openstack
/
puppet-keystone
Code Issues Proposed changes

Merge "Add Puppet Litmus"

This commit is contained in:
Zuul 2020-09-21 16:56:46 +00:00 committed by Gerrit Code Review
parent 81837a3c92 09d05f617a
commit 46f250ce57
16 changed files with 183 additions and 290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.zuul.yaml
View File

@ -3,7 +3,7 @@
- puppet-openstack-check-jobs
- puppet-openstack-module-unit-jobs
- puppet-openstack-integration-jobs-all
- puppet-openstack-beaker-jobs
- puppet-openstack-litmus-jobs
- release-notes-jobs-python3
check:
jobs:

21
README.md
View File

@ -15,11 +15,10 @@ keystone
3. [Setup - The basics of getting started with keystone](#setup)
4. [Implementation - An under-the-hood peek at what the module is doing](#implementation)
5. [Limitations - OS compatibility, etc.](#limitations)
6. [Beaker-Rspec - Beaker-rspec tests for the project](#beaker-rspec)
7. [Development - Guide for contributing to the module](#development)
8. [Contributors - Those with commits](#contributors)
9. [Release Notes - Release notes for the project](#release-notes)
10. [Repository - The project source code repository](#repository)
6. [Development - Guide for contributing to the module](#development)
7. [Contributors - Those with commits](#contributors)
8. [Release Notes - Release notes for the project](#release-notes)
9. [Repository - The project source code repository](#repository)
Overview
--------
@ -294,18 +293,6 @@ Limitations
* If you've setup OpenStack using previous versions of this module you need to be aware that it used UUID as the default for the token_format parameter but now defaults to PKI. If you're using this module to manage a Grizzly OpenStack deployment that was set up using a development release of the modules or are attempting an upgrade from Folsom then you'll need to make sure you set the token_format to UUID at classification time.
Beaker-Rspec
------------
This module has beaker-rspec tests
To run:
```shell
bundle install
bundle exec rspec spec/acceptance
```
Development
-----------

11
spec/acceptance/default_domain_spec.rb
View File

@ -62,22 +62,23 @@ describe 'basic keystone server with changed domain id' do
it 'should work with no errors and catch deprecation warning' do
apply_manifest(pp, :catch_failures => true) do |result|
expect(result.stderr)
.to include_regexp([/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/])
.to match(/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/)
end
end
it 'should be idempotent' do
apply_manifest(pp, :catch_changes => true) do |result|
expect(result.stderr)
.to include_regexp([/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/])
.to match(/Puppet::Type::Keystone_tenant::ProviderOpenstack: Support for a resource without the domain.*using 'Default'.*default domain id is '/)
end
end
end
describe 'puppet resources are successful created' do
it 'for tenant' do
shell('puppet resource keystone_tenant') do |result|
command('puppet resource keystone_tenant') do |result|
expect(result.stdout)
.to include_regexp([/keystone_tenant { 'project_in_my_default_domain':/,
/keystone_tenant { 'project_in_my_default_domain::other_domain':/])
.to match(/keystone_tenant { 'project_in_my_default_domain':/)
expect(result.stdout)
.to match(/keystone_tenant { 'project_in_my_default_domain::other_domain':/)
end
end
end

40
spec/acceptance/keystone_federation_identity_provider_spec.rb
View File

@ -12,10 +12,10 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
include openstack_integration::mysql
include openstack_integration::keystone
::keystone::resource::service_identity { 'beaker-ci':
service_type => 'beaker',
service_description => 'beaker service',
service_name => 'beaker',
keystone::resource::service_identity { 'ci':
service_type => 'ci',
service_description => 'ci service',
service_name => 'ci service',
password => 'secret',
public_url => 'http://127.0.0.1:1234',
admin_url => 'http://127.0.0.1:1234',
@ -54,10 +54,10 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
}
# service user exists only in the service_domain - must
# use v3 api
::keystone::resource::service_identity { 'beaker-civ3::service_domain':
service_type => 'beakerv3',
service_description => 'beakerv3 service',
service_name => 'beakerv3',
keystone::resource::service_identity { 'civ3::service_domain':
service_type => 'civ3',
service_description => 'civ3 service',
service_name => 'civ3',
password => 'secret',
tenant => 'servicesv3::service_domain',
public_url => 'http://127.0.0.1:1234/v3',
@ -84,32 +84,32 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
end
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
it 'should find beaker user' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
expect(r.stdout).to match(/beaker/)
it 'should find ci user' do
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
expect(r.stdout).to match(/ci/)
expect(r.stderr).to be_empty
end
end
it 'should find services tenant' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
expect(r.stdout).to match(/services/)
expect(r.stderr).to be_empty
end
end
it 'should find beaker service' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
expect(r.stdout).to match(/beaker/)
it 'should find ci service' do
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
expect(r.stdout).to match(/ci/)
expect(r.stderr).to be_empty
end
end
it 'should find admin role' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
expect(r.stdout).to match(/admin/)
expect(r.stderr).to be_empty
end
end
it 'should find beaker endpoints' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
it 'should find ci endpoints' do
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
expect(r.stdout).to match(/1234/)
expect(r.stderr).to be_empty
end
@ -121,7 +121,7 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
end
describe "with v2 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
'--os-username ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
end
describe 'with v3 admin with v3 credentials' do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
@ -129,7 +129,7 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
end
describe "with v3 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
'--os-username civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
end
end

40
spec/acceptance/keystone_federation_shibboleth_spec.rb
View File

@ -12,10 +12,10 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
include openstack_integration::mysql
include openstack_integration::keystone
::keystone::resource::service_identity { 'beaker-ci':
service_type => 'beaker',
service_description => 'beaker service',
service_name => 'beaker',
keystone::resource::service_identity { 'ci':
service_type => 'ci',
service_description => 'ci service',
service_name => 'ci',
password => 'secret',
public_url => 'http://127.0.0.1:1234',
admin_url => 'http://127.0.0.1:1234',
@ -54,10 +54,10 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
}
# service user exists only in the service_domain - must
# use v3 api
::keystone::resource::service_identity { 'beaker-civ3::service_domain':
service_type => 'beakerv3',
service_description => 'beakerv3 service',
service_name => 'beakerv3',
keystone::resource::service_identity { 'civ3::service_domain':
service_type => 'civ3',
service_description => 'civ3 service',
service_name => 'civ3',
password => 'secret',
tenant => 'servicesv3::service_domain',
public_url => 'http://127.0.0.1:1234/v3',
@ -82,32 +82,32 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
end
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
it 'should find beaker user' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
expect(r.stdout).to match(/beaker/)
it 'should find ci user' do
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
expect(r.stdout).to match(/ci/)
expect(r.stderr).to be_empty
end
end
it 'should find services tenant' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
expect(r.stdout).to match(/services/)
expect(r.stderr).to be_empty
end
end
it 'should find beaker service' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
expect(r.stdout).to match(/beaker/)
it 'should find ci service' do
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
expect(r.stdout).to match(/ci/)
expect(r.stderr).to be_empty
end
end
it 'should find admin role' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
expect(r.stdout).to match(/admin/)
expect(r.stderr).to be_empty
end
end
it 'should find beaker endpoints' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
it 'should find ci endpoints' do
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
expect(r.stdout).to match(/1234/)
expect(r.stderr).to be_empty
end
@ -119,7 +119,7 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
end
describe "with v2 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
'--os-username ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
end
describe 'with v3 admin with v3 credentials' do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
@ -127,7 +127,7 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
end
describe "with v3 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
'--os-username civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
end
end

241
spec/acceptance/keystone_wsgi_apache_spec.rb
View File

@ -12,10 +12,10 @@ describe 'keystone server running with Apache/WSGI with resources' do
include openstack_integration::mysql
include openstack_integration::keystone
::keystone::resource::service_identity { 'beaker-ci':
service_type => 'beaker',
service_description => 'beaker service',
service_name => 'beaker',
keystone::resource::service_identity { 'ci':
service_type => 'ci',
service_description => 'ci service',
service_name => 'ci',
password => 'secret',
public_url => 'http://127.0.0.1:1234',
admin_url => 'http://127.0.0.1:1234',
@ -54,10 +54,10 @@ describe 'keystone server running with Apache/WSGI with resources' do
}
# service user exists only in the service_domain - must
# use v3 api
::keystone::resource::service_identity { 'beaker-civ3::service_domain':
service_type => 'beakerv3',
service_description => 'beakerv3 service',
service_name => 'beakerv3',
keystone::resource::service_identity { 'civ3::service_domain':
service_type => 'civ3',
service_description => 'civ3 service',
service_name => 'civ3',
password => 'secret',
tenant => 'servicesv3::service_domain',
public_url => 'http://127.0.0.1:1234/v3',
@ -78,32 +78,32 @@ describe 'keystone server running with Apache/WSGI with resources' do
end
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
it 'should find beaker user' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
expect(r.stdout).to match(/beaker/)
it 'should find ci user' do
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
expect(r.stdout).to match(/ci/)
expect(r.stderr).to be_empty
end
end
it 'should find services tenant' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
expect(r.stdout).to match(/services/)
expect(r.stderr).to be_empty
end
end
it 'should find beaker service' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
expect(r.stdout).to match(/beaker/)
it 'should find ci service' do
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
expect(r.stdout).to match(/ci/)
expect(r.stderr).to be_empty
end
end
it 'should find admin role' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role assignment list --names") do |r|
expect(r.stdout).to match(/admin/)
expect(r.stderr).to be_empty
end
end
it 'should find beaker endpoints' do
shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
it 'should find ci endpoints' do
command("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
expect(r.stdout).to match(/1234/)
expect(r.stderr).to be_empty
end
@ -115,7 +115,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
end
describe "with v2 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
'--os-username ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
end
describe 'with v3 admin with v3 credentials' do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
@ -125,7 +125,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
end
describe "with v3 service with v3 credentials" do
include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
'--os-username beaker-civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
'--os-username civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
end
end
@ -197,19 +197,21 @@ describe 'keystone server running with Apache/WSGI with resources' do
end
describe 'puppet service are created' do
it 'for service' do
shell('puppet resource keystone_service') do |result|
command('puppet resource keystone_service') do |result|
expect(result.stdout)
.to include_regexp([/keystone_service { 'service_1::type_1':/,
/keystone_service { 'service_1::type_2':/])
.to match(/keystone_service { 'service_1::type_1':/)
expect(result.stdout)
.to match(/keystone_service { 'service_1::type_2':/)
end
end
end
describe 'puppet endpoints are created' do
it 'for service' do
shell('puppet resource keystone_endpoint') do |result|
command('puppet resource keystone_endpoint') do |result|
expect(result.stdout)
.to include_regexp([/keystone_endpoint { 'RegionOne\/service_1::type_1':/,
/keystone_endpoint { 'RegionOne\/service_1::type_2':/])
.to match(/keystone_endpoint { 'RegionOne\/service_1::type_1':/)
expect(result.stdout)
.to match(/keystone_endpoint { 'RegionOne\/service_1::type_2':/)
end
end
end
@ -219,97 +221,114 @@ describe 'keystone server running with Apache/WSGI with resources' do
# make sure everything is clean before playing the manifest
shared_examples 'clean_domain_configuration', :clean_domain_cfg => true do
before(:context) do
hosts.each do |host|
on host, 'rm -rf /etc/keystone/domains >/dev/null 2>&1'
on host, 'rm -rf /tmp/keystone.*.conf >/dev/null 2>&1'
end
run_shell('rm -rf /etc/keystone/domains')
run_shell('rm -rf /tmp/keystone.*.conf')
end
end
context 'one domain configuration', :clean_domain_cfg => true do
context 'simple use case' do
it_behaves_like 'puppet_apply_success', <<-EOM
file { '/etc/keystone/domains': ensure => directory }
keystone_domain_config { 'services::ldap/url':
value => 'http://auth.com/1',
}
EOM
let(:pp) do
<<-EOM
file { '/etc/keystone/domains': ensure => directory }
keystone_domain_config { 'services::ldap/url':
value => 'http://auth.com/1',
}
EOM
end
context '/etc/keystone/domains/keystone.services.conf' do
# the idiom
it 'should apply and be idempotent' do
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
# note: cannot use neither instance variable nor let on
# parameter for shared_example
it_behaves_like 'a_valid_configuration', <<-EOC
[ldap]
url=http://auth.com/1
EOC
describe file('/etc/keystone/domains/keystone.services.conf') do
it { is_expected.to be_file }
it { is_expected.to exist }
its(:content) { should match /\[ldap\]\nurl=http:\/\/auth.com\/1/ }
end
end
context 'with a non default identity/domain_config_dir' do
it_behaves_like 'puppet_apply_success', <<-EOM
keystone_config { 'identity/domain_config_dir': value => '/tmp' }
keystone_domain_config { 'services::ldap/url':
value => 'http://auth.com/1',
}
EOM
let(:pp) do
<<-EOM
keystone_config { 'identity/domain_config_dir': value => '/tmp' }
keystone_domain_config { 'services::ldap/url':
value => 'http://auth.com/1',
}
EOM
end
context '/tmp/keystone.services.conf' do
it_behaves_like 'a_valid_configuration', <<-EOC
it 'should apply and be idempotent' do
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
[ldap]
url=http://auth.com/1
EOC
describe file('/tmp/keystone.services.conf') do
it { is_expected.to be_file }
it { is_expected.to exist }
its(:content) { should match /\[ldap\]\nurl=http:\/\/auth.com\/1/ }
end
end
end
context 'with a multiple configurations', :clean_domain_cfg => true do
it_behaves_like 'puppet_apply_success', <<-EOM
file { '/etc/keystone/domains': ensure => directory }
keystone_config { 'identity/domain_config_dir': value => '/etc/keystone/domains' }
keystone_domain_config { 'services::ldap/url':
value => 'http://auth.com/1',
}
keystone_domain_config { 'services::http/url':
value => 'http://auth.com/2',
}
keystone_domain_config { 'external::ldap/url':
value => 'http://ext-auth.com/1',
}
EOM
describe command('puppet resource keystone_domain_config') do
its(:exit_status) { is_expected.to eq(0) }
let(:pp) do
<<-EOM
file { '/etc/keystone/domains': ensure => directory }
keystone_config { 'identity/domain_config_dir': value => '/etc/keystone/domains' }
keystone_domain_config { 'services::ldap/url':
value => 'http://auth.com/1',
}
keystone_domain_config { 'services::http/url':
value => 'http://auth.com/2',
}
keystone_domain_config { 'external::ldap/url':
value => 'http://ext-auth.com/1',
}
EOM
end
describe '/etc/keystone/domains/keystone.external.conf' do
it_behaves_like 'a_valid_configuration', <<EOC
it 'should apply and be idempotent' do
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
[ldap]
url=http://ext-auth.com/1
EOC
it 'should list puppet resources' do
command('puppet resource keystone_domain_config') do |r|
expect(r.exit_code).to eq 0
end
end
describe file('/etc/keystone/domains/keystone.external.conf') do
it { is_expected.to be_file }
it { is_expected.to exist }
its(:content) { should match /\[ldap\]\nurl=http:\/\/ext-auth.com\/1/ }
end
end
context 'checking that the purge is working' do
it_behaves_like 'puppet_apply_success', <<-EOM
resources { 'keystone_domain_config': purge => true }
keystone_domain_config { 'services::ldap/url':
value => 'http://auth.com/1',
}
EOM
let(:pp) do
<<-EOM
resources { 'keystone_domain_config': purge => true }
keystone_domain_config { 'services::ldap/url':
value => 'http://auth.com/1',
}
EOM
end
context '/etc/keystone/domains/keystone.services.conf' do
it_behaves_like 'a_valid_configuration', <<-EOC
it 'should apply and be idempotent' do
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
[ldap]
url=http://auth.com/1
EOC
describe file('/etc/keystone/domains/keystone.services.conf') do
it { is_expected.to be_file }
it { is_expected.to exist }
its(:content) { should match /\[ldap\]\nurl=http:\/\/auth.com\/1/ }
end
end
context '#ldap_backend', :clean_domain_cfg => true do
context 'manifest' do
let(:pp) do
@ -342,37 +361,39 @@ EOC
# TODO: Sould we add a working ldap server ?
end
context '/etc/keystone/domains/keystone.domain_1_ldap_backend.conf' do
it_behaves_like 'a_valid_configuration', <<-EOC
[ldap]
url=ldap://foo
user=cn=foo,dc=example,dc=com
EOC
describe file('/etc/keystone/domains/keystone.domain_1_ldap_backend.conf') do
it { is_expected.to be_file }
it { is_expected.to exist }
its(:content) { should match /\[ldap\]\nurl=ldap:\/\/foo\nuser=cn=foo,dc=example,dc=com/ }
end
context '/etc/keystone/domains/keystone.domain_2_ldap_backend.conf' do
it_behaves_like 'a_valid_configuration', <<-EOC
[ldap]
url=ldap://bar
user=cn=bar,dc=test,dc=com
EOC
describe file('/etc/keystone/domains/keystone.domain_2_ldap_backend.conf') do
it { is_expected.to be_file }
it { is_expected.to exist }
its(:content) { should match /\[ldap\]\nurl=ldap:\/\/bar\nuser=cn=bar,dc=test,dc=com/ }
end
end
context 'clean up', :clean_domain_cfg => true do
# we must revert the changes as ldap backend is not fully
# functional and are "domain read only". All subsequent tests
# will fail without this.
it_behaves_like 'puppet_apply_success', <<-EOM
keystone_config {
'identity/driver': value => 'sql';
'credential/driver': ensure => absent;
'assignment/driver': ensure => absent;
'identity/domain_specific_drivers_enabled': ensure => absent;
'identity/domain_config_dir': ensure => absent;
}
EOM
let(:pp) do
<<-EOM
keystone_config {
'identity/driver': value => 'sql';
'credential/driver': ensure => absent;
'assignment/driver': ensure => absent;
'identity/domain_specific_drivers_enabled': ensure => absent;
'identity/domain_config_dir': ensure => absent;
}
EOM
end
it 'should apply and be idempotent' do
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
end
end
end

11
spec/acceptance/nodesets/centos-70-x64.yml
View File

@ -1,11 +0,0 @@
HOSTS:
centos-server-70-x64:
roles:
- master
platform: el-7-x86_64
box: puppetlabs/centos-7.0-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: foss

10
spec/acceptance/nodesets/default.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-server-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
box: puppetlabs/ubuntu-14.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor: vagrant
CONFIG:
type: foss

10
spec/acceptance/nodesets/nodepool-bionic.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-18.04-amd64:
roles:
- master
platform: ubuntu-18.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-centos7.yml
View File

@ -1,10 +0,0 @@
HOSTS:
centos-70-x64:
roles:
- master
platform: el-7-x86_64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-centos8.yml
View File

@ -1,10 +0,0 @@
HOSTS:
centos-80-x64:
roles:
- master
platform: el-8-x86_64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-trusty.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-xenial.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-16.04-amd64:
roles:
- master
platform: ubuntu-16.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

11
spec/acceptance/nodesets/ubuntu-server-1404-x64.yml
View File

@ -1,11 +0,0 @@
HOSTS:
ubuntu-server-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
box: puppetlabs/ubuntu-14.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: foss

34
spec/shared_examples_acceptance.rb
View File

@ -1,34 +0,0 @@
# Test a normal puppet run with idempotency.
shared_examples_for 'puppet_apply_success' do |manifest|
it 'should apply the manifest without error' do
apply_manifest(manifest, :catch_failures => true)
end
it 'should be idempotent' do
apply_manifest(manifest, :catch_changes => true)
end
end
# Check that a file exists and its content match the one given as
# argument. The argument can be a multiline string or an array of
# regexp.
#
# To use it encapsulate it in a context whose name is the file to
# test.
shared_examples 'a_valid_configuration' do |config_content|
let(:configuration_file) do |example|
# see the idiom it leads to later in this file
example.metadata[:example_group][:parent_example_group][:description]
end
subject { file(configuration_file) }
it { is_expected.to be_file }
it { is_expected.to exist }
content = nil
if config_content.is_a?(Array)
content = config_content
else
content = config_content.split("\n").map { |l| Regexp.quote(l) }
end
it 'content should be valid' do
expect(subject.content).to include_regexp(content)
end
end

2
spec/spec_helper_acceptance.rb
View File

@ -1 +1 @@
require 'puppet-openstack_spec_helper/beaker_spec_helper'
require 'puppet-openstack_spec_helper/litmus_spec_helper'