modular resource checking infrastructure

This provides the infrastructure for modular resource checking, as
well as an example implementation for keystone.

The infrastructure includes:

- the resource script dispatcher, including the ability to disable
  using it all together via config.

- resource_save / resource_get scripts for our grenadedb registry
  (wrapper on ini files, but abstracted so we could do something
  different in the future)

- keystone resource script.

Change-Id: I8666a96a817cfc333e50eed3b9aeffa5ac4aeec6

grenade.sh

@@ -184,6 +184,8 @@ source $GRENADE_DIR/functions
 # scripts.
 export TOP_DIR=$TARGET_DEVSTACK_DIR
 
+# Initialize grenade_db local storage, used for resource tracking
+init_grenade_db
 
 # Install 'Base' Build of OpenStack
 # =================================
@@ -235,6 +237,12 @@ if [[ "$RUN_BASE" == "True" ]]; then
     fi
     stop $STOP base-smoke 110
 
+    # Create resources
+    resources create
+
+    # Verify the resources were created
+    resources verify
+
     # Create the javelin resources
     run_javelin create
 
@@ -246,6 +254,9 @@ if [[ "$RUN_BASE" == "True" ]]; then
     # Shut down running code
     echo_summary "Shutting down all services on base devstack..."
     shutdown_services
+
+    # Verify the resources still exist after the shutdown
+    resources verify_noapi
 fi
 
 
@@ -276,6 +287,9 @@ if [[ "$RUN_TARGET" == "True" ]]; then
     # Upgrade Tests
     # =============
 
+    # Verify the resources still exist after the upgrade
+    resources verify
+
     # Validate the created resources
     run_javelin check
 
@@ -291,6 +305,9 @@ if [[ "$RUN_TARGET" == "True" ]]; then
     # --------------
     save_data $TARGET_RELEASE $TARGET_DEVSTACK_DIR
 
+    # Cleanup the resources
+    resources destroy
+
     # Cleanup all resources created by javelin
     run_javelin destroy
 fi

grenaderc

@@ -83,6 +83,11 @@ UPGRADE_PROJECTS=""
 # Need this for global requirements
 REQUIREMENTS_DIR=$TARGET_RELEASE_DIR/requirements
 
+# Should we verify resources survive the upgrade process. Previously
+# this was done with Javelin, but will be done with per resource
+# scripts going forward.
+VERIFY_RESOURCES=${VERIFY_RESOURCES:-True}
+
 # Should we do resource testing
 # Set up for Javelin (default to True)
 RUN_JAVELIN=${RUN_JAVELIN:-True}

inc/plugin

@@ -14,6 +14,8 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+GRENADE_DB=$SAVE_DIR/grenade_db.ini
+
 function load_settings {
     local in_tree_plugins=$RC_DIR/projects
     for dir in $in_tree_plugins/*; do
@@ -47,3 +49,48 @@ function shutdown_services {
         fi
     done
 }
+
+function resources {
+    # which resource phase are we in
+    local phase=$1
+
+    # bail early if we aren't going to do this level of verification.
+    if [[ "$VERIFY_RESOURCES" != "True" ]]; then
+        echo "Skipping resource phase ``$phase`` by configuration"
+        return
+    fi
+    echo_summary "Running resource phase ``$phase``"
+
+    for project in $UPGRADE_PROJECTS; do
+        local dir=${PLUGIN_DIR[$project]}
+        if [[ -z "$dir" ]]; then
+            die $LINENO "Couldn't find project '$project' in plugin list"
+        fi
+        local resource=$dir/resources.sh
+        if [[ -e $resource ]]; then
+            # NOTE(sdague): we might need to set topdir differently?
+            TOP_DIR=$BASE_DEVSTACK_DIR $resource $phase || die "Failed to run ``$resource $phase``"
+        fi
+    done
+}
+
+function init_grenade_db {
+    if [[ ! -e $GRENADE_DB ]]; then
+        mkdir -p $SAVE_DIR
+        touch $GRENADE_DB
+    fi
+}
+
+function resource_save {
+    local project=$1
+    local key=$2
+    local value=$3
+    iniset $GRENADE_DB $project $key $value
+}
+
+function resource_get {
+    local project=$1
+    local key=$2
+    local value=$(iniget $GRENADE_DB $project $key)
+    echo $value
+}

projects/10_keystone/resources.sh

@@ -0,0 +1,72 @@
+#!/bin/bash
+#
+# Copyright 2015 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -o errexit
+
+source $GRENADE_DIR/grenaderc
+source $GRENADE_DIR/functions
+
+source $TOP_DIR/openrc admin admin
+
+KEYSTONE_TEST_USER=keystone_check
+KEYSTONE_TEST_GROUP=keystone_check
+KEYSTONE_TEST_PASS=pass
+
+function create {
+    # creates the project, and sets $id locally
+    eval $(openstack project create -f shell -c id $KEYSTONE_TEST_GROUP)
+    resource_save keystone project_id $id
+
+    # creates the user, and sets $id locally
+    eval $(openstack user create $KEYSTONE_TEST_USER \
+        --project $id \
+        --password $KEYSTONE_TEST_PASS \
+        -f shell -c id)
+    resource_save keystone user_id $id
+}
+
+function verify {
+    local user_id=$(resource_get keystone user_id)
+    openstack user show $user_id
+}
+
+function verify_noapi {
+    # currently no good way
+    :
+}
+
+function destroy {
+    local user_id=$(resource_get keystone user_id)
+    local project_id=$(resource_get keystone project_id)
+    openstack user delete $user_id
+    openstack project delete $project_id
+}
+
+# Dispatcher
+case $1 in
+    "create")
+        create
+        ;;
+    "verify_noapi")
+        verify_noapi
+        ;;
+    "verify")
+        verify
+        ;;
+    "destroy")
+        destroy
+        ;;
+esac