Implement validation for manila config

This validation validates: - Presence of the "policy.yaml" file in manila's config directory. This are the changes: - Added files for testing the policy.yaml file validation - Added role-check_policy_file.rst for the documentation - Added the molecule folder, and more requiered files in order to test the validation in molecule Change-Id: I450e87b4cb2e3956d44e8cedf4c8091b8771e5fb (cherry picked from commit 9d56dc5b8e)
2022-07-27 17:24:35 +03:00 · 2022-07-27 17:24:35 +03:00 · d1ac71e256
parent 390d1334aa
commit d1ac71e256
8 changed files with 221 additions and 0 deletions
--- a/doc/source/roles/role-check_manila_policy_file.rst
+++ b/doc/source/roles/role-check_manila_policy_file.rst
@ -0,0 +1,53 @@
+============
+policy_file
+============
+
+--------------
+About The Role
+--------------
+
+This role will check if there is a file named Policy.yaml in the controlers.
+The file should be located at the manila's configuration folder in the container.
+
+Requirements
+============
+
+No Requirements.
+
+Dependencies
+============
+
+No dependencies.
+
+Example Playbook
+================
+
+.. code-block:: yaml
+
+ - hosts: "{{ controller_rolename | default('Controller') }}"
+  vars:
+    metadata:
+      name: Verify that keystone admin token is disabled
+      description: |
+        This validation checks that policy file of manilas configuration folder inside of the container,exists.
+      groups:
+        - post-deployment
+      categories:
+        - controller
+      products:
+        - tripleo
+    manilas_policy_file: "/var/lib/config-data/puppet-generated/manila/etc/manila/policy.yaml"
+  roles:
+    - check_manila_policy_file
+
+Author Information
+==================
+
+**Red Hat Manila**
+
+----------------
+Full Description
+----------------
+
+.. ansibleautoplugin::
+  :role: roles/check_manila_policy_file
--- a/playbooks/check-manila-policy-file.yaml
+++ b/playbooks/check-manila-policy-file.yaml
@ -0,0 +1,17 @@
+---
+- hosts: "{{ controller_rolename | default('Controller') }}"
+  vars:
+    metadata:
+      name: Verify that keystone admin token is disabled
+      description: |
+        This validation checks that policy file of manilas configuration folder inside of the container,exists.
+      groups:
+        - post-deployment
+      categories:
+        - controller
+      products:
+        - tripleo
+        - manila
+    manilas_policy_file: "/var/lib/config-data/puppet-generated/manila/etc/manila/policy.yaml"
+  roles:
+    - check_manila_policy_file
--- a/roles/check_manila_policy_file/molecule/default/converge.yml
+++ b/roles/check_manila_policy_file/molecule/default/converge.yml
@ -0,0 +1,64 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+- name: Converge
+  hosts: all
+  vars:
+    manila_policy_path: /var/lib/config-data/puppet-generated/manila/etc/manila/
+    policy_file_name: policy.yaml
+  tasks:
+    - name: Create manila directory
+      file:
+        path: "{{ manila_policy_path }}"
+        state: directory
+        mode: 0755
+        recurse: true
+
+    - name: Add policy file
+      file:
+        path: "{{ manila_policy_path }}{{ policy_file_name }}"
+        state: touch
+        mode: 0755
+
+    - name: Test pass - policy file exists
+      include_role:
+        name: check_manila_policy_file
+      vars:
+        manila_policy_file: "{{ manila_policy_path }}{{ policy_file_name }}"
+
+    - name: Remove policy file
+      file:
+        path: "{{ manila_policy_path }}{{ policy_file_name }}"
+        state: absent
+
+    - name: Test fails - policy file doesnt exists
+      block:
+        - name: Load role with failure
+          include_role:
+            name: "check_manila_policy_file"
+      rescue:
+        - name: Clear host error
+          meta: clear_host_errors
+
+        - name: Status message
+          debug:
+            msg: 'Successfully detected policy file doesnt exists!'
+
+        - name: End play
+          meta: end_play
+
+    - name: Fail if we get to this place
+      fail:
+        msg: 'Unit test failed: Did not detect that policy file doesnt exists!'
--- a/roles/check_manila_policy_file/molecule/default/molecule.yml
+++ b/roles/check_manila_policy_file/molecule/default/molecule.yml
@ -0,0 +1,3 @@
+---
+# inherits tripleo-validations/.config/molecule/config.yml
+# To override default values, please take a look at the config.yml.
--- a/roles/check_manila_policy_file/molecule/default/prepare.yml
+++ b/roles/check_manila_policy_file/molecule/default/prepare.yml
@ -0,0 +1,18 @@
+---
+# Copyright 2021 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+- name: Prepare
+  hosts: all
+  gather_facts: false
--- a/roles/check_manila_policy_file/tasks/main.yml
+++ b/roles/check_manila_policy_file/tasks/main.yml
@ -0,0 +1,25 @@
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+---
+- name: Get stats of check policy file
+  ansible.builtin.stat:
+    path: "{{ manilas_policy_file }}"
+  register: result
+
+- name: Mention file does not exists
+  fail:
+    msg: "Test failed: Did not detect file. Policy file does not exists!"
+  when:
+    - not result.stat.exists
--- a/roles/check_manila_policy_file/vars/main.yml
+++ b/roles/check_manila_policy_file/vars/main.yml
@ -0,0 +1,28 @@
+---
+# Copyright 2021 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# While options found within the vars/ path can be overridden using extra
+# vars, items within this path are considered part of the role and not
+# intended to be modified.
+
+# All variables within this role should have a prefix of "check_policy_file"
+
+# !!!! IMPORTANT !!!!
+# Add a comment above every variables describing them.
+# This will be included in the sphinx role documentation
+# !!!! IMPORTANT !!!!
+manilas_policy_file: /var/lib/config-data/puppet-generated/manila/etc/manila/policy.yaml
--- a/zuul.d/molecule.yaml
+++ b/zuul.d/molecule.yaml
@ -6,6 +6,7 @@
      jobs:
      - tripleo-validations-centos-8-molecule-ceph
      - tripleo-validations-centos-8-molecule-check_fips_status
+      - tripleo-validations-centos-8-molecule-check_manila_policy_file
      - tripleo-validations-centos-8-molecule-check_for_dangling_images
      - tripleo-validations-centos-8-molecule-check_kernel_version
      - tripleo-validations-centos-8-molecule-check_network_gateway
@ -37,6 +38,7 @@
      jobs:
      - tripleo-validations-centos-8-molecule-ceph
      - tripleo-validations-centos-8-molecule-check_fips_status
+      - tripleo-validations-centos-8-molecule-check_manila_policy_file
      - tripleo-validations-centos-8-molecule-check_for_dangling_images
      - tripleo-validations-centos-8-molecule-check_kernel_version
      - tripleo-validations-centos-8-molecule-check_network_gateway
@ -86,6 +88,17 @@
    parent: tripleo-validations-centos-8-base
    vars:
      tripleo_validations_role_name: fips_enabled
+- job:
+    files:
+    - ^roles/check_manila_policy_file/.*
+    - ^tests/prepare-test-host.yml
+    - ^ci/playbooks/pre.yml
+    - ^ci/playbooks/run.yml
+    - ^molecule-requirements.txt
+    name: tripleo-validations-centos-8-molecule-check_manila_policy_file
+    parent: tripleo-validations-centos-8-base
+    vars:
+      tripleo_validations_role_name: check_manila_policy_file
 - job:
    files:
    - ^roles/check_for_dangling_images/.*