puppet-neutron/spec/classes/neutron_agents_ovn_metadata_spec.rb
Takashi Kajinami 9fe6a8db90 ovn-metadata: metadata_proxy_shared_secret should be secret
Change-Id: Ibcf03843e7b4a11a91dbb5a15f91c17892e97282
2024-03-16 17:01:59 +09:00

123 lines
5.3 KiB
Ruby

require 'spec_helper'
describe 'neutron::agents::ovn_metadata' do
let :pre_condition do
"class { 'neutron': }"
end
let :params do
{
:shared_secret => 'metadata-secret',
}
end
shared_examples 'ovn metadata agent' do
it { should contain_class('neutron::params') }
it 'configures ovn metadata agent service' do
should contain_service('ovn-metadata').with(
:name => platform_params[:ovn_metadata_agent_service],
:enable => true,
:ensure => 'running',
:tag => 'neutron-service',
)
should contain_service('ovn-metadata').that_subscribes_to('Anchor[neutron::service::begin]')
should contain_service('ovn-metadata').that_notifies('Anchor[neutron::service::end]')
end
context 'with manage_service as false' do
before :each do
params.merge!(:manage_service => false)
end
it 'should not manage the service' do
should_not contain_service('ovn-metadata')
end
end
it 'passes purge to resource' do
should contain_resources('ovn_metadata_agent_config').with({
:purge => false
})
end
it 'configures ovn_metadata_agent.ini' do
should contain_ovn_metadata_agent_config('DEFAULT/debug').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('DEFAULT/auth_ca_cert').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('DEFAULT/nova_client_cert').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('DEFAULT/nova_client_priv_key').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('DEFAULT/nova_metadata_host').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('DEFAULT/nova_metadata_port').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('DEFAULT/nova_metadata_protocol').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('DEFAULT/metadata_workers').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('DEFAULT/metadata_backlog').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('DEFAULT/nova_metadata_insecure').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('DEFAULT/state_path').with(:value => '/var/lib/neutron')
should contain_ovn_metadata_agent_config('DEFAULT/metadata_proxy_shared_secret').with(:value => params[:shared_secret]).with_secret(true)
should contain_ovn_metadata_agent_config('agent/root_helper').with(:value => 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf')
should contain_ovn_metadata_agent_config('agent/root_helper_daemon').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('ovs/ovsdb_connection_timeout').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('ovs/ovsdb_connection').with(:value => 'tcp:127.0.0.1:6640')
should contain_ovn_metadata_agent_config('ovn/ovn_sb_connection').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('ovn/ovsdb_retry_max_interval').with(:value => '<SERVICE DEFAULT>')
should contain_ovn_metadata_agent_config('ovn/ovsdb_probe_interval').with(:value => '<SERVICE DEFAULT>')
end
it 'installs ovn metadata agent package' do
should contain_package('ovn-metadata').with(
:ensure => 'present',
:name => platform_params[:ovn_metadata_agent_package],
:tag => ['openstack', 'neutron-package'],
)
end
it 'configures subscription to ovn-metadata package' do
should contain_service('ovn-metadata').that_subscribes_to('Anchor[neutron::service::begin]')
should contain_service('ovn-metadata').that_notifies('Anchor[neutron::service::end]')
end
end
shared_examples 'ovn metadata agent with auth_ca_cert set' do
let :params do
{
:auth_ca_cert => '/some/cert',
:shared_secret => '42',
:nova_client_cert => '/nova/cert',
:nova_client_priv_key => '/nova/key',
:metadata_insecure => true,
}
end
it 'configures certificate' do
should contain_ovn_metadata_agent_config('DEFAULT/auth_ca_cert').with_value('/some/cert')
should contain_ovn_metadata_agent_config('DEFAULT/nova_client_cert').with_value('/nova/cert')
should contain_ovn_metadata_agent_config('DEFAULT/nova_client_priv_key').with_value('/nova/key')
should contain_ovn_metadata_agent_config('DEFAULT/nova_metadata_insecure').with_value(true)
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
let (:platform_params) do
case facts[:os]['family']
when 'Debian'
{ :ovn_metadata_agent_package => 'neutron-ovn-metadata-agent',
:ovn_metadata_agent_service => 'neutron-ovn-metadata-agent' }
when 'RedHat'
{ :ovn_metadata_agent_package => 'openstack-neutron-ovn-metadata-agent',
:ovn_metadata_agent_service => 'neutron-ovn-metadata-agent' }
end
end
it_behaves_like 'ovn metadata agent'
it_behaves_like 'ovn metadata agent with auth_ca_cert set'
end
end
end