use_cookbook-openstackclient/identity_v3
- Now use cookbook-openstackclient to create endpoints role service and user - added domain creation and access granting - edited values to work with identity_v3 - rewrote specs to work again - edited image_upload to work with domains Change-Id: I88ea66da9e8c189208d7e69ecc38dcf502d518db Depends-On: I0f8955f05de9b33711c54b9a198f45018cceb8e1 Depends-On: I2d404a424bd79a6e9b282304e21591fa33a48981 Depends-On: I2f339055883354c6a8a77daa7967ff279c4d18d9 Depends-On: I84f850f32f25a318c3ed3c7337a0dfa6f641a5fe
This commit is contained in:
parent
09a7de3b5e
commit
03b3ee079e
|
@ -14,3 +14,5 @@ cookbook "openstack-network",
|
|||
github: "openstack/cookbook-openstack-network"
|
||||
cookbook "openstack-block-storage",
|
||||
github: "openstack/cookbook-openstack-block-storage"
|
||||
cookbook "openstackclient",
|
||||
github: "cloudbau/cookbook-openstackclient"
|
||||
|
|
|
@ -29,12 +29,16 @@ default['openstack']['integration-test'] = {
|
|||
'user1' => {
|
||||
'user_name' => 'tempest_user1',
|
||||
'password' => 'tempest_user1_pass',
|
||||
'project_name' => 'tempest_project1'
|
||||
'project_name' => 'tempest_project1',
|
||||
'role' => 'Member',
|
||||
'domain_name' => 'Default'
|
||||
},
|
||||
'user2' => {
|
||||
'user_name' => 'tempest_user2',
|
||||
'password' => 'tempest_user2_pass',
|
||||
'project_name' => 'tempest_project2'
|
||||
'project_name' => 'tempest_project2',
|
||||
'role' => 'Member',
|
||||
'domain_name' => 'Default'
|
||||
},
|
||||
'image1' => {
|
||||
'name' => 'cirros',
|
||||
|
|
|
@ -19,3 +19,4 @@ depends 'openstack-identity', '>= 14.0.0'
|
|||
depends 'openstack-image', '>= 14.0.0'
|
||||
depends 'openstack-compute', '>= 14.0.0'
|
||||
depends 'openstack-block-storage', '>= 14.0.0'
|
||||
depends 'openstackclient'
|
||||
|
|
|
@ -38,64 +38,64 @@ end
|
|||
package 'curl'
|
||||
|
||||
identity_admin_endpoint = admin_endpoint 'identity'
|
||||
# Since this is testing things from the user's perspective,
|
||||
# use the public identity endpoint
|
||||
identity_api_endpoint = public_endpoint 'identity'
|
||||
bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token'
|
||||
auth_uri = ::URI.decode identity_admin_endpoint.to_s
|
||||
admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
|
||||
identity_public_endpoint = public_endpoint 'identity'
|
||||
auth_url = ::URI.decode identity_admin_endpoint.to_s
|
||||
|
||||
%w(user1 user2).each_with_index do |user, i|
|
||||
i += 1
|
||||
admin_user = node['openstack']['identity']['admin_user']
|
||||
admin_pass = get_password 'user', admin_user
|
||||
admin_project = node['openstack']['identity']['admin_project']
|
||||
admin_domain = node['openstack']['identity']['admin_domain_name']
|
||||
admin_project_domain_name = node['openstack']['identity']['admin_project_domain']
|
||||
|
||||
openstack_identity_register "Register tempest project #{i}" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
tenant_name node['openstack']['integration-test'][user]['project_name']
|
||||
tenant_description "Tempest project #{i}"
|
||||
connection_params = {
|
||||
openstack_auth_url: "#{auth_url}/auth/tokens",
|
||||
openstack_username: admin_user,
|
||||
openstack_api_key: admin_pass,
|
||||
openstack_project_name: admin_project,
|
||||
openstack_domain_name: admin_domain
|
||||
}
|
||||
|
||||
action :create_tenant
|
||||
%w(user1 user2).each_with_index do |user|
|
||||
service_user = node['openstack']['integration-test'][user]['user_name']
|
||||
service_project = node['openstack']['integration-test'][user]['project_name']
|
||||
service_role = node['openstack']['integration-test'][user]['role']
|
||||
service_domain = node['openstack']['integration-test'][user]['domain_name']
|
||||
service_pass = node['openstack']['integration-test'][user]['password']
|
||||
|
||||
openstack_project service_project do
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
openstack_identity_register "Register tempest user #{i}" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
tenant_name node['openstack']['integration-test'][user]['project_name']
|
||||
user_name node['openstack']['integration-test'][user]['user_name']
|
||||
user_pass node['openstack']['integration-test'][user]['password']
|
||||
|
||||
action :create_user
|
||||
openstack_role service_role do
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
openstack_identity_register "Create tempest role #{i}" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
tenant_name node['openstack']['integration-test'][user]['project_name']
|
||||
user_name node['openstack']['integration-test'][user]['user_name']
|
||||
user_pass node['openstack']['integration-test'][user]['password']
|
||||
role_name 'Member'
|
||||
|
||||
action :create_role
|
||||
openstack_user service_user do
|
||||
project_name service_project
|
||||
role_name service_role
|
||||
password service_pass
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
openstack_identity_register "Grant 'member' Role to tempest user for tempest project ##{i}" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
tenant_name node['openstack']['integration-test'][user]['project_name']
|
||||
user_name node['openstack']['integration-test'][user]['user_name']
|
||||
role_name 'Member'
|
||||
|
||||
openstack_user service_user do
|
||||
role_name service_role
|
||||
project_name service_project
|
||||
connection_params connection_params
|
||||
action :grant_role
|
||||
end
|
||||
|
||||
openstack_user service_user do
|
||||
domain_name service_domain
|
||||
role_name service_role
|
||||
user_name service_user
|
||||
connection_params connection_params
|
||||
action :grant_domain
|
||||
end
|
||||
end
|
||||
|
||||
# Create role for heat template defined users
|
||||
heat_stack_user_role = node['openstack']['integration-test']['heat_stack_user_role']
|
||||
openstack_identity_register "Create '#{heat_stack_user_role}' Role for template defined users" do
|
||||
auth_uri auth_uri
|
||||
bootstrap_token bootstrap_token
|
||||
role_name heat_stack_user_role
|
||||
action :create_role
|
||||
openstack_role heat_stack_user_role do
|
||||
connection_params connection_params
|
||||
end
|
||||
|
||||
git '/opt/tempest' do
|
||||
|
@ -105,16 +105,15 @@ git '/opt/tempest' do
|
|||
action :sync
|
||||
end
|
||||
|
||||
admin_user = node['openstack']['identity']['admin_user']
|
||||
admin_project = node['openstack']['identity']['admin_tenant_name']
|
||||
|
||||
%w(image1 image2).each do |img|
|
||||
image_name = node['openstack']['integration-test'][img]['name']
|
||||
openstack_image_image img do
|
||||
identity_user admin_user
|
||||
identity_pass admin_pass
|
||||
identity_tenant admin_project
|
||||
identity_uri auth_uri
|
||||
identity_uri auth_url
|
||||
identity_user_domain_name admin_domain
|
||||
identity_project_domain_name admin_project_domain_name
|
||||
image_name image_name
|
||||
image_url node['openstack']['integration-test'][img]['source']
|
||||
end
|
||||
|
@ -162,8 +161,8 @@ template '/opt/tempest/etc/tempest.conf' do
|
|||
# get_image_id being executed).
|
||||
variables(
|
||||
'tempest_disable_ssl_validation' => node['openstack']['integration-test']['disable_ssl_validation'],
|
||||
'identity_endpoint_host' => identity_api_endpoint.host,
|
||||
'identity_endpoint_port' => identity_api_endpoint.port,
|
||||
'identity_endpoint_host' => identity_public_endpoint.host,
|
||||
'identity_endpoint_port' => identity_public_endpoint.port,
|
||||
'tempest_use_dynamic_credentials' => node['openstack']['integration-test']['use_dynamic_credentials'],
|
||||
'tempest_user1' => node['openstack']['integration-test']['user1']['user_name'],
|
||||
'tempest_user1_pass' => node['openstack']['integration-test']['user1']['password'],
|
||||
|
|
|
@ -11,6 +11,14 @@ describe 'openstack-integration-test::setup' do
|
|||
|
||||
include_context 'tempest-stubs'
|
||||
|
||||
connection_params = {
|
||||
openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
|
||||
openstack_username: 'admin',
|
||||
openstack_api_key: 'admin',
|
||||
openstack_project_name: 'admin',
|
||||
openstack_domain_name: 'default'
|
||||
}
|
||||
|
||||
it 'installs tempest dependencies' do
|
||||
packages = %w(git libxml2-dev libxslt-dev testrepository python-dev
|
||||
libffi-dev)
|
||||
|
@ -20,109 +28,99 @@ describe 'openstack-integration-test::setup' do
|
|||
end
|
||||
end
|
||||
|
||||
it 'registers project tempest_project1' do
|
||||
expect(chef_run).to create_tenant_openstack_identity_register(
|
||||
'Register tempest project 1'
|
||||
it 'registers tempest_project1 Project' do
|
||||
expect(chef_run).to create_openstack_project(
|
||||
'tempest_project1'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'tempest_project1',
|
||||
tenant_description: 'Tempest project 1'
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'registers user tempest_user1' do
|
||||
expect(chef_run).to create_user_openstack_identity_register(
|
||||
'Register tempest user 1'
|
||||
it 'registers service user' do
|
||||
expect(chef_run).to create_openstack_user(
|
||||
'tempest_user1'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'tempest_project1',
|
||||
user_name: 'tempest_user1',
|
||||
user_pass: 'tempest_user1_pass'
|
||||
project_name: 'tempest_project1',
|
||||
role_name: 'Member',
|
||||
password: 'tempest_user1_pass',
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'creates member role to tempest_user1 for tempest_project1' do
|
||||
expect(chef_run).to create_role_openstack_identity_register(
|
||||
'Create tempest role 1'
|
||||
it 'create service role' do
|
||||
expect(chef_run).to create_openstack_role(
|
||||
'Member'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'tempest_project1',
|
||||
user_name: 'tempest_user1',
|
||||
user_pass: 'tempest_user1_pass',
|
||||
role_name: 'Member'
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'grants member role to tempest_user1 for tempest_project1' do
|
||||
expect(chef_run).to grant_role_openstack_identity_register(
|
||||
"Grant 'member' Role to tempest user for tempest project #1"
|
||||
it do
|
||||
expect(chef_run).to grant_domain_openstack_user(
|
||||
'tempest_user1'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'tempest_project1',
|
||||
user_name: 'tempest_user1',
|
||||
role_name: 'Member'
|
||||
domain_name: 'Default',
|
||||
role_name: 'Member',
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'registers project tempest_project2' do
|
||||
expect(chef_run).to create_tenant_openstack_identity_register(
|
||||
'Register tempest project 2'
|
||||
it do
|
||||
expect(chef_run).to grant_role_openstack_user(
|
||||
'tempest_user1'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'tempest_project2',
|
||||
tenant_description: 'Tempest project 2'
|
||||
project_name: 'tempest_project1',
|
||||
role_name: 'Member',
|
||||
password: 'tempest_user1_pass',
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'registers user tempest_user2' do
|
||||
expect(chef_run).to create_user_openstack_identity_register(
|
||||
'Register tempest user 2'
|
||||
it 'registers tempest_project2 Project' do
|
||||
expect(chef_run).to create_openstack_project(
|
||||
'tempest_project2'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'tempest_project2',
|
||||
user_name: 'tempest_user2',
|
||||
user_pass: 'tempest_user2_pass'
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'creates member role to tempest_user2 for tempest_project2' do
|
||||
expect(chef_run).to create_role_openstack_identity_register(
|
||||
'Create tempest role 2'
|
||||
it 'registers service user' do
|
||||
expect(chef_run).to create_openstack_user(
|
||||
'tempest_user2'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'tempest_project2',
|
||||
user_name: 'tempest_user2',
|
||||
user_pass: 'tempest_user2_pass',
|
||||
role_name: 'Member'
|
||||
project_name: 'tempest_project2',
|
||||
role_name: 'Member',
|
||||
password: 'tempest_user2_pass',
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'grants member role to tempest_user2 for tempest_project2' do
|
||||
expect(chef_run).to grant_role_openstack_identity_register(
|
||||
"Grant 'member' Role to tempest user for tempest project #2"
|
||||
it do
|
||||
expect(chef_run).to grant_domain_openstack_user(
|
||||
'tempest_user2'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
tenant_name: 'tempest_project2',
|
||||
user_name: 'tempest_user2',
|
||||
role_name: 'Member'
|
||||
domain_name: 'Default',
|
||||
role_name: 'Member',
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'creats heat stack owner role' do
|
||||
expect(chef_run).to create_role_openstack_identity_register(
|
||||
"Create 'heat_stack_owner' Role for template defined users"
|
||||
it do
|
||||
expect(chef_run).to grant_role_openstack_user(
|
||||
'tempest_user2'
|
||||
).with(
|
||||
auth_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
bootstrap_token: 'bootstrap-token',
|
||||
role_name: 'heat_stack_owner'
|
||||
project_name: 'tempest_project2',
|
||||
role_name: 'Member',
|
||||
password: 'tempest_user2_pass',
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
it 'create service role' do
|
||||
expect(chef_run).to create_openstack_role(
|
||||
'heat_stack_owner'
|
||||
).with(
|
||||
connection_params: connection_params
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -141,7 +139,9 @@ describe 'openstack-integration-test::setup' do
|
|||
identity_user: 'admin',
|
||||
identity_pass: 'admin',
|
||||
identity_tenant: 'admin',
|
||||
identity_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
identity_uri: 'http://127.0.0.1:35357/v3',
|
||||
identity_user_domain_name: 'default',
|
||||
identity_project_domain_name: 'default',
|
||||
image_name: 'cirros',
|
||||
image_url: 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img'
|
||||
)
|
||||
|
@ -152,7 +152,9 @@ describe 'openstack-integration-test::setup' do
|
|||
identity_user: 'admin',
|
||||
identity_pass: 'admin',
|
||||
identity_tenant: 'admin',
|
||||
identity_uri: 'http://127.0.0.1:35357/v2.0',
|
||||
identity_uri: 'http://127.0.0.1:35357/v3',
|
||||
identity_user_domain_name: 'default',
|
||||
identity_project_domain_name: 'default',
|
||||
image_name: 'cirros',
|
||||
image_url: 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img'
|
||||
)
|
||||
|
|
|
@ -24,8 +24,8 @@ shared_context 'tempest-stubs' do
|
|||
{
|
||||
'OS_USERNAME' => 'admin',
|
||||
'OS_PASSWORD' => 'admin',
|
||||
'OS_TENANT_NAME' => 'admin',
|
||||
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v2.0'
|
||||
'OS_PROJECT_NAME' => 'admin',
|
||||
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3'
|
||||
}
|
||||
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
[auth]
|
||||
use_dynamic_credentials = <%= @tempest_use_dynamic_credentials %>
|
||||
|
||||
default_credentials_domain_name = Default
|
||||
admin_username = <%= @tempest_admin %>
|
||||
admin_password = <%= @tempest_admin_pass %>
|
||||
admin_project_name = <%= @tempest_admin_project %>
|
||||
admin_domain_name = Default
|
||||
|
||||
[identity]
|
||||
|
||||
|
@ -13,6 +15,7 @@ disable_ssl_certificate_validation = <%= @tempest_disable_ssl_validation %>
|
|||
|
||||
uri = http://<%= @identity_endpoint_host %>:<%= @identity_endpoint_port %>/v2.0/
|
||||
uri_v3 = http://<%= @identity_endpoint_host %>:<%= @identity_endpoint_port %>/v3/
|
||||
v3_endpoint_type = publicURL
|
||||
|
||||
strategy = keystone
|
||||
|
||||
|
@ -20,11 +23,15 @@ region = RegionOne
|
|||
|
||||
username = <%= @tempest_user1 %>
|
||||
password = <%= @tempest_user1_pass %>
|
||||
user_domain_name = Default
|
||||
project_domain_name = Default
|
||||
project_name = <%= @tempest_user1_project %>
|
||||
|
||||
alt_username = <%= @tempest_user2 %>
|
||||
alt_password = <%= @tempest_user2_pass %>
|
||||
alt_project_name = <%= @tempest_user2_project %>
|
||||
default_domain_id = default
|
||||
admin_domain_scope = false
|
||||
|
||||
[validation]
|
||||
image_alt_ssh_user = <%= @tempest_alt_ssh_user %>
|
||||
|
@ -69,7 +76,8 @@ use_block_migration_for_live_migration = False
|
|||
disk_config_enabled_override = true
|
||||
|
||||
[identity-feature-enabled]
|
||||
api_v3 = false
|
||||
api_v3 = true
|
||||
api_v2 = false
|
||||
|
||||
[whitebox]
|
||||
|
||||
|
|
Loading…
Reference in New Issue