beaker: stop testing eventlet and enforce wsgi

Eventlet support is dead in Mitaka.

This patch:
* removes basic_keystone_spec scenario (running eventlet)
* in default_domain scenario, replace eventlet by wsgi setup
  by using openstack_integration::keystone manifest

Depends-On: Idd04ef48e867f5138bd9a2e04ea6f2fbc4369314
Change-Id: Ibff595fcca8469076af65452cdeb517430314f84

spec/acceptance/basic_keystone_spec.rb

@@ -1,497 +0,0 @@
-require 'spec_helper_acceptance'
-
-describe 'basic keystone server with resources' do
-
-  context 'default parameters' do
-
-    it 'should work with no errors' do
-      pp= <<-EOS
-      # make sure apache is stopped before keystone eventlet
-      # in case of wsgi was run before
-      class { '::apache':
-        service_ensure => 'stopped',
-      }
-      Service['httpd'] -> Service['keystone']
-
-      include ::openstack_integration
-      include ::openstack_integration::repos
-      include ::openstack_integration::mysql
-
-      # Keystone resources
-      class { '::keystone::client': }
-      class { '::keystone::cron::token_flush': }
-      class { '::keystone::db::mysql':
-        password => 'keystone',
-      }
-      class { '::keystone':
-        verbose             => true,
-        debug               => true,
-        database_connection => 'mysql+pymysql://keystone:keystone@127.0.0.1/keystone',
-        admin_token         => 'admin_token',
-        enabled             => true,
-      }
-      # "v2" admin and service
-      class { '::keystone::roles::admin':
-        email                  => 'test@example.tld',
-        password               => 'a_big_secret',
-      }
-      # Default Keystone endpoints use localhost, default ports and v2.0
-      class { '::keystone::endpoint':
-        default_domain => 'admin',
-      }
-      ::keystone::resource::service_identity { 'beaker-ci':
-        service_type        => 'beaker',
-        service_description => 'beaker service',
-        service_name        => 'beaker',
-        password            => 'secret',
-        public_url          => 'http://127.0.0.1:1234',
-        admin_url           => 'http://127.0.0.1:1234',
-        internal_url        => 'http://127.0.0.1:1234',
-      }
-      # v3 admin
-      # we don't use ::keystone::roles::admin but still create resources manually:
-      keystone_domain { 'admin_domain':
-        ensure      => present,
-        enabled     => true,
-        description => 'Domain for admin v3 users',
-      }
-      keystone_domain { 'service_domain':
-        ensure      => present,
-        enabled     => true,
-        description => 'Domain for admin v3 users',
-      }
-      keystone_tenant { 'servicesv3':
-        ensure      => present,
-        enabled     => true,
-        description => 'Tenant for the openstack services',
-        domain      => 'service_domain',
-      }
-      keystone_tenant { 'openstackv3::admin_domain':
-        ensure      => present,
-        enabled     => true,
-        description => 'admin tenant'
-      }
-      keystone_user { 'adminv3::admin_domain':
-        ensure      => present,
-        enabled     => true,
-        email       => 'test@example.tld',
-        password    => 'a_big_secret',
-      }
-      keystone_user_role { 'adminv3@openstackv3':
-        project_domain => 'admin_domain',
-        user_domain    => 'admin_domain',
-        ensure         => present,
-        roles          => ['admin'],
-      }
-      # service user exists only in the service_domain - must
-      # use v3 api
-      ::keystone::resource::service_identity { 'beaker-civ3::service_domain':
-        service_type        => 'beakerv3',
-        service_description => 'beakerv3 service',
-        service_name        => 'beakerv3',
-        password            => 'secret',
-        tenant              => 'servicesv3::service_domain',
-        public_url          => 'http://127.0.0.1:1234/v3',
-        admin_url           => 'http://127.0.0.1:1234/v3',
-        internal_url        => 'http://127.0.0.1:1234/v3',
-        user_domain         => 'service_domain',
-        project_domain      => 'service_domain',
-      }
-      EOS
-
-
-      # Run it twice and test for idempotency
-      apply_manifest(pp, :catch_failures => true)
-      apply_manifest(pp, :catch_changes => true)
-    end
-
-    describe port(5000) do
-      it { is_expected.to be_listening.with('tcp') }
-    end
-
-    describe port(35357) do
-      it { is_expected.to be_listening.with('tcp') }
-    end
-
-    describe cron do
-      it { is_expected.to have_entry('1 0 * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
-    end
-
-    shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v2 API' do |auth_creds|
-      it 'should find users in the default domain' do
-        shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v2.0 --os-identity-api-version 2 user list") do |r|
-          expect(r.stdout).to match(/admin/)
-          expect(r.stderr).to be_empty
-        end
-      end
-      it 'should find tenants in the default domain' do
-        shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v2.0 --os-identity-api-version 2 project list") do |r|
-          expect(r.stdout).to match(/openstack/)
-          expect(r.stderr).to be_empty
-        end
-      end
-      it 'should find beaker service' do
-        shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v2.0 --os-identity-api-version 2 service list") do |r|
-          expect(r.stdout).to match(/beaker/)
-          expect(r.stderr).to be_empty
-        end
-      end
-      it 'should find admin role' do
-        shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v2.0 --os-identity-api-version 2 role list") do |r|
-          expect(r.stdout).to match(/admin/)
-          expect(r.stderr).to be_empty
-        end
-      end
-      it 'should find beaker endpoints' do
-        shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v2.0 --os-identity-api-version 2 endpoint list --long") do |r|
-          expect(r.stdout).to match(/1234/)
-          expect(r.stderr).to be_empty
-        end
-      end
-    end
-    shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
-      it 'should find beaker user' do
-        shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
-          expect(r.stdout).to match(/beaker/)
-          expect(r.stderr).to be_empty
-        end
-      end
-      it 'should find services tenant' do
-        shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
-          expect(r.stdout).to match(/services/)
-          expect(r.stderr).to be_empty
-        end
-      end
-      it 'should find beaker service' do
-        shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
-          expect(r.stdout).to match(/beaker/)
-          expect(r.stderr).to be_empty
-        end
-      end
-      it 'should find admin role' do
-        shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role list") do |r|
-          expect(r.stdout).to match(/admin/)
-          expect(r.stderr).to be_empty
-        end
-      end
-      it 'should find beaker endpoints' do
-        shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
-          expect(r.stdout).to match(/1234/)
-          expect(r.stderr).to be_empty
-        end
-      end
-    end
-    describe 'with v2 admin with v2 credentials' do
-      include_examples 'keystone user/tenant/service/role/endpoint resources using v2 API',
-                       '--os-username admin --os-password a_big_secret --os-project-name openstack'
-    end
-    describe 'with v2 service with v2 credentials' do
-      include_examples 'keystone user/tenant/service/role/endpoint resources using v2 API',
-                       '--os-username beaker-ci --os-password secret --os-project-name services'
-    end
-    describe 'with v2 admin with v3 credentials' do
-      include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
-                       '--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name Default --os-project-domain-name Default'
-    end
-    describe "with v2 service with v3 credentials" do
-      include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
-                       '--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
-    end
-    describe 'with v3 admin with v3 credentials' do
-      include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
-                       '--os-username adminv3 --os-password a_big_secret --os-project-name openstackv3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain'
-    end
-    describe "with v3 service with v3 credentials" do
-      include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
-                       '--os-username beaker-civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'
-    end
-  end
-  describe 'composite namevar quick test' do
-    context 'similar resources different naming' do
-      let(:pp) do
-        <<-EOM
-        keystone_tenant { 'openstackv3':
-          ensure      => present,
-          enabled     => true,
-          description => 'admin tenant',
-          domain      => 'admin_domain'
-        }
-        keystone_user { 'adminv3::useless_when_the_domain_is_set':
-          ensure      => present,
-          enabled     => true,
-          email       => 'test@example.tld',
-          password    => 'a_big_secret',
-          domain      => 'admin_domain'
-        }
-        keystone_user_role { 'adminv3::admin_domain@openstackv3::admin_domain':
-          ensure         => present,
-          roles          => ['admin'],
-        }
-        EOM
-      end
-      it 'should not do any modification' do
-        apply_manifest(pp, :catch_changes => true)
-      end
-    end
-  end
-
-  describe 'composite namevar for keystone_service and keystone_endpoint' do
-    let(:pp) do
-      <<-EOM
-      keystone_service { 'service_1::type_1': ensure => present }
-      keystone_service { 'service_1': type => 'type_2', ensure => present }
-      keystone_endpoint { 'RegionOne/service_1::type_2':
-        ensure => present,
-        public_url => 'http://public_service1_type2',
-        internal_url => 'http://internal_service1_type2',
-        admin_url => 'http://admin_service1_type2'
-      }
-      keystone_endpoint { 'service_1':
-        ensure => present,
-        region => 'RegionOne',
-        type => 'type_1',
-        public_url   => 'http://public_url/',
-        internal_url => 'http://public_url/',
-        admin_url    => 'http://public_url/'
-      }
-      EOM
-    end
-    it 'should be possible to create two services different only by their type' do
-      apply_manifest(pp, :catch_failures => true)
-      apply_manifest(pp, :catch_changes => true)
-    end
-    describe 'puppet service are created' do
-      it 'for service' do
-        shell('puppet resource keystone_service') do |result|
-          expect(result.stdout)
-            .to include_regexp([/keystone_service { 'service_1::type_1':/,
-                                /keystone_service { 'service_1::type_2':/])
-        end
-      end
-    end
-    describe 'puppet endpoints are created' do
-      it 'for service' do
-        shell('puppet resource keystone_endpoint') do |result|
-          expect(result.stdout)
-            .to include_regexp([/keystone_endpoint { 'RegionOne\/service_1::type_1':/,
-                                /keystone_endpoint { 'RegionOne\/service_1::type_2':/])
-        end
-      end
-    end
-  end
-
-  context '#keystone_domain_config' do
-    # make sure everything is clean before playing the manifest
-    shared_examples 'clean_domain_configuration', :clean_domain_cfg => true do
-      before(:context) do
-        hosts.each do |host|
-          on host, 'rm -rf /etc/keystone/domains >/dev/null 2>&1'
-          on host, 'rm -rf /tmp/keystone.*.conf >/dev/null 2>&1'
-        end
-      end
-    end
-
-    context 'one domain configuration', :clean_domain_cfg => true  do
-      context 'simple use case' do
-        it_behaves_like 'puppet_apply_success', <<-EOM
-          file { '/etc/keystone/domains': ensure => directory }
-          keystone_domain_config { 'services::ldap/url':
-            value => 'http://auth.com/1',
-          }
-        EOM
-
-        context '/etc/keystone/domains/keystone.services.conf' do
-          # the idiom
-
-          # note: cannot use neither instance variable nor let on
-          # parameter for shared_example
-          it_behaves_like 'a_valid_configuration', <<-EOC
-
-[ldap]
-url=http://auth.com/1
-EOC
-        end
-      end
-
-      context 'with a non default identity/domain_config_dir' do
-        it_behaves_like 'puppet_apply_success', <<-EOM
-        keystone_config { 'identity/domain_config_dir': value => '/tmp' }
-        keystone_domain_config { 'services::ldap/url':
-          value => 'http://auth.com/1',
-        }
-        EOM
-
-        context '/tmp/keystone.services.conf' do
-          it_behaves_like 'a_valid_configuration', <<-EOC
-
-[ldap]
-url=http://auth.com/1
-EOC
-        end
-      end
-    end
-
-    context 'with a multiple configurations', :clean_domain_cfg => true do
-      it_behaves_like 'puppet_apply_success', <<-EOM
-      file { '/etc/keystone/domains': ensure => directory }
-      keystone_config { 'identity/domain_config_dir': value => '/etc/keystone/domains' }
-      keystone_domain_config { 'services::ldap/url':
-        value => 'http://auth.com/1',
-      }
-      keystone_domain_config { 'services::http/url':
-        value => 'http://auth.com/2',
-      }
-      keystone_domain_config { 'external::ldap/url':
-        value => 'http://ext-auth.com/1',
-      }
-      EOM
-
-      describe command('puppet resource keystone_domain_config') do
-        its(:exit_status) { is_expected.to eq(0) }
-        its(:stdout) { is_expected.to eq(<<EOO) }
-keystone_domain_config { 'external::ldap/url':
-  ensure => 'present',
-  value  => 'http://ext-auth.com/1',
-}
-keystone_domain_config { 'services::http/url':
-  ensure => 'present',
-  value  => 'http://auth.com/2',
-}
-keystone_domain_config { 'services::ldap/url':
-  ensure => 'present',
-  value  => 'http://auth.com/1',
-}
-EOO
-      end
-
-      describe '/etc/keystone/domains/keystone.services.conf' do
-        it_behaves_like 'a_valid_configuration', <<EOC
-
-[http]
-url=http://auth.com/2
-
-[ldap]
-url=http://auth.com/1
-EOC
-      end
-      describe '/etc/keystone/domains/keystone.external.conf' do
-        it_behaves_like 'a_valid_configuration', <<EOC
-
-[ldap]
-url=http://ext-auth.com/1
-EOC
-      end
-    end
-
-    context 'checking that the purge is working' do
-      it_behaves_like 'puppet_apply_success', <<-EOM
-      resources { 'keystone_domain_config': purge => true }
-      keystone_domain_config { 'services::ldap/url':
-        value => 'http://auth.com/1',
-      }
-      EOM
-
-      context '/etc/keystone/domains/keystone.services.conf' do
-        it_behaves_like 'a_valid_configuration', <<-EOC
-
-[http]
-
-[ldap]
-url=http://auth.com/1
-EOC
-      end
-    end
-    context '#ldap_backend', :clean_domain_cfg => true do
-      context 'manifest' do
-        let(:pp) do
-      <<-EOM
-      class { '::keystone':
-        verbose             => true,
-        debug               => true,
-        database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
-        admin_token         => 'admin_token',
-        enabled             => true,
-        default_domain      => 'default_domain',
-        using_domain_config => true
-      }
-      keystone_domain { 'domain_1_ldap_backend': ensure => present }
-      keystone_domain { 'domain_2_ldap_backend': ensure => present }
-      keystone::ldap_backend { 'domain_1_ldap_backend':
-        url  => 'ldap://foo',
-        user => 'cn=foo,dc=example,dc=com',
-        identity_driver => 'keystone.identity.backends.ldap.Identity',
-        credential_driver => 'keystone.credential.backends.ldap.Credential',
-        assignment_driver => 'keystone.assignment.backends.ldap.Assignment'
-      }
-      keystone::ldap_backend { 'domain_2_ldap_backend':
-        url  => 'ldap://bar',
-        user => 'cn=bar,dc=test,dc=com',
-        identity_driver => 'keystone.identity.backends.ldap.Identity',
-        credential_driver => 'keystone.credential.backends.ldap.Credential',
-        assignment_driver => 'keystone.assignment.backends.ldap.Assignment'
-      }
-      EOM
-        end
-        it 'should apply the manifest correctly' do
-          apply_manifest(pp, :accept_all_exit_codes => true)
-          # Cannot really test it as keystone will try to connect to
-          # the ldap backend when it restarts.  But the ldap server
-          # which doesn't exit.  The next "test" clean everything up
-          # to have a working keystone again.
-
-          # TODO: Sould we add a working ldap server ?
-        end
-        context '/etc/keystone/domains/keystone.domain_1_ldap_backend.conf' do
-          it_behaves_like 'a_valid_configuration', <<-EOC
-
-[ldap]
-use_pool=False
-pool_retry_delay=0.1
-url=ldap://foo
-auth_pool_size=100
-auth_pool_connection_lifetime=60
-user=cn=foo,dc=example,dc=com
-pool_connection_timeout=-1
-use_auth_pool=False
-pool_connection_lifetime=600
-pool_size=10
-pool_retry_max=3
-EOC
-        end
-
-        context '/etc/keystone/domains/keystone.domain_2_ldap_backend.conf' do
-          it_behaves_like 'a_valid_configuration', <<-EOC
-
-[ldap]
-pool_retry_delay=0.1
-url=ldap://bar
-user=cn=bar,dc=test,dc=com
-use_pool=False
-pool_retry_max=3
-pool_size=10
-auth_pool_size=100
-auth_pool_connection_lifetime=60
-use_auth_pool=False
-pool_connection_lifetime=600
-pool_connection_timeout=-1
-EOC
-        end
-      end
-      context 'clean up', :clean_domain_cfg => true do
-        # we must revert the changes as ldap backend is not fully
-        # functional and are "domain read only".  All subsequent tests
-        # will fail without this.
-        it_behaves_like 'puppet_apply_success', <<-EOM
-        keystone_config {
-          'identity/driver': value => 'sql';
-          'credential/driver': ensure => absent;
-          'assignment/driver': ensure => absent;
-          'identity/domain_specific_drivers_enabled': ensure => absent;
-          'identity/domain_config_dir': ensure => absent;
-        }
-        EOM
-
-      end
-    end
-  end
-end

spec/acceptance/default_domain_spec.rb

@@ -3,13 +3,7 @@ require 'spec_helper_acceptance'
 describe 'basic keystone server with changed domain id' do
   after(:context) do
     clean_up_manifest = <<-EOM
-      class { '::keystone':
+      include ::openstack_integration::keystone
-            verbose             => true,
-            debug               => true,
-            database_connection => 'mysql+pymysql://keystone:keystone@127.0.0.1/keystone',
-            admin_token         => 'admin_token',
-            enabled             => true,
-      }
 
       keystone_config { 'identity/default_domain_id': ensure => absent}
     EOM
@@ -19,31 +13,14 @@ describe 'basic keystone server with changed domain id' do
   context 'new domain id' do
     let(:pp) do
       <<-EOM
-      # make sure apache is stopped before keystone eventlet
-      # in case of wsgi was run before
-      class { '::apache':
-        service_ensure => 'stopped',
-      }
-      Service['httpd'] -> Service['keystone']
-
       include ::openstack_integration
       include ::openstack_integration::repos
       include ::openstack_integration::mysql
 
-      # Keystone resources
+      class { '::openstack_integration::keystone':
-      class { '::keystone::client': }
+        default_domain => 'my_default_domain',
-      class { '::keystone::cron::token_flush': }
-      class { '::keystone::db::mysql':
-        password => 'keystone',
-      }
-      class { '::keystone':
-        verbose             => true,
-        debug               => true,
-        database_connection => 'mysql+pymysql://keystone:keystone@127.0.0.1/keystone',
-        admin_token         => 'admin_token',
-        enabled             => true,
-        default_domain      => 'my_default_domain'
       }
+
       keystone_tenant { 'project_in_my_default_domain':
         ensure      => present,
         enabled     => true,