The v3 migration script can handle these just fine - but if we go ahead
and remove them the output can be predominantely shell rather than
script.
Change-Id: I440851a0149e1cc7f8c5c6e8a4e3e0b94088ee82
According to discussion in the mailing list [0] using UUID tokens
is currently resulting in errant Keystone-related bugs. Further,
UUID tokens are currently deprecated and will be removed during
R release [0]. So we should use Fernet tokens instead.
[0] http://lists.openstack.org/pipermail/openstack-dev/2017-August/121067.html
Change-Id: I34d324575c8117022724a944c034f089eb0c7541
Related-Bug: #1710237
This commit does the following:
- Overrides KEYSTONE_TOKEN_FORMAT to uuid in ``local_conf``
sections of patrole.yaml because Patrole can be optimized
to run faster in the gates using uuid tokens instead of
fernet tokens [0][1]
- Increases overall gate runtimes to 130 from 70, because
while we want our jobs to run within 1 hour, occassionally
our jobs fail prematurely due to limited resources, which
only results in needless rechecking of jobs
[0] dc9ef55fc6/lib/keystone (L256)
[1] 03fd7903ee/patrole_tempest_plugin/rbac_utils.py (L85)
Change-Id: Idb8f7f1023b7bc05a258fb184d115d1ee59223dc
Closes-Bug: #1694848
This is to move RBAC_TEST_ROLE={rbac-role} into the
localrc section of local.conf so the env variable
is properly set when devstack is running the patrole
plugin.
This commit also re-adds DEVSTACK_GATE_TEMPEST_ALL_PLUGINS
to the gate jobs because Patrole relies on site wide
packages for checking policy in code for (currently)
Nova and Keystone.
Change-Id: I3ff922f33590ae3b928eaa6b3c9c7f3d27038006
Now that a patrole devstack plugin has been written [0], deploying and
testing patrole in the gates can be done exclusively using the
jenkins jobs and the devstack patrole plugin.
[0] https://review.openstack.org/#/c/468511/
Change-Id: I6c7ff9182a6e5792470eb5dfc95225a4d587f31a
QA's Pike goals include adding a py35 gate to Patrole [0]: this
patch accomplishes that goal. Only 1 py35 gate, for the Member
role, is added to Patrole, because:
- Member role is less permissive than admin role
- admin and Member roles are already covered by the voting gates
- The purpose of the py35 gate is to check for py35 compliance
[0] https://etherpad.openstack.org/p/pike-qa-goals-py35
Co-Authored-By: Samantha Blanco <samantha.blanco@att.com>
Change-Id: Iee8163595708f042ee5a53c3d6abe8f23764d93e
Now that Tempest is removing Heat tests, Patrole should follow
suit.
Change-Id: Ifd150ef113988e7a3721ee174f0453f99ce198f6
Needed-By: I169e74a3af4957248cda26d108b61ff187ae4b1d
Creates a heat-specific patrole gate, because heat's policy.json
uses different roles than most projects: heat_stack_user, in
particular.
Change-Id: I05a53ce80453b7488233bf765951837a3d86209f
Multinode topology can be used to test migrate/evacuate server
tests, including other tests that require multiple hosts. These
should just be run on the slow tempest gate.
Change-Id: I876ec12b5f0c2c05842eaf355f695ccfa6e6f797
This commit enables Heat in the Devstack that Patrole uses. This
allows Heat tests to run in Patrole.
Change-Id: Icc30b7da4a955491e34eed26279a70bba6af5e32
Closes-Bug: #1673121
This change is the last needed to correctly execute patrole
tempest jobs. This flag needs to be set to 1, so that no
automatic tempest tests are executed in devstack-vm-gate.sh
because they are instead executed in post_test_hook.sh in
patrole's repo.
Change-Id: Id74a10d91b05090d27a5dedd73de65efbd66ec44