::keystone include openstack_integration::keystone
::keystone::resource::service_identity { 'beaker-ci': keystone::resource::service_identity { 'ci':
service_type => 'beaker', service_type => 'ci',
service_description => 'beaker service', service_description => 'ci service',
service_name => 'beaker', service_name => 'ci service',
password => 'secret', password => 'secret',
public_url => 'http://127.0.0.1:1234', public_url => 'http://127.0.0.1:1234',
admin_url => 'http://127.0.0.1:1234', admin_url => 'http://127.0.0.1:1234',
@ -54,10 +54,10 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
} }
# service user exists only in the service_domain - must # service user exists only in the service_domain - must
# use v3 api # use v3 api
::keystone::resource::service_identity { 'beaker-civ3::service_domain': keystone::resource::service_identity { 'civ3::service_domain':
service_type => 'beakerv3', service_type => 'civ3',
service_description => 'beakerv3 service', service_description => 'civ3 service',
service_name => 'beakerv3', service_name => 'civ3',
password => 'secret', password => 'secret',
tenant => 'servicesv3::service_domain', tenant => 'servicesv3::service_domain',
public_url => 'http://127.0.0.1:1234/v3', public_url => 'http://127.0.0.1:1234/v3',
@ -84,32 +84,32 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
end end
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds| shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
it 'should find beaker user' do it 'should find ci user' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
expect(r.stdout).to match(/beaker/) expect(r.stdout).to match(/ci/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
end end
it 'should find services tenant' do it 'should find services tenant' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
expect(r.stdout).to match(/services/) expect(r.stdout).to match(/services/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
end end
it 'should find beaker service' do it 'should find ci service' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
expect(r.stdout).to match(/beaker/) expect(r.stdout).to match(/ci/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
end end
it 'should find admin role' do it 'should find admin role' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
expect(r.stdout).to match(/admin/) expect(r.stdout).to match(/admin/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
end end
it 'should find beaker endpoints' do it 'should find ci endpoints' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
expect(r.stdout).to match(/1234/) expect(r.stdout).to match(/1234/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
@ -121,7 +121,7 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
end end
describe "with v2 service with v3 credentials" do describe "with v2 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default' '--os-username ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
end end
describe 'with v3 admin with v3 credentials' do describe 'with v3 admin with v3 credentials' do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
@ -129,7 +129,7 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
end end
describe "with v3 service with v3 credentials" do describe "with v3 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain' '--os-username civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
end end
end end

40
spec/acceptance/keystone_federation_shibboleth_spec.rb
View File

@ -12,10 +12,10 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
include openstack_integration::mysql include openstack_integration::mysql
include openstack_integration::keystone include openstack_integration::keystone
::keystone::resource::service_identity { 'beaker-ci': keystone::resource::service_identity { 'ci':
service_type => 'beaker', service_type => 'ci',
service_description => 'beaker service', service_description => 'ci service',
service_name => 'beaker', service_name => 'ci',
password => 'secret', password => 'secret',
public_url => 'http://127.0.0.1:1234', public_url => 'http://127.0.0.1:1234',
admin_url => 'http://127.0.0.1:1234', admin_url => 'http://127.0.0.1:1234',
@ -54,10 +54,10 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
} }
# service user exists only in the service_domain - must # service user exists only in the service_domain - must
# use v3 api # use v3 api
::keystone::resource::service_identity { 'beaker-civ3::service_domain': keystone::resource::service_identity { 'civ3::service_domain':
service_type => 'beakerv3', service_type => 'civ3',
service_description => 'beakerv3 service', service_description => 'civ3 service',
service_name => 'beakerv3', service_name => 'civ3',
password => 'secret', password => 'secret',
tenant => 'servicesv3::service_domain', tenant => 'servicesv3::service_domain',
public_url => 'http://127.0.0.1:1234/v3', public_url => 'http://127.0.0.1:1234/v3',
@ -82,32 +82,32 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
end end
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds| shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
it 'should find beaker user' do it 'should find ci user' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
expect(r.stdout).to match(/beaker/) expect(r.stdout).to match(/ci/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
end end
it 'should find services tenant' do it 'should find services tenant' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
expect(r.stdout).to match(/services/) expect(r.stdout).to match(/services/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
end end
it 'should find beaker service' do it 'should find ci service' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
expect(r.stdout).to match(/beaker/) expect(r.stdout).to match(/ci/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
end end
it 'should find admin role' do it 'should find admin role' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
expect(r.stdout).to match(/admin/) expect(r.stdout).to match(/admin/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
end end
it 'should find beaker endpoints' do it 'should find ci endpoints' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
expect(r.stdout).to match(/1234/) expect(r.stdout).to match(/1234/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
@ -119,7 +119,7 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
end end
describe "with v2 service with v3 credentials" do describe "with v2 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default' '--os-username ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
end end
describe 'with v3 admin with v3 credentials' do describe 'with v3 admin with v3 credentials' do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
@ -127,7 +127,7 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
end end
describe "with v3 service with v3 credentials" do describe "with v3 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain' '--os-username civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
end end
end end

241
spec/acceptance/keystone_wsgi_apache_spec.rb
View File

@ -12,10 +12,10 @@ describe 'keystone server running with Apache/WSGI with resources' do
include openstack_integration::mysql include openstack_integration::mysql
include openstack_integration::keystone include openstack_integration::keystone
::keystone::resource::service_identity { 'beaker-ci': keystone::resource::service_identity { 'ci':
service_type => 'beaker', service_type => 'ci',
service_description => 'beaker service', service_description => 'ci service',
service_name => 'beaker', service_name => 'ci',
password => 'secret', password => 'secret',
public_url => 'http://127.0.0.1:1234', public_url => 'http://127.0.0.1:1234',
admin_url => 'http://127.0.0.1:1234', admin_url => 'http://127.0.0.1:1234',
@ -54,10 +54,10 @@ describe 'keystone server running with Apache/WSGI with resources' do
} }
# service user exists only in the service_domain - must # service user exists only in the service_domain - must
# use v3 api # use v3 api
::keystone::resource::service_identity { 'beaker-civ3::service_domain': keystone::resource::service_identity { 'civ3::service_domain':
service_type => 'beakerv3', service_type => 'civ3',
service_description => 'beakerv3 service', service_description => 'civ3 service',
service_name => 'beakerv3', service_name => 'civ3',
password => 'secret', password => 'secret',
tenant => 'servicesv3::service_domain', tenant => 'servicesv3::service_domain',
public_url => 'http://127.0.0.1:1234/v3', public_url => 'http://127.0.0.1:1234/v3',
@ -78,32 +78,32 @@ describe 'keystone server running with Apache/WSGI with resources' do
end end
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds| shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
it 'should find beaker user' do it 'should find ci user' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
expect(r.stdout).to match(/beaker/) expect(r.stdout).to match(/ci/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
end end
it 'should find services tenant' do it 'should find services tenant' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
expect(r.stdout).to match(/services/) expect(r.stdout).to match(/services/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
end end
it 'should find beaker service' do it 'should find ci service' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
expect(r.stdout).to match(/beaker/) expect(r.stdout).to match(/ci/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
end end
it 'should find admin role' do it 'should find admin role' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
expect(r.stdout).to match(/admin/) expect(r.stdout).to match(/admin/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
end end
it 'should find beaker endpoints' do it 'should find ci endpoints' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r| command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
expect(r.stdout).to match(/1234/) expect(r.stdout).to match(/1234/)
expect(r.stderr).to be_empty expect(r.stderr).to be_empty
end end
@ -115,7 +115,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
end end
describe "with v2 service with v3 credentials" do describe "with v2 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default' '--os-username ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
end end
describe 'with v3 admin with v3 credentials' do describe 'with v3 admin with v3 credentials' do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
@ -125,7 +125,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
end end
describe "with v3 service with v3 credentials" do describe "with v3 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain' '--os-username civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
end end
end end
@ -197,19 +197,21 @@ describe 'keystone server running with Apache/WSGI with resources' do
end end
describe 'puppet service are created' do describe 'puppet service are created' do
it 'for service' do it 'for service' do
shell('puppet resource keystone_service') do |result| command('puppet resource keystone_service') do |result|
expect(result.stdout) expect(result.stdout)
.to include_regexp([/keystone_service { 'service_1::type_1':/, .to match(/keystone_service { 'service_1::type_1':/)
/keystone_service { 'service_1::type_2':/]) expect(result.stdout)
.to match(/keystone_service { 'service_1::type_2':/)
end end
end end
end end
describe 'puppet endpoints are created' do describe 'puppet endpoints are created' do
it 'for service' do it 'for service' do
shell('puppet resource keystone_endpoint') do |result| command('puppet resource keystone_endpoint') do |result|
expect(result.stdout) expect(result.stdout)
.to include_regexp([/keystone_endpoint { 'RegionOne\/service_1::type_1':/, .to match(/keystone_endpoint { 'RegionOne\/service_1::type_1':/)
/keystone_endpoint { 'RegionOne\/service_1::type_2':/]) expect(result.stdout)
.to match(/keystone_endpoint { 'RegionOne\/service_1::type_2':/)
end end
end end
end end
@ -219,97 +221,114 @@ describe 'keystone server running with Apache/WSGI with resources' do
# make sure everything is clean before playing the manifest # make sure everything is clean before playing the manifest
shared_examples 'clean_domain_configuration', :clean_domain_cfg => true do shared_examples 'clean_domain_configuration', :clean_domain_cfg => true do
before(:context) do before(:context) do
hosts.each do |host| run_shell('rm -rf /etc/keystone/domains')
on host, 'rm -rf /etc/keystone/domains >/dev/null 2>&1' run_shell('rm -rf /tmp/keystone.*.conf')
on host, 'rm -rf /tmp/keystone.*.conf >/dev/null 2>&1'
end
end end
end end
context 'one domain configuration', :clean_domain_cfg => true do context 'one domain configuration', :clean_domain_cfg => true do
context 'simple use case' do context 'simple use case' do
it_behaves_like 'puppet_apply_success', <<-EOM let(:pp) do
file { '/etc/keystone/domains': ensure => directory } <<-EOM
keystone_domain_config { 'services::ldap/url': file { '/etc/keystone/domains': ensure => directory }
value => 'http://auth.com/1', keystone_domain_config { 'services::ldap/url':
} value => 'http://auth.com/1',
EOM }
EOM
end
context '/etc/keystone/domains/keystone.services.conf' do it 'should apply and be idempotent' do
# the idiom apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
# note: cannot use neither instance variable nor let on describe file('/etc/keystone/domains/keystone.services.conf') do
# parameter for shared_example it { is_expected.to be_file }
it_behaves_like 'a_valid_configuration', <<-EOC it { is_expected.to exist }
its(:content) { should match /\[ldap\]\nurl=http:\/\/auth.com\/1/ }
[ldap]
url=http://auth.com/1
EOC
end end
end end
context 'with a non default identity/domain_config_dir' do context 'with a non default identity/domain_config_dir' do
it_behaves_like 'puppet_apply_success', <<-EOM let(:pp) do
keystone_config { 'identity/domain_config_dir': value => '/tmp' } <<-EOM
keystone_domain_config { 'services::ldap/url': keystone_config { 'identity/domain_config_dir': value => '/tmp' }
value => 'http://auth.com/1', keystone_domain_config { 'services::ldap/url':
} value => 'http://auth.com/1',
EOM }
EOM
end
context '/tmp/keystone.services.conf' do it 'should apply and be idempotent' do
it_behaves_like 'a_valid_configuration', <<-EOC apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
[ldap] describe file('/tmp/keystone.services.conf') do
url=http://auth.com/1 it { is_expected.to be_file }
EOC it { is_expected.to exist }
its(:content) { should match /\[ldap\]\nurl=http:\/\/auth.com\/1/ }
end end
end end
end end
context 'with a multiple configurations', :clean_domain_cfg => true do context 'with a multiple configurations', :clean_domain_cfg => true do
it_behaves_like 'puppet_apply_success', <<-EOM let(:pp) do
file { '/etc/keystone/domains': ensure => directory } <<-EOM
keystone_config { 'identity/domain_config_dir': value => '/etc/keystone/domains' } file { '/etc/keystone/domains': ensure => directory }
keystone_domain_config { 'services::ldap/url': keystone_config { 'identity/domain_config_dir': value => '/etc/keystone/domains' }
value => 'http://auth.com/1', keystone_domain_config { 'services::ldap/url':
} value => 'http://auth.com/1',
keystone_domain_config { 'services::http/url': }
value => 'http://auth.com/2', keystone_domain_config { 'services::http/url':
} value => 'http://auth.com/2',
keystone_domain_config { 'external::ldap/url': }
value => 'http://ext-auth.com/1', keystone_domain_config { 'external::ldap/url':
} value => 'http://ext-auth.com/1',
EOM }
EOM
describe command('puppet resource keystone_domain_config') do
its(:exit_status) { is_expected.to eq(0) }
end end
describe '/etc/keystone/domains/keystone.external.conf' do it 'should apply and be idempotent' do
it_behaves_like 'a_valid_configuration', <<EOC apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
[ldap] it 'should list puppet resources' do
url=http://ext-auth.com/1 command('puppet resource keystone_domain_config') do |r|
EOC expect(r.exit_code).to eq 0
end
end
describe file('/etc/keystone/domains/keystone.external.conf') do
it { is_expected.to be_file }
it { is_expected.to exist }
its(:content) { should match /\[ldap\]\nurl=http:\/\/ext-auth.com\/1/ }
end end
end end
context 'checking that the purge is working' do context 'checking that the purge is working' do
it_behaves_like 'puppet_apply_success', <<-EOM let(:pp) do
resources { 'keystone_domain_config': purge => true } <<-EOM
keystone_domain_config { 'services::ldap/url': resources { 'keystone_domain_config': purge => true }
value => 'http://auth.com/1', keystone_domain_config { 'services::ldap/url':
} value => 'http://auth.com/1',
EOM }
EOM
end
context '/etc/keystone/domains/keystone.services.conf' do it 'should apply and be idempotent' do
it_behaves_like 'a_valid_configuration', <<-EOC apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
[ldap] describe file('/etc/keystone/domains/keystone.services.conf') do
url=http://auth.com/1 it { is_expected.to be_file }
EOC it { is_expected.to exist }
its(:content) { should match /\[ldap\]\nurl=http:\/\/auth.com\/1/ }
end end
end end
context '#ldap_backend', :clean_domain_cfg => true do context '#ldap_backend', :clean_domain_cfg => true do
context 'manifest' do context 'manifest' do
let(:pp) do let(:pp) do
@ -342,37 +361,39 @@ EOC
# TODO: Sould we add a working ldap server ? # TODO: Sould we add a working ldap server ?
end end
context '/etc/keystone/domains/keystone.domain_1_ldap_backend.conf' do
it_behaves_like 'a_valid_configuration', <<-EOC
[ldap] describe file('/etc/keystone/domains/keystone.domain_1_ldap_backend.conf') do
url=ldap://foo it { is_expected.to be_file }
user=cn=foo,dc=example,dc=com it { is_expected.to exist }
EOC its(:content) { should match /\[ldap\]\nurl=ldap:\/\/foo\nuser=cn=foo,dc=example,dc=com/ }
end end
context '/etc/keystone/domains/keystone.domain_2_ldap_backend.conf' do describe file('/etc/keystone/domains/keystone.domain_2_ldap_backend.conf') do
it_behaves_like 'a_valid_configuration', <<-EOC it { is_expected.to be_file }
it { is_expected.to exist }
[ldap] its(:content) { should match /\[ldap\]\nurl=ldap:\/\/bar\nuser=cn=bar,dc=test,dc=com/ }
url=ldap://bar
user=cn=bar,dc=test,dc=com
EOC
end end
end end
context 'clean up', :clean_domain_cfg => true do context 'clean up', :clean_domain_cfg => true do
# we must revert the changes as ldap backend is not fully # we must revert the changes as ldap backend is not fully
# functional and are "domain read only". All subsequent tests # functional and are "domain read only". All subsequent tests
# will fail without this. # will fail without this.
it_behaves_like 'puppet_apply_success', <<-EOM let(:pp) do
keystone_config { <<-EOM
'identity/driver': value => 'sql'; keystone_config {
'credential/driver': ensure => absent; 'identity/driver': value => 'sql';
'assignment/driver': ensure => absent; 'credential/driver': ensure => absent;
'identity/domain_specific_drivers_enabled': ensure => absent; 'assignment/driver': ensure => absent;
'identity/domain_config_dir': ensure => absent; 'identity/domain_specific_drivers_enabled': ensure => absent;
} 'identity/domain_config_dir': ensure => absent;
EOM }
EOM
end
it 'should apply and be idempotent' do
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
end end
end end
end end

11
spec/acceptance/nodesets/centos-70-x64.yml
View File

@ -1,11 +0,0 @@
HOSTS:
centos-server-70-x64:
roles:
- master
platform: el-7-x86_64
box: puppetlabs/centos-7.0-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: foss

10
spec/acceptance/nodesets/default.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-server-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
box: puppetlabs/ubuntu-14.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor: vagrant
CONFIG:
type: foss

10
spec/acceptance/nodesets/nodepool-bionic.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-18.04-amd64:
roles:
- master
platform: ubuntu-18.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-centos7.yml
View File

@ -1,10 +0,0 @@
HOSTS:
centos-70-x64:
roles:
- master
platform: el-7-x86_64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-centos8.yml
View File

@ -1,10 +0,0 @@
HOSTS:
centos-80-x64:
roles:
- master
platform: el-8-x86_64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-trusty.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-xenial.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-16.04-amd64:
roles:
- master
platform: ubuntu-16.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

11
spec/acceptance/nodesets/ubuntu-server-1404-x64.yml
View File

@ -1,11 +0,0 @@
HOSTS:
ubuntu-server-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
box: puppetlabs/ubuntu-14.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: foss

34
spec/shared_examples_acceptance.rb
View File

@ -1,34 +0,0 @@
# Test a normal puppet run with idempotency.
shared_examples_for 'puppet_apply_success' do |manifest|
it 'should apply the manifest without error' do
apply_manifest(manifest, :catch_failures => true)
end
it 'should be idempotent' do
apply_manifest(manifest, :catch_changes => true)
end
end
# Check that a file exists and its content match the one given as
# argument. The argument can be a multiline string or an array of
# regexp.
#
# To use it encapsulate it in a context whose name is the file to
# test.
shared_examples 'a_valid_configuration' do |config_content|
let(:configuration_file) do |example|
# see the idiom it leads to later in this file
example.metadata[:example_group][:parent_example_group][:description]
end
subject { file(configuration_file) }
it { is_expected.to be_file }
it { is_expected.to exist }
content = nil
if config_content.is_a?(Array)
content = config_content
else
content = config_content.split("\n").map { |l| Regexp.quote(l) }
end
it 'content should be valid' do
expect(subject.content).to include_regexp(content)
end
end

2
spec/spec_helper_acceptance.rb
View File

@ -1 +1 @@
require 'puppet-openstack_spec_helper/beaker_spec_helper' require 'puppet-openstack_spec_helper/litmus_spec_helper'