Refactor to not require passing in domain and realm

novajoin_tempest_plugin/ipa/ipa_client.py

@@ -56,13 +56,15 @@ class IPABase(object):
         os.environ['KRB5CCNAME'] = self.ccache
         os.environ['KRB5_CLIENT_KTNAME'] = '/home/stack/krb5.keytab'
         if self._ipa_client_configured() and not api.isdone('finalize'):
-            (hostname, realm) = self.get_host_and_realm()
             api.bootstrap(context='novajoin')
             api.finalize()
         self.batch_args = list()
         self.backoff = backoff
+        (_hostname, domain, realm) = self.get_host_domain_and_realm()
+        self.domain = domain
+        self.realm = realm
 
-    def get_host_and_realm(self):
+    def get_host_domain_and_realm(self):
         """Return the hostname and IPA realm name.
 
            IPA 4.4 introduced the requirement that the schema be
@@ -77,8 +79,9 @@ class IPABase(object):
         config.read('/etc/ipa/default.conf')
         hostname = config.get('global', 'host')
         realm = config.get('global', 'realm')
+        domain = config.get('global', 'domain')
 
-        return hostname, realm
+        return hostname, domain, realm
 
     def __backoff(self):
         LOG.debug("Backing off %s seconds", self.backoff)

novajoin_tempest_plugin/tests/scenario/novajoin_manager.py

@@ -12,7 +12,6 @@
 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #    License for the specific language governing permissions and limitations
 #    under the License.
-import exceptions
 import subprocess
 import time
 
@@ -62,40 +61,35 @@ class NovajoinScenarioTest(manager.ScenarioTest):
         start = int(time.time())
         keytab_status = result['has_keytab']
         timeout = 300
-        while not keytab_status:
+        while not keytab_status and (int(time.time()) - start < timeout):
             time.sleep(30)
             result = self.ipa_client.show_host(host)['result']
             keytab_status = result['has_keytab']
-            if int(time.time()) - start >= 300:
-                message = ('Keytab failed to reach TRUE status '
-                           'within %s seconds' % (timeout))
-                raise exceptions.TimeoutException(message)
         self.assertTrue(keytab_status)
 
-    def verify_service_created(self, service, host, realm):
-        service_principal = '{servicename}/{hostname}@{realm}'.format(
-            servicename=service, hostname=host, realm=realm
-        )
+    def verify_service_created(self, service, host):
+        service_principal = self.get_service_principal(host, service)
         result = self.ipa_client.find_service(service_principal)
         self.assertTrue(result['count'] > 0)
 
-    def verify_service_managed_by_host(self, service, host, realm):
+    def verify_service_managed_by_host(self, service, host):
         # TODO(alee) Implement this using service-show
         pass
 
-    def verify_service_deleted(self, service, host, realm):
-        service_principal = '{servicename}/{hostname}@{realm}'.format(
-            servicename=service, hostname=host, realm=realm
-        )
+    def verify_service_deleted(self, service, host):
+        service_principal = self.get_service_principal(host, service)
         result = self.ipa_client.find_service(service_principal)
         self.assertFalse(result['count'] > 0)
 
-    def get_service_cert(self, service, host, realm):
-        service_principal = '{servicename}/{hostname}@{realm}'.format(
-            servicename=service, hostname=host, realm=realm
-        )
+    def get_service_cert(self, service, host):
+        service_principal = self.get_service_principal(host, service)
         return self.ipa_client.get_service_cert(service_principal)
 
+    def get_service_principal(self, host, service):
+        return '{service}/{hostname}@{realm}'.format(
+            service=service, hostname=host, realm=self.ipa_client.realm
+        )
+
     def verify_host_is_ipaclient(self, hostip, user, keypair):
         cmd = 'id admin'
         private_key = keypair['private_key']
@@ -135,41 +129,34 @@ class NovajoinScenarioTest(manager.ScenarioTest):
         result = self.ipa_client.show_cert(serial)['result']
         self.assertTrue(result['revoked'])
 
-    def verify_compact_services(self, services, host,
-                                domain, realm,
-                                verify_certs=False):
+    def verify_compact_services(self, services, host, verify_certs=False):
         for (service, networks) in services.items():
             for network in networks:
                 subhost = '{host}.{network}.{domain}'.format(
-                    host=host, network=network, domain=domain
+                    host=host, network=network, domain=self.ipa_client.domain
                 )
                 LOG.debug("SUBHOST: %s", subhost)
-                self.verify_service(service, subhost, realm,
-                                    domain,
-                                    verify_certs)
+                self.verify_service(service, subhost, verify_certs)
 
-    def verify_service(self, service, host, realm, domain,
-                       verify_certs=False):
+    def verify_service(self, service, host, verify_certs=False):
         self.verify_host_registered_with_ipa(host)
-        self.verify_service_created(service, host, realm)
-        self.verify_service_managed_by_host(service, host, realm)
+        self.verify_service_created(service, host)
+        self.verify_service_managed_by_host(service, host)
         if verify_certs:
-            self.verify_service_cert(service, host, realm, domain)
+            self.verify_service_cert(service, host)
 
-    def verify_service_cert(self, service, host, realm, domain):
-        LOG.debug("Verifying cert for %s %s %s", service, host, domain) 
-        serial = self.get_service_cert(service, host, realm)
+    def verify_service_cert(self, service, host):
+        LOG.debug("Verifying cert for %s %s", service, host)
+        serial = self.get_service_cert(service, host)
         if (service == 'mysql' and host ==
                 'overcloud-controller-0.internalapi.{domain}'.format(
-                domain=domain)):
+                domain=self.ipa_client.domain)):
             pass
         else:
             self.assertTrue(serial is not None)
 
-    def verify_managed_services(self, services, realm, domain,
-                                verify_certs=False):
+    def verify_managed_services(self, services, verify_certs=False):
         for principal in services:
             service = principal.split('/', 1)[0]
             host = principal.split('/', 1)[1]
-            self.verify_service(service, host, realm, domain,
-                                verify_certs)
+            self.verify_service(service, host, verify_certs)

novajoin_tempest_plugin/tests/scenario/test_tripleo_deployment.py

@@ -21,7 +21,6 @@ CONF = config.CONF
 LOG = logging.getLogger(__name__)
 
 DOMAIN = 'tripleodomain.example.com'
-REALM = 'TRIPLEODOMAIN.EXAMPLE.COM'
 
 HOSTS = [
     'undercloud',
@@ -98,8 +97,6 @@ class TripleOTest(novajoin_manager.NovajoinScenarioTest):
             self.verify_compact_services(
                 services=compact_services,
                 host=host,
-                realm=REALM,
-                domain=DOMAIN,
                 verify_certs=True
             )
 
@@ -112,8 +109,6 @@ class TripleOTest(novajoin_manager.NovajoinScenarioTest):
             print(managed_services)
             self.verify_managed_services(
                 services=managed_services,
-                realm=REALM,
-                domain=DOMAIN,
                 verify_certs=True)
 
     def test_verify_service_certs_are_tracked(self):