Allow to pass --insecure options into VMs
currently Heat tests have troubles running when self-signed SSL CA is used on public Heat API and standard upstream images (Cirros, Ubuntu) are used as those lack trust to those CA - example is DevStack with tls-proxy service enabled. A workaround is to set [clients_heat]insecure=True, but that is not really a production-ready setting, and does not work for CFN-style signaling, only for WaitConditions. Instead, this patch adds an extra config option `vm_to_heat_api_insecure` (defaults to False), and when enabled tests will pass the correct option to the curl or cfn-signal commands running from instance's user data via new parameters that test templates are now accepting. Change-Id: I94a82caf1fcb6999151ff1e6fbbe1e2ba211bbb9
This commit is contained in:
parent
e4d6583aa6
commit
ab1725eb6b
|
@ -162,6 +162,11 @@ HeatGroup = [
|
||||||
cfg.StrOpt('credential_secret_id',
|
cfg.StrOpt('credential_secret_id',
|
||||||
help="Barbican secret id which storing cloud credential in "
|
help="Barbican secret id which storing cloud credential in "
|
||||||
"remote site."),
|
"remote site."),
|
||||||
|
cfg.BoolOpt('vm_to_heat_api_insecure',
|
||||||
|
default=False,
|
||||||
|
help="Set this to True if VM images used for tests "
|
||||||
|
"can not verify a (self-signed) SSL certificate "
|
||||||
|
"of public Heat endpoint."),
|
||||||
]
|
]
|
||||||
|
|
||||||
heat_features_group = cfg.OptGroup(
|
heat_features_group = cfg.OptGroup(
|
||||||
|
|
|
@ -29,6 +29,9 @@ parameters:
|
||||||
timeout:
|
timeout:
|
||||||
type: number
|
type: number
|
||||||
default: 60
|
default: 60
|
||||||
|
wc_extra_args:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
resources:
|
resources:
|
||||||
instance1:
|
instance1:
|
||||||
type: OS::Nova::Server
|
type: OS::Nova::Server
|
||||||
|
@ -72,7 +75,10 @@ resources:
|
||||||
'
|
'
|
||||||
params:
|
params:
|
||||||
wc_notify:
|
wc_notify:
|
||||||
get_attr: [wait_handle, curl_cli]
|
list_join:
|
||||||
|
- " "
|
||||||
|
- [ get_attr: [ wait_handle, curl_cli],
|
||||||
|
get_param: wc_extra_args ]
|
||||||
|
|
||||||
wait_condition:
|
wait_condition:
|
||||||
type: OS::Heat::WaitCondition
|
type: OS::Heat::WaitCondition
|
||||||
|
@ -107,4 +113,6 @@ outputs:
|
||||||
'image': self.conf.minimal_image_ref,
|
'image': self.conf.minimal_image_ref,
|
||||||
'network': self.conf.fixed_network_name,
|
'network': self.conf.fixed_network_name,
|
||||||
'timeout': 180}
|
'timeout': 180}
|
||||||
|
if self.conf.vm_to_heat_api_insecure:
|
||||||
|
params['wc_extra_args'] = '--insecure'
|
||||||
self.stack_create(template=self.template, parameters=params)
|
self.stack_create(template=self.template, parameters=params)
|
||||||
|
|
|
@ -29,13 +29,20 @@ parameters:
|
||||||
subnet:
|
subnet:
|
||||||
type: string
|
type: string
|
||||||
|
|
||||||
|
wc_extra_args:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
config:
|
config:
|
||||||
type: OS::Test::WebAppConfig
|
type: OS::Test::WebAppConfig
|
||||||
properties:
|
properties:
|
||||||
app_port: { get_param: app_port }
|
app_port: { get_param: app_port }
|
||||||
wc_curl_cli: { get_attr: [ handle, curl_cli ] }
|
wc_curl_cli:
|
||||||
|
list_join:
|
||||||
|
- " "
|
||||||
|
- [ get_attr: [ handle, curl_cli ], get_param: wc_extra_args ]
|
||||||
|
|
||||||
server:
|
server:
|
||||||
type: OS::Nova::Server
|
type: OS::Nova::Server
|
||||||
|
|
|
@ -26,13 +26,20 @@ parameters:
|
||||||
timeout:
|
timeout:
|
||||||
type: number
|
type: number
|
||||||
|
|
||||||
|
wc_extra_args:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
config:
|
config:
|
||||||
type: OS::Test::WebAppConfig
|
type: OS::Test::WebAppConfig
|
||||||
properties:
|
properties:
|
||||||
app_port: { get_param: app_port }
|
app_port: { get_param: app_port }
|
||||||
wc_curl_cli: { get_attr: [ handle, curl_cli ] }
|
wc_curl_cli:
|
||||||
|
list_join:
|
||||||
|
- " "
|
||||||
|
- [ get_attr: [ handle, curl_cli ], get_param: wc_extra_args ]
|
||||||
|
|
||||||
server:
|
server:
|
||||||
type: OS::Nova::Server
|
type: OS::Nova::Server
|
||||||
|
|
|
@ -27,6 +27,9 @@ parameters:
|
||||||
timeout:
|
timeout:
|
||||||
type: number
|
type: number
|
||||||
default: 600
|
default: 600
|
||||||
|
wc_extra_args:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
|
@ -55,6 +58,7 @@ resources:
|
||||||
app_port: { get_param: app_port }
|
app_port: { get_param: app_port }
|
||||||
pool_id: { get_resource: pool }
|
pool_id: { get_resource: pool }
|
||||||
timeout: { get_param: timeout }
|
timeout: { get_param: timeout }
|
||||||
|
wc_extra_args: { get_param: wc_extra_args }
|
||||||
|
|
||||||
scale_up:
|
scale_up:
|
||||||
type: OS::Heat::ScalingPolicy
|
type: OS::Heat::ScalingPolicy
|
||||||
|
|
|
@ -27,6 +27,9 @@ parameters:
|
||||||
timeout:
|
timeout:
|
||||||
type: number
|
type: number
|
||||||
default: 600
|
default: 600
|
||||||
|
wc_extra_args:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
|
@ -56,6 +59,7 @@ resources:
|
||||||
pool: { get_resource: pool }
|
pool: { get_resource: pool }
|
||||||
subnet: { get_param: subnet }
|
subnet: { get_param: subnet }
|
||||||
timeout: { get_param: timeout }
|
timeout: { get_param: timeout }
|
||||||
|
wc_extra_args: { get_param: wc_extra_args }
|
||||||
|
|
||||||
scale_up:
|
scale_up:
|
||||||
type: OS::Heat::ScalingPolicy
|
type: OS::Heat::ScalingPolicy
|
||||||
|
|
|
@ -13,6 +13,9 @@ Parameters:
|
||||||
Type: String
|
Type: String
|
||||||
timeout:
|
timeout:
|
||||||
Type: Number
|
Type: Number
|
||||||
|
SignalExtraArgs:
|
||||||
|
Type: String
|
||||||
|
Default: ""
|
||||||
Resources:
|
Resources:
|
||||||
CfnUser:
|
CfnUser:
|
||||||
Type: AWS::IAM::User
|
Type: AWS::IAM::User
|
||||||
|
@ -69,10 +72,11 @@ Resources:
|
||||||
UserData:
|
UserData:
|
||||||
Fn::Replace:
|
Fn::Replace:
|
||||||
- WaitHandle: {Ref: WaitHandle}
|
- WaitHandle: {Ref: WaitHandle}
|
||||||
|
SignalExtraArgs: {Ref: SignalExtraArgs}
|
||||||
- |
|
- |
|
||||||
#!/bin/bash -v
|
#!/bin/bash -v
|
||||||
/usr/bin/cfn-init
|
/usr/bin/cfn-init
|
||||||
/usr/bin/cfn-signal -e 0 --data "`cat /tmp/smoke-status`" \
|
/usr/bin/cfn-signal SignalExtraArgs -e 0 --data "`cat /tmp/smoke-status`" \
|
||||||
--id smoke_status "WaitHandle"
|
--id smoke_status "WaitHandle"
|
||||||
WaitHandle:
|
WaitHandle:
|
||||||
Type: AWS::CloudFormation::WaitConditionHandle
|
Type: AWS::CloudFormation::WaitConditionHandle
|
||||||
|
|
|
@ -26,6 +26,9 @@ parameters:
|
||||||
user_data_format:
|
user_data_format:
|
||||||
type: string
|
type: string
|
||||||
default: RAW
|
default: RAW
|
||||||
|
wc_extra_args:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
resources:
|
resources:
|
||||||
sg:
|
sg:
|
||||||
type: OS::Neutron::SecurityGroup
|
type: OS::Neutron::SecurityGroup
|
||||||
|
@ -86,7 +89,10 @@ resources:
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
wc_notify --data-binary '{"status": "SUCCESS", "data": "test complete"}'
|
wc_notify --data-binary '{"status": "SUCCESS", "data": "test complete"}'
|
||||||
params:
|
params:
|
||||||
wc_notify: { get_attr: ['wait_handle', 'curl_cli'] }
|
wc_notify:
|
||||||
|
list_join:
|
||||||
|
- " "
|
||||||
|
- [ get_attr: ['wait_handle', 'curl_cli'], get_param: wc_extra_args ]
|
||||||
|
|
||||||
server_floating_ip_assoc:
|
server_floating_ip_assoc:
|
||||||
type: OS::Neutron::FloatingIPAssociation
|
type: OS::Neutron::FloatingIPAssociation
|
||||||
|
|
|
@ -39,6 +39,11 @@ parameters:
|
||||||
description: Description of volume
|
description: Description of volume
|
||||||
default: A volume description
|
default: A volume description
|
||||||
|
|
||||||
|
wc_extra_args:
|
||||||
|
type: string
|
||||||
|
description: extra options to add to CURL command
|
||||||
|
default: ""
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
volume:
|
volume:
|
||||||
type: OS::Cinder::Volume
|
type: OS::Cinder::Volume
|
||||||
|
@ -77,14 +82,15 @@ resources:
|
||||||
then
|
then
|
||||||
mount /dev/dev_name /mnt
|
mount /dev/dev_name /mnt
|
||||||
TESTDATA=$(cat /mnt/testfile)
|
TESTDATA=$(cat /mnt/testfile)
|
||||||
curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "SUCCESS", "Reason": "Test Complete", "Data": "Volume Data:'$TESTDATA'", "UniqueId": "instance1"}' "wc_url"
|
curl wc_extra_args -X PUT -H 'Content-Type:' --data-binary '{"Status": "SUCCESS", "Reason": "Test Complete", "Data": "Volume Data:'$TESTDATA'", "UniqueId": "instance1"}' "wc_url"
|
||||||
else
|
else
|
||||||
curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "Test Failed", "Data": "Expected device dev_name not found.", "UniqueId": "instance1"}' "wc_url"
|
curl wc_extra_args -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "Test Failed", "Data": "Expected device dev_name not found.", "UniqueId": "instance1"}' "wc_url"
|
||||||
fi
|
fi
|
||||||
params:
|
params:
|
||||||
wc_url: { get_resource: wait_handle }
|
wc_url: { get_resource: wait_handle }
|
||||||
dev_name: { get_param: dev_name }
|
dev_name: { get_param: dev_name }
|
||||||
rescan_timeout: { get_param: rescan_timeout }
|
rescan_timeout: { get_param: rescan_timeout }
|
||||||
|
wc_extra_args: { get_param: wc_extra_args }
|
||||||
|
|
||||||
wait_handle:
|
wait_handle:
|
||||||
type: OS::Heat::UpdateWaitConditionHandle
|
type: OS::Heat::UpdateWaitConditionHandle
|
||||||
|
|
|
@ -45,6 +45,11 @@ parameters:
|
||||||
description: Size of volume
|
description: Size of volume
|
||||||
default: 1
|
default: 1
|
||||||
|
|
||||||
|
wc_extra_args:
|
||||||
|
type: string
|
||||||
|
description: extra options to add to CURL command
|
||||||
|
default: ""
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
volume:
|
volume:
|
||||||
deletion_policy: 'Snapshot'
|
deletion_policy: 'Snapshot'
|
||||||
|
@ -86,15 +91,16 @@ resources:
|
||||||
mount /dev/dev_name /mnt
|
mount /dev/dev_name /mnt
|
||||||
echo "test_string" > /mnt/testfile
|
echo "test_string" > /mnt/testfile
|
||||||
umount /mnt
|
umount /mnt
|
||||||
curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "SUCCESS", "Reason": "Test Complete", "Data": "Completed volume configuration.", "UniqueId": "instance1"}' "wc_url"
|
curl wc_extra_args -X PUT -H 'Content-Type:' --data-binary '{"Status": "SUCCESS", "Reason": "Test Complete", "Data": "Completed volume configuration.", "UniqueId": "instance1"}' "wc_url"
|
||||||
else
|
else
|
||||||
curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "Test Failed", "Data": "Expected device dev_name not found.", "UniqueId": "instance1"}' "wc_url"
|
curl wc_extra_args -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "Test Failed", "Data": "Expected device dev_name not found.", "UniqueId": "instance1"}' "wc_url"
|
||||||
fi
|
fi
|
||||||
params:
|
params:
|
||||||
wc_url: { get_resource: wait_handle }
|
wc_url: { get_resource: wait_handle }
|
||||||
dev_name: { get_param: dev_name }
|
dev_name: { get_param: dev_name }
|
||||||
rescan_timeout: { get_param: rescan_timeout }
|
rescan_timeout: { get_param: rescan_timeout }
|
||||||
test_string: { get_param: test_string }
|
test_string: { get_param: test_string }
|
||||||
|
wc_extra_args: { get_param: wc_extra_args }
|
||||||
|
|
||||||
wait_handle:
|
wait_handle:
|
||||||
type: OS::Heat::UpdateWaitConditionHandle
|
type: OS::Heat::UpdateWaitConditionHandle
|
||||||
|
|
|
@ -74,6 +74,8 @@ class AutoscalingLoadBalancerTest(scenario_base.ScenarioTestsBase):
|
||||||
'lb_port': 80,
|
'lb_port': 80,
|
||||||
'timeout': 600
|
'timeout': 600
|
||||||
}
|
}
|
||||||
|
if self.conf.vm_to_heat_api_insecure:
|
||||||
|
parameters['wc_extra_args'] = '--insecure'
|
||||||
|
|
||||||
app_server_template = self._load_template(
|
app_server_template = self._load_template(
|
||||||
__file__, self.app_server_template_name, self.sub_dir
|
__file__, self.app_server_template_name, self.sub_dir
|
||||||
|
|
|
@ -73,6 +73,8 @@ class AutoscalingLoadBalancerv2Test(scenario_base.ScenarioTestsBase):
|
||||||
'subnet': self.conf.fixed_subnet_name,
|
'subnet': self.conf.fixed_subnet_name,
|
||||||
'public_net': self.conf.floating_network_name
|
'public_net': self.conf.floating_network_name
|
||||||
}
|
}
|
||||||
|
if self.conf.vm_to_heat_api_insecure:
|
||||||
|
parameters['wc_extra_args'] = '--insecure'
|
||||||
|
|
||||||
app_server_template = self._load_template(
|
app_server_template = self._load_template(
|
||||||
__file__, self.app_server_template_name, self.sub_dir
|
__file__, self.app_server_template_name, self.sub_dir
|
||||||
|
|
|
@ -113,6 +113,8 @@ class CfnInitIntegrationTest(scenario_base.ScenarioTestsBase):
|
||||||
'timeout': self.conf.build_timeout,
|
'timeout': self.conf.build_timeout,
|
||||||
'subnet': self.net['subnets'][0],
|
'subnet': self.net['subnets'][0],
|
||||||
}
|
}
|
||||||
|
if self.conf.vm_to_heat_api_insecure:
|
||||||
|
parameters['SignalExtraArgs'] = '--insecure'
|
||||||
|
|
||||||
# Launch stack
|
# Launch stack
|
||||||
stack_id = self.launch_stack(
|
stack_id = self.launch_stack(
|
||||||
|
|
|
@ -33,7 +33,8 @@ class ServerSignalIntegrationTest(scenario_base.ScenarioTestsBase):
|
||||||
'timeout': self.conf.build_timeout,
|
'timeout': self.conf.build_timeout,
|
||||||
'user_data_format': user_data_format
|
'user_data_format': user_data_format
|
||||||
}
|
}
|
||||||
|
if self.conf.vm_to_heat_api_insecure:
|
||||||
|
parameters['wc_extra_args'] = '--insecure'
|
||||||
# Launch stack
|
# Launch stack
|
||||||
sid = self.launch_stack(
|
sid = self.launch_stack(
|
||||||
template_name="test_server_signal.yaml",
|
template_name="test_server_signal.yaml",
|
||||||
|
|
|
@ -121,7 +121,8 @@ class VolumeBackupRestoreIntegrationTest(scenario_base.ScenarioTestsBase):
|
||||||
'timeout': self.conf.build_timeout,
|
'timeout': self.conf.build_timeout,
|
||||||
'network': self.net['id']
|
'network': self.net['id']
|
||||||
}
|
}
|
||||||
|
if self.conf.vm_to_heat_api_insecure:
|
||||||
|
parameters['wc_extra_args'] = '--insecure'
|
||||||
# Launch stack
|
# Launch stack
|
||||||
stack_id = self.launch_stack(
|
stack_id = self.launch_stack(
|
||||||
template_name='test_volumes_delete_snapshot.yaml',
|
template_name='test_volumes_delete_snapshot.yaml',
|
||||||
|
|
Loading…
Reference in New Issue