Allow to pass --insecure options into VMs

currently Heat tests have troubles running when self-signed SSL CA is
used on public Heat API and standard upstream images (Cirros, Ubuntu)
are used as those lack trust to those CA - example is DevStack
with tls-proxy service enabled.

A workaround is to set [clients_heat]insecure=True, but that is
not really a production-ready setting, and does not work for CFN-style
signaling, only for WaitConditions.

Instead, this patch adds an extra config option
`vm_to_heat_api_insecure` (defaults to False), and when enabled tests will
pass the correct option to the curl or cfn-signal commands running from
instance's user data via new parameters that test templates are now
accepting.

Change-Id: I94a82caf1fcb6999151ff1e6fbbe1e2ba211bbb9

heat_tempest_plugin/config.py

@@ -162,6 +162,11 @@ HeatGroup = [
     cfg.StrOpt('credential_secret_id',
                help="Barbican secret id which storing cloud credential in "
                "remote site."),
+    cfg.BoolOpt('vm_to_heat_api_insecure',
+                default=False,
+                help="Set this to True if VM images used for tests "
+                     "can not verify a (self-signed) SSL certificate "
+                     "of public Heat endpoint."),
 ]
 
 heat_features_group = cfg.OptGroup(

heat_tempest_plugin/tests/functional/test_os_wait_condition.py

@@ -29,6 +29,9 @@ parameters:
   timeout:
     type: number
     default: 60
+  wc_extra_args:
+    type: string
+    default: ""
 resources:
   instance1:
     type: OS::Nova::Server
@@ -72,7 +75,10 @@ resources:
             '
           params:
             wc_notify:
-              get_attr: [wait_handle, curl_cli]
+              list_join:
+                - " "
+                - [ get_attr: [ wait_handle, curl_cli],
+                    get_param: wc_extra_args ]
 
   wait_condition:
     type: OS::Heat::WaitCondition
@@ -107,4 +113,6 @@ outputs:
                   'image': self.conf.minimal_image_ref,
                   'network': self.conf.fixed_network_name,
                   'timeout': 180}
+        if self.conf.vm_to_heat_api_insecure:
+            params['wc_extra_args'] = '--insecure'
         self.stack_create(template=self.template, parameters=params)

heat_tempest_plugin/tests/scenario/templates/app_server_lbv2_neutron.yaml

@@ -29,13 +29,20 @@ parameters:
   subnet:
     type: string
 
+  wc_extra_args:
+    type: string
+    default: ""
+
 resources:
 
   config:
     type: OS::Test::WebAppConfig
     properties:
       app_port: { get_param: app_port }
-      wc_curl_cli: { get_attr: [ handle, curl_cli ] }
+      wc_curl_cli:
+        list_join:
+          - " "
+          - [ get_attr: [ handle, curl_cli ], get_param: wc_extra_args ]
 
   server:
     type: OS::Nova::Server

heat_tempest_plugin/tests/scenario/templates/app_server_neutron.yaml

@@ -26,13 +26,20 @@ parameters:
   timeout:
     type: number
 
+  wc_extra_args:
+    type: string
+    default: ""
+
 resources:
 
   config:
     type: OS::Test::WebAppConfig
     properties:
       app_port: { get_param: app_port }
-      wc_curl_cli: { get_attr: [ handle, curl_cli ] }
+      wc_curl_cli:
+        list_join:
+          - " "
+          - [ get_attr: [ handle, curl_cli ], get_param: wc_extra_args ]
 
   server:
     type: OS::Nova::Server

heat_tempest_plugin/tests/scenario/templates/test_autoscaling_lb_neutron.yaml

@@ -27,6 +27,9 @@ parameters:
   timeout:
     type: number
     default: 600
+  wc_extra_args:
+    type: string
+    default: ""
 
 resources:
 
@@ -55,6 +58,7 @@ resources:
           app_port: { get_param: app_port }
           pool_id: { get_resource: pool }
           timeout: { get_param: timeout }
+          wc_extra_args: { get_param: wc_extra_args }
 
   scale_up:
     type: OS::Heat::ScalingPolicy

heat_tempest_plugin/tests/scenario/templates/test_autoscaling_lbv2_neutron.yaml

@@ -27,6 +27,9 @@ parameters:
   timeout:
     type: number
     default: 600
+  wc_extra_args:
+    type: string
+    default: ""
 
 resources:
 
@@ -56,6 +59,7 @@ resources:
           pool: { get_resource: pool }
           subnet: { get_param: subnet }
           timeout: { get_param: timeout }
+          wc_extra_args: { get_param: wc_extra_args }
 
   scale_up:
     type: OS::Heat::ScalingPolicy

heat_tempest_plugin/tests/scenario/templates/test_server_cfn_init.yaml

@@ -13,6 +13,9 @@ Parameters:
     Type: String
   timeout:
     Type: Number
+  SignalExtraArgs:
+    Type: String
+    Default: ""
 Resources:
   CfnUser:
     Type: AWS::IAM::User
@@ -69,10 +72,11 @@ Resources:
       UserData:
         Fn::Replace:
         - WaitHandle: {Ref: WaitHandle}
+          SignalExtraArgs: {Ref: SignalExtraArgs}
         - |
           #!/bin/bash -v
           /usr/bin/cfn-init
-          /usr/bin/cfn-signal -e 0 --data "`cat /tmp/smoke-status`" \
+          /usr/bin/cfn-signal SignalExtraArgs -e 0 --data "`cat /tmp/smoke-status`" \
               --id smoke_status "WaitHandle"
   WaitHandle:
     Type: AWS::CloudFormation::WaitConditionHandle

heat_tempest_plugin/tests/scenario/templates/test_server_signal.yaml

@@ -26,6 +26,9 @@ parameters:
   user_data_format:
     type: string
     default: RAW
+  wc_extra_args:
+    type: string
+    default: ""
 resources:
   sg:
     type: OS::Neutron::SecurityGroup
@@ -86,7 +89,10 @@ resources:
             #!/bin/sh
             wc_notify --data-binary '{"status": "SUCCESS", "data": "test complete"}'
           params:
-            wc_notify: { get_attr: ['wait_handle', 'curl_cli'] }
+            wc_notify:
+              list_join:
+                - " "
+                - [ get_attr: ['wait_handle', 'curl_cli'], get_param: wc_extra_args ]
 
   server_floating_ip_assoc:
     type: OS::Neutron::FloatingIPAssociation

heat_tempest_plugin/tests/scenario/templates/test_volumes_create_from_backup.yaml

@@ -39,6 +39,11 @@ parameters:
     description: Description of volume
     default: A volume description
 
+  wc_extra_args:
+    type: string
+    description: extra options to add to CURL command
+    default: ""
+
 resources:
   volume:
     type: OS::Cinder::Volume
@@ -77,14 +82,15 @@ resources:
             then
               mount /dev/dev_name /mnt
               TESTDATA=$(cat /mnt/testfile)
-              curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "SUCCESS", "Reason": "Test Complete", "Data": "Volume Data:'$TESTDATA'", "UniqueId": "instance1"}' "wc_url"
+              curl wc_extra_args -X PUT -H 'Content-Type:' --data-binary '{"Status": "SUCCESS", "Reason": "Test Complete", "Data": "Volume Data:'$TESTDATA'", "UniqueId": "instance1"}' "wc_url"
             else
-              curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "Test Failed", "Data": "Expected device dev_name not found.", "UniqueId": "instance1"}' "wc_url"
+              curl wc_extra_args -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "Test Failed", "Data": "Expected device dev_name not found.", "UniqueId": "instance1"}' "wc_url"
             fi
           params:
             wc_url: { get_resource: wait_handle }
             dev_name: { get_param: dev_name }
             rescan_timeout: { get_param: rescan_timeout }
+            wc_extra_args: { get_param: wc_extra_args }
 
   wait_handle:
     type: OS::Heat::UpdateWaitConditionHandle

heat_tempest_plugin/tests/scenario/templates/test_volumes_delete_snapshot.yaml

@@ -45,6 +45,11 @@ parameters:
     description: Size of volume
     default: 1
 
+  wc_extra_args:
+    type: string
+    description: extra options to add to CURL command
+    default: ""
+
 resources:
   volume:
     deletion_policy: 'Snapshot'
@@ -86,15 +91,16 @@ resources:
               mount /dev/dev_name /mnt
               echo "test_string" > /mnt/testfile
               umount /mnt
-              curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "SUCCESS", "Reason": "Test Complete", "Data": "Completed volume configuration.", "UniqueId": "instance1"}' "wc_url"
+              curl wc_extra_args -X PUT -H 'Content-Type:' --data-binary '{"Status": "SUCCESS", "Reason": "Test Complete", "Data": "Completed volume configuration.", "UniqueId": "instance1"}' "wc_url"
             else
-              curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "Test Failed", "Data": "Expected device dev_name not found.", "UniqueId": "instance1"}' "wc_url"
+              curl wc_extra_args -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "Test Failed", "Data": "Expected device dev_name not found.", "UniqueId": "instance1"}' "wc_url"
             fi
           params:
             wc_url: { get_resource: wait_handle }
             dev_name: { get_param: dev_name }
             rescan_timeout: { get_param: rescan_timeout }
             test_string: { get_param: test_string }
+            wc_extra_args: { get_param: wc_extra_args }
 
   wait_handle:
     type: OS::Heat::UpdateWaitConditionHandle

heat_tempest_plugin/tests/scenario/test_autoscaling_lb.py

@@ -74,6 +74,8 @@ class AutoscalingLoadBalancerTest(scenario_base.ScenarioTestsBase):
             'lb_port': 80,
             'timeout': 600
         }
+        if self.conf.vm_to_heat_api_insecure:
+            parameters['wc_extra_args'] = '--insecure'
 
         app_server_template = self._load_template(
             __file__, self.app_server_template_name, self.sub_dir

heat_tempest_plugin/tests/scenario/test_autoscaling_lbv2.py

@@ -73,6 +73,8 @@ class AutoscalingLoadBalancerv2Test(scenario_base.ScenarioTestsBase):
             'subnet': self.conf.fixed_subnet_name,
             'public_net': self.conf.floating_network_name
         }
+        if self.conf.vm_to_heat_api_insecure:
+            parameters['wc_extra_args'] = '--insecure'
 
         app_server_template = self._load_template(
             __file__, self.app_server_template_name, self.sub_dir

heat_tempest_plugin/tests/scenario/test_server_cfn_init.py

@@ -113,6 +113,8 @@ class CfnInitIntegrationTest(scenario_base.ScenarioTestsBase):
             'timeout': self.conf.build_timeout,
             'subnet': self.net['subnets'][0],
         }
+        if self.conf.vm_to_heat_api_insecure:
+            parameters['SignalExtraArgs'] = '--insecure'
 
         # Launch stack
         stack_id = self.launch_stack(

heat_tempest_plugin/tests/scenario/test_server_signal.py

@@ -33,7 +33,8 @@ class ServerSignalIntegrationTest(scenario_base.ScenarioTestsBase):
             'timeout': self.conf.build_timeout,
             'user_data_format': user_data_format
         }
-
+        if self.conf.vm_to_heat_api_insecure:
+            parameters['wc_extra_args'] = '--insecure'
         # Launch stack
         sid = self.launch_stack(
             template_name="test_server_signal.yaml",

heat_tempest_plugin/tests/scenario/test_volumes.py

@@ -121,7 +121,8 @@ class VolumeBackupRestoreIntegrationTest(scenario_base.ScenarioTestsBase):
             'timeout': self.conf.build_timeout,
             'network': self.net['id']
         }
-
+        if self.conf.vm_to_heat_api_insecure:
+            parameters['wc_extra_args'] = '--insecure'
         # Launch stack
         stack_id = self.launch_stack(
             template_name='test_volumes_delete_snapshot.yaml',