293 lines
10 KiB
Ruby
293 lines
10 KiB
Ruby
# encoding: UTF-8
|
|
#
|
|
|
|
require_relative 'spec_helper'
|
|
|
|
describe 'openstack-identity::registration' do
|
|
describe 'ubuntu' do
|
|
let(:node) { runner.node }
|
|
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
|
let(:chef_run) { runner.converge(described_recipe) }
|
|
let(:node_add_user) do
|
|
node.set_unless['openstack']['identity']['users'] = {
|
|
'user1' => {
|
|
'default_tenant' => 'default_tenant1',
|
|
'password' => 'secret1',
|
|
'roles' => {
|
|
'role1' => ['role_tenant1'],
|
|
'role2' => ['default_tenant1']
|
|
}
|
|
}
|
|
}
|
|
end
|
|
|
|
include_context 'identity_stubs'
|
|
|
|
describe 'tenant registration' do
|
|
context 'default tenants' do
|
|
['admin'].each do |tenant_name|
|
|
it "registers the #{tenant_name} tenant" do
|
|
expect(chef_run).to create_tenant_openstack_identity_register(
|
|
"Register '#{tenant_name}' Tenant"
|
|
).with(
|
|
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
|
bootstrap_token: 'bootstrap-token',
|
|
tenant_name: tenant_name,
|
|
tenant_description: "#{tenant_name} Tenant"
|
|
)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'configured tenants from users attribute' do
|
|
before { node_add_user }
|
|
['default_tenant1', 'role_tenant1'].each do |tenant_name|
|
|
it "registers the #{tenant_name} tenant" do
|
|
expect(chef_run).to create_tenant_openstack_identity_register(
|
|
"Register '#{tenant_name}' Tenant"
|
|
).with(
|
|
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
|
bootstrap_token: 'bootstrap-token',
|
|
tenant_name: tenant_name,
|
|
tenant_description: "#{tenant_name} Tenant"
|
|
)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'role registration' do
|
|
context 'default roles' do
|
|
%w(admin service).each do |role_name|
|
|
it "registers the #{role_name} role" do
|
|
expect(chef_run).to create_role_openstack_identity_register(
|
|
"Register '#{role_name}' Role"
|
|
).with(
|
|
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
|
bootstrap_token: 'bootstrap-token',
|
|
role_name: role_name
|
|
)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'configured roles derived from users attribute' do
|
|
before { node_add_user }
|
|
|
|
['role1', 'role2'].each do |role_name|
|
|
it "registers the #{role_name} role" do
|
|
expect(chef_run).to create_role_openstack_identity_register(
|
|
"Register '#{role_name}' Role"
|
|
).with(
|
|
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
|
bootstrap_token: 'bootstrap-token',
|
|
role_name: role_name
|
|
)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'user registration' do
|
|
context 'default users' do
|
|
user_admin = [
|
|
'admin', 'admin',
|
|
['admin', 'service']
|
|
]
|
|
|
|
[user_admin].each do |user, tenant, roles|
|
|
context "#{user} user" do
|
|
it "registers the #{user} user" do
|
|
expect(chef_run).to create_user_openstack_identity_register(
|
|
"Register '#{user}' User"
|
|
).with(
|
|
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
|
bootstrap_token: 'bootstrap-token',
|
|
user_name: user,
|
|
user_pass: 'admin',
|
|
tenant_name: tenant
|
|
)
|
|
end
|
|
|
|
roles.each do |role|
|
|
it "grants '#{role}' role to '#{user}' user in 'admin' tenant" do
|
|
expect(chef_run).to grant_role_openstack_identity_register(
|
|
"Grant '#{role}' Role to '#{user}' User in 'admin' Tenant"
|
|
).with(
|
|
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
|
bootstrap_token: 'bootstrap-token',
|
|
user_name: user,
|
|
role_name: role,
|
|
tenant_name: 'admin',
|
|
action: [:grant_role]
|
|
)
|
|
end
|
|
end
|
|
|
|
it 'registers the admin user for ec2' do
|
|
expect(chef_run).to create_ec2_credentials_openstack_identity_register(
|
|
"Create EC2 credentials for 'admin' user"
|
|
).with(
|
|
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
|
bootstrap_token: 'bootstrap-token',
|
|
user_name: user,
|
|
tenant_name: tenant,
|
|
admin_tenant_name: 'admin',
|
|
admin_user: 'admin',
|
|
admin_pass: 'admin'
|
|
)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'configured user' do
|
|
before { node_add_user }
|
|
|
|
it 'registers the user1 user' do
|
|
expect(chef_run).to create_user_openstack_identity_register(
|
|
"Register 'user1' User"
|
|
).with(
|
|
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
|
bootstrap_token: 'bootstrap-token',
|
|
user_name: 'user1',
|
|
user_pass: 'secret1',
|
|
tenant_name: 'default_tenant1'
|
|
)
|
|
end
|
|
|
|
it "grants 'role1' role to 'user1' user in 'role_tenant1' tenant" do
|
|
expect(chef_run).to grant_role_openstack_identity_register(
|
|
"Grant 'role1' Role to 'user1' User in 'role_tenant1' Tenant"
|
|
).with(
|
|
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
|
bootstrap_token: 'bootstrap-token',
|
|
user_name: 'user1',
|
|
role_name: 'role1',
|
|
tenant_name: 'role_tenant1'
|
|
)
|
|
end
|
|
|
|
it 'registers the user1 user for ec2' do
|
|
expect(chef_run).to create_ec2_credentials_openstack_identity_register(
|
|
"Create EC2 credentials for 'user1' user"
|
|
).with(
|
|
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
|
bootstrap_token: 'bootstrap-token',
|
|
user_name: 'user1',
|
|
tenant_name: 'default_tenant1',
|
|
admin_tenant_name: 'admin',
|
|
admin_user: 'admin',
|
|
admin_pass: 'admin'
|
|
)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'service registration' do
|
|
context 'with templated catalog backend' do
|
|
before do
|
|
node.set['openstack']['identity']['catalog']['backend'] = 'templated'
|
|
end
|
|
|
|
it 'does not register identity service' do
|
|
expect(chef_run).to_not create_service_openstack_identity_register(
|
|
'Register Identity Service'
|
|
)
|
|
end
|
|
end
|
|
|
|
context 'with sql catalog backend' do
|
|
before do
|
|
node.set['openstack']['identity']['catalog']['backend'] = 'sql'
|
|
end
|
|
it 'registers identity service' do
|
|
expect(chef_run).to create_service_openstack_identity_register(
|
|
'Register Identity Service'
|
|
).with(
|
|
service_name: 'keystone',
|
|
service_type: 'identity',
|
|
service_description: 'Keystone Identity Service'
|
|
)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'endpoint registration' do
|
|
context 'with templated catalog backend' do
|
|
before do
|
|
node.set['openstack']['identity']['catalog']['backend'] = 'templated'
|
|
end
|
|
|
|
it 'does not register identity endpoint' do
|
|
expect(chef_run).to_not create_endpoint_openstack_identity_register(
|
|
'Register Identity Endpoint'
|
|
)
|
|
end
|
|
end
|
|
|
|
context 'with sql catalog backend' do
|
|
before do
|
|
node.set['openstack']['identity']['catalog']['backend'] = 'sql'
|
|
end
|
|
it 'registers identity endpoints' do
|
|
expect(chef_run).to create_endpoint_openstack_identity_register(
|
|
'Register Identity Endpoint'
|
|
).with(
|
|
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
|
bootstrap_token: 'bootstrap-token',
|
|
service_type: 'identity',
|
|
endpoint_region: 'RegionOne',
|
|
endpoint_adminurl: 'http://127.0.0.1:35357/v2.0',
|
|
endpoint_internalurl: 'http://127.0.0.1:5000/v2.0',
|
|
endpoint_publicurl: 'http://127.0.0.1:5000/v2.0'
|
|
)
|
|
end
|
|
|
|
it 'overrides identity endpoint region' do
|
|
node.set['openstack']['identity']['region'] = 'identityRegion'
|
|
expect(chef_run).to create_endpoint_openstack_identity_register(
|
|
'Register Identity Endpoint'
|
|
).with(endpoint_region: 'identityRegion')
|
|
end
|
|
|
|
it 'overrides identity endpoints' do
|
|
node.set['openstack']['endpoints']['admin']['identity']['host'] = '127.0.0.2'
|
|
node.set['openstack']['endpoints']['admin']['identity']['port'] = '5002'
|
|
node.set['openstack']['endpoints']['admin']['identity']['path'] = '/v2.2'
|
|
node.set['openstack']['endpoints']['internal']['identity']['host'] = '127.0.0.3'
|
|
node.set['openstack']['endpoints']['internal']['identity']['port'] = '5003'
|
|
node.set['openstack']['endpoints']['internal']['identity']['path'] = '/v2.3'
|
|
node.set['openstack']['endpoints']['public']['identity']['host'] = '127.0.0.4'
|
|
node.set['openstack']['endpoints']['public']['identity']['port'] = '5004'
|
|
node.set['openstack']['endpoints']['public']['identity']['path'] = '/v2.4'
|
|
expect(chef_run).to create_endpoint_openstack_identity_register(
|
|
'Register Identity Endpoint'
|
|
).with(
|
|
endpoint_adminurl: 'http://127.0.0.2:5002/v2.2',
|
|
endpoint_internalurl: 'http://127.0.0.3:5003/v2.3',
|
|
endpoint_publicurl: 'http://127.0.0.4:5004/v2.4'
|
|
)
|
|
end
|
|
|
|
it 'register endpoint with all different URLs' do
|
|
public_url = 'https://public.host:789/public_path'
|
|
internal_url = 'http://internal.host:456/internal_path'
|
|
admin_url = 'https://admin.host:123/admin_path'
|
|
node.set['openstack']['endpoints']['public']['identity']['uri'] = public_url
|
|
node.set['openstack']['endpoints']['internal']['identity']['uri'] = internal_url
|
|
node.set['openstack']['endpoints']['admin']['identity']['uri'] = admin_url
|
|
|
|
expect(chef_run).to create_endpoint_openstack_identity_register(
|
|
'Register Identity Endpoint'
|
|
).with(
|
|
endpoint_adminurl: admin_url,
|
|
endpoint_internalurl: internal_url,
|
|
endpoint_publicurl: public_url
|
|
)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|