use_cookbook-openstackclient/identity_v3

- Now use cookbook-openstackclient to create endpoints role service and
  user
- added domain creation and access granting
- edited values to work with identity_v3
- rewrote specs to work again
- edited image_upload to work with domains

Change-Id: I88ea66da9e8c189208d7e69ecc38dcf502d518db
Depends-On: I0f8955f05de9b33711c54b9a198f45018cceb8e1
Depends-On: I2d404a424bd79a6e9b282304e21591fa33a48981
Depends-On: I2f339055883354c6a8a77daa7967ff279c4d18d9
Depends-On: I84f850f32f25a318c3ed3c7337a0dfa6f641a5fe
This commit is contained in:
Christoph Albers 2016-10-06 15:32:40 +02:00
parent 09a7de3b5e
commit 03b3ee079e
7 changed files with 143 additions and 127 deletions

View File

@ -14,3 +14,5 @@ cookbook "openstack-network",
github: "openstack/cookbook-openstack-network"
cookbook "openstack-block-storage",
github: "openstack/cookbook-openstack-block-storage"
cookbook "openstackclient",
github: "cloudbau/cookbook-openstackclient"

View File

@ -29,12 +29,16 @@ default['openstack']['integration-test'] = {
'user1' => {
'user_name' => 'tempest_user1',
'password' => 'tempest_user1_pass',
'project_name' => 'tempest_project1'
'project_name' => 'tempest_project1',
'role' => 'Member',
'domain_name' => 'Default'
},
'user2' => {
'user_name' => 'tempest_user2',
'password' => 'tempest_user2_pass',
'project_name' => 'tempest_project2'
'project_name' => 'tempest_project2',
'role' => 'Member',
'domain_name' => 'Default'
},
'image1' => {
'name' => 'cirros',

View File

@ -19,3 +19,4 @@ depends 'openstack-identity', '>= 14.0.0'
depends 'openstack-image', '>= 14.0.0'
depends 'openstack-compute', '>= 14.0.0'
depends 'openstack-block-storage', '>= 14.0.0'
depends 'openstackclient'

View File

@ -38,64 +38,64 @@ end
package 'curl'
identity_admin_endpoint = admin_endpoint 'identity'
# Since this is testing things from the user's perspective,
# use the public identity endpoint
identity_api_endpoint = public_endpoint 'identity'
bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token'
auth_uri = ::URI.decode identity_admin_endpoint.to_s
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
identity_public_endpoint = public_endpoint 'identity'
auth_url = ::URI.decode identity_admin_endpoint.to_s
%w(user1 user2).each_with_index do |user, i|
i += 1
admin_user = node['openstack']['identity']['admin_user']
admin_pass = get_password 'user', admin_user
admin_project = node['openstack']['identity']['admin_project']
admin_domain = node['openstack']['identity']['admin_domain_name']
admin_project_domain_name = node['openstack']['identity']['admin_project_domain']
openstack_identity_register "Register tempest project #{i}" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name node['openstack']['integration-test'][user]['project_name']
tenant_description "Tempest project #{i}"
connection_params = {
openstack_auth_url: "#{auth_url}/auth/tokens",
openstack_username: admin_user,
openstack_api_key: admin_pass,
openstack_project_name: admin_project,
openstack_domain_name: admin_domain
}
action :create_tenant
%w(user1 user2).each_with_index do |user|
service_user = node['openstack']['integration-test'][user]['user_name']
service_project = node['openstack']['integration-test'][user]['project_name']
service_role = node['openstack']['integration-test'][user]['role']
service_domain = node['openstack']['integration-test'][user]['domain_name']
service_pass = node['openstack']['integration-test'][user]['password']
openstack_project service_project do
connection_params connection_params
end
openstack_identity_register "Register tempest user #{i}" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name node['openstack']['integration-test'][user]['project_name']
user_name node['openstack']['integration-test'][user]['user_name']
user_pass node['openstack']['integration-test'][user]['password']
action :create_user
openstack_role service_role do
connection_params connection_params
end
openstack_identity_register "Create tempest role #{i}" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name node['openstack']['integration-test'][user]['project_name']
user_name node['openstack']['integration-test'][user]['user_name']
user_pass node['openstack']['integration-test'][user]['password']
role_name 'Member'
action :create_role
openstack_user service_user do
project_name service_project
role_name service_role
password service_pass
connection_params connection_params
end
openstack_identity_register "Grant 'member' Role to tempest user for tempest project ##{i}" do
auth_uri auth_uri
bootstrap_token bootstrap_token
tenant_name node['openstack']['integration-test'][user]['project_name']
user_name node['openstack']['integration-test'][user]['user_name']
role_name 'Member'
openstack_user service_user do
role_name service_role
project_name service_project
connection_params connection_params
action :grant_role
end
openstack_user service_user do
domain_name service_domain
role_name service_role
user_name service_user
connection_params connection_params
action :grant_domain
end
end
# Create role for heat template defined users
heat_stack_user_role = node['openstack']['integration-test']['heat_stack_user_role']
openstack_identity_register "Create '#{heat_stack_user_role}' Role for template defined users" do
auth_uri auth_uri
bootstrap_token bootstrap_token
role_name heat_stack_user_role
action :create_role
openstack_role heat_stack_user_role do
connection_params connection_params
end
git '/opt/tempest' do
@ -105,16 +105,15 @@ git '/opt/tempest' do
action :sync
end
admin_user = node['openstack']['identity']['admin_user']
admin_project = node['openstack']['identity']['admin_tenant_name']
%w(image1 image2).each do |img|
image_name = node['openstack']['integration-test'][img]['name']
openstack_image_image img do
identity_user admin_user
identity_pass admin_pass
identity_tenant admin_project
identity_uri auth_uri
identity_uri auth_url
identity_user_domain_name admin_domain
identity_project_domain_name admin_project_domain_name
image_name image_name
image_url node['openstack']['integration-test'][img]['source']
end
@ -162,8 +161,8 @@ template '/opt/tempest/etc/tempest.conf' do
# get_image_id being executed).
variables(
'tempest_disable_ssl_validation' => node['openstack']['integration-test']['disable_ssl_validation'],
'identity_endpoint_host' => identity_api_endpoint.host,
'identity_endpoint_port' => identity_api_endpoint.port,
'identity_endpoint_host' => identity_public_endpoint.host,
'identity_endpoint_port' => identity_public_endpoint.port,
'tempest_use_dynamic_credentials' => node['openstack']['integration-test']['use_dynamic_credentials'],
'tempest_user1' => node['openstack']['integration-test']['user1']['user_name'],
'tempest_user1_pass' => node['openstack']['integration-test']['user1']['password'],

View File

@ -11,6 +11,14 @@ describe 'openstack-integration-test::setup' do
include_context 'tempest-stubs'
connection_params = {
openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
openstack_username: 'admin',
openstack_api_key: 'admin',
openstack_project_name: 'admin',
openstack_domain_name: 'default'
}
it 'installs tempest dependencies' do
packages = %w(git libxml2-dev libxslt-dev testrepository python-dev
libffi-dev)
@ -20,109 +28,99 @@ describe 'openstack-integration-test::setup' do
end
end
it 'registers project tempest_project1' do
expect(chef_run).to create_tenant_openstack_identity_register(
'Register tempest project 1'
it 'registers tempest_project1 Project' do
expect(chef_run).to create_openstack_project(
'tempest_project1'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'tempest_project1',
tenant_description: 'Tempest project 1'
connection_params: connection_params
)
end
it 'registers user tempest_user1' do
expect(chef_run).to create_user_openstack_identity_register(
'Register tempest user 1'
it 'registers service user' do
expect(chef_run).to create_openstack_user(
'tempest_user1'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'tempest_project1',
user_name: 'tempest_user1',
user_pass: 'tempest_user1_pass'
project_name: 'tempest_project1',
role_name: 'Member',
password: 'tempest_user1_pass',
connection_params: connection_params
)
end
it 'creates member role to tempest_user1 for tempest_project1' do
expect(chef_run).to create_role_openstack_identity_register(
'Create tempest role 1'
it 'create service role' do
expect(chef_run).to create_openstack_role(
'Member'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'tempest_project1',
user_name: 'tempest_user1',
user_pass: 'tempest_user1_pass',
role_name: 'Member'
connection_params: connection_params
)
end
it 'grants member role to tempest_user1 for tempest_project1' do
expect(chef_run).to grant_role_openstack_identity_register(
"Grant 'member' Role to tempest user for tempest project #1"
it do
expect(chef_run).to grant_domain_openstack_user(
'tempest_user1'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'tempest_project1',
user_name: 'tempest_user1',
role_name: 'Member'
domain_name: 'Default',
role_name: 'Member',
connection_params: connection_params
)
end
it 'registers project tempest_project2' do
expect(chef_run).to create_tenant_openstack_identity_register(
'Register tempest project 2'
it do
expect(chef_run).to grant_role_openstack_user(
'tempest_user1'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'tempest_project2',
tenant_description: 'Tempest project 2'
project_name: 'tempest_project1',
role_name: 'Member',
password: 'tempest_user1_pass',
connection_params: connection_params
)
end
it 'registers user tempest_user2' do
expect(chef_run).to create_user_openstack_identity_register(
'Register tempest user 2'
it 'registers tempest_project2 Project' do
expect(chef_run).to create_openstack_project(
'tempest_project2'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'tempest_project2',
user_name: 'tempest_user2',
user_pass: 'tempest_user2_pass'
connection_params: connection_params
)
end
it 'creates member role to tempest_user2 for tempest_project2' do
expect(chef_run).to create_role_openstack_identity_register(
'Create tempest role 2'
it 'registers service user' do
expect(chef_run).to create_openstack_user(
'tempest_user2'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'tempest_project2',
user_name: 'tempest_user2',
user_pass: 'tempest_user2_pass',
role_name: 'Member'
project_name: 'tempest_project2',
role_name: 'Member',
password: 'tempest_user2_pass',
connection_params: connection_params
)
end
it 'grants member role to tempest_user2 for tempest_project2' do
expect(chef_run).to grant_role_openstack_identity_register(
"Grant 'member' Role to tempest user for tempest project #2"
it do
expect(chef_run).to grant_domain_openstack_user(
'tempest_user2'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
tenant_name: 'tempest_project2',
user_name: 'tempest_user2',
role_name: 'Member'
domain_name: 'Default',
role_name: 'Member',
connection_params: connection_params
)
end
it 'creats heat stack owner role' do
expect(chef_run).to create_role_openstack_identity_register(
"Create 'heat_stack_owner' Role for template defined users"
it do
expect(chef_run).to grant_role_openstack_user(
'tempest_user2'
).with(
auth_uri: 'http://127.0.0.1:35357/v2.0',
bootstrap_token: 'bootstrap-token',
role_name: 'heat_stack_owner'
project_name: 'tempest_project2',
role_name: 'Member',
password: 'tempest_user2_pass',
connection_params: connection_params
)
end
it 'create service role' do
expect(chef_run).to create_openstack_role(
'heat_stack_owner'
).with(
connection_params: connection_params
)
end
@ -141,7 +139,9 @@ describe 'openstack-integration-test::setup' do
identity_user: 'admin',
identity_pass: 'admin',
identity_tenant: 'admin',
identity_uri: 'http://127.0.0.1:35357/v2.0',
identity_uri: 'http://127.0.0.1:35357/v3',
identity_user_domain_name: 'default',
identity_project_domain_name: 'default',
image_name: 'cirros',
image_url: 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img'
)
@ -152,7 +152,9 @@ describe 'openstack-integration-test::setup' do
identity_user: 'admin',
identity_pass: 'admin',
identity_tenant: 'admin',
identity_uri: 'http://127.0.0.1:35357/v2.0',
identity_uri: 'http://127.0.0.1:35357/v3',
identity_user_domain_name: 'default',
identity_project_domain_name: 'default',
image_name: 'cirros',
image_url: 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img'
)

View File

@ -24,8 +24,8 @@ shared_context 'tempest-stubs' do
{
'OS_USERNAME' => 'admin',
'OS_PASSWORD' => 'admin',
'OS_TENANT_NAME' => 'admin',
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v2.0'
'OS_PROJECT_NAME' => 'admin',
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3'
}
allow_any_instance_of(Chef::Recipe).to receive(:get_password)

View File

@ -1,9 +1,11 @@
[auth]
use_dynamic_credentials = <%= @tempest_use_dynamic_credentials %>
default_credentials_domain_name = Default
admin_username = <%= @tempest_admin %>
admin_password = <%= @tempest_admin_pass %>
admin_project_name = <%= @tempest_admin_project %>
admin_domain_name = Default
[identity]
@ -13,6 +15,7 @@ disable_ssl_certificate_validation = <%= @tempest_disable_ssl_validation %>
uri = http://<%= @identity_endpoint_host %>:<%= @identity_endpoint_port %>/v2.0/
uri_v3 = http://<%= @identity_endpoint_host %>:<%= @identity_endpoint_port %>/v3/
v3_endpoint_type = publicURL
strategy = keystone
@ -20,11 +23,15 @@ region = RegionOne
username = <%= @tempest_user1 %>
password = <%= @tempest_user1_pass %>
user_domain_name = Default
project_domain_name = Default
project_name = <%= @tempest_user1_project %>
alt_username = <%= @tempest_user2 %>
alt_password = <%= @tempest_user2_pass %>
alt_project_name = <%= @tempest_user2_project %>
default_domain_id = default
admin_domain_scope = false
[validation]
image_alt_ssh_user = <%= @tempest_alt_ssh_user %>
@ -69,7 +76,8 @@ use_block_migration_for_live_migration = False
disk_config_enabled_override = true
[identity-feature-enabled]
api_v3 = false
api_v3 = true
api_v2 = false
[whitebox]