Commit Graph

85 Commits

Author SHA1 Message Date
Zuul c616be2fd7 Merge "Fix old arm64 job template" 2024-03-12 17:22:40 +00:00
Takashi Kajinami 609ec29ac9 Remove unused old job templates and experimental jobs
Ubuntu Xenial, CentOS7 and OpenSUSE 15 are all too old.

Change-Id: I0a87cc5a35e6033d670bab56d5cdc8b8312819d8
2024-03-08 15:30:01 +00:00
Clark Boylan da1c884b90 Drop keystone-dsvm-functional-federation-opensuse15 jobs
The OpenDev team is planning to remove OpenSUSE LEAP 15 images as our
node builds and mirrors are for 15.2 which is ancient and no one is
currently working to modernize these test environments. On top of that
LEAP is apparently going away in the future and will be replaced with
another distro.

Change-Id: Ia94b4e7151410515a3ecf99185042dae82bf1b7d
2024-02-21 09:08:58 -08:00
Takashi Kajinami ae765c33ee Fix old arm64 job template
Change-Id: I5a93d0cc179468cfded5c939f2ba97b0def445ad
2024-02-13 02:48:30 +09:00
Douglas Mendizábal f2f1a5c388 Consistent and Secure RBAC (Phase 1)
This patch updates system-scoped policies to also accept project-admin
tokens so that operators can continue to use the "admin" role to access
system level APIs.

The protection test job is marked non-voting since tempest does not yet
expect these policy changes.  A follow-up patch will make it voting
again after the test changes have merged into tempest.

[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-1

Change-Id: I31b5a1f85d994a90578657bc77fa46ace0748582
2024-01-19 14:35:37 -05:00
Dave Wilde e21ea06613 Update keystone gates to use jammy
This updates the keystone gates to the jammy nodesets rather than the
focal ones.  Focal is no longer supported by devstack [1].

[1]: https://review.opendev.org/c/openstack/devstack/+/885468

Change-Id: I39045098111df839fba116d8b0fa7dd9dbbaa8ac
2023-09-08 13:39:31 -05:00
Zuul 5560a2846b Merge "Add job to test with SQLAlchemy master (2.x)" 2023-07-05 20:40:42 +00:00
Stephen Finucane b2d638e902 Add job to test with SQLAlchemy master (2.x)
Change-Id: Id92d74d368356d67d5a9be6d3eada44cd190a35d
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-06-27 10:56:50 +01:00
Ade Lee d293315eec Add oidc federation test setup
Add devstack testing setup for OIDC using an instance of keycloak
which is instantiated from a keycloak image.  This is largely taken
from Kristi's work in https://github.com/knikolla/devstack-plugin-oidc

This configuration is triggered by enabling the devstack service
keystone-oidc-federation.  The expectation is that either SAML2 or
OIDC is enabled, but not both.

Depends-On: https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/864571
Co-Authored-By: David Wilde <dwilde@redhat.com>
Change-Id: I1ff4d48c05cef1022dc510df03104f36cdd7a953
2023-01-30 12:28:45 -06:00
Kristi Nikolla 420f4ff46d Fix passenv syntax in tox and update python jobs
This updated the Python jobs and fixes the following error with tox 4:

tox.tox_env.errors.Fail: pass_env values cannot contain whitespace, use
comma to have multiple values in a single line, invalid values found
'http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY
PBR_VERSION'PROXY PBR_VERSION'

Change-Id: I003723766b1dba7f54c9800364207191597c6741
2023-01-03 17:57:05 -05:00
Ade Lee 950dd5e503 Move fips job to centos-9
Move FIPS job to centos 9 and add new required nslookup_target variable.

Change-Id: Ifef262cfca4ecb8ad1222da3c43e5749f40c1f24
2022-06-21 14:21:46 -04:00
Ghanshyam Mann 5a0fbe975d Update python testing as per zed cycle teting runtime
In Zed cycle, we have dropped the python 3.6/3.7[1] testing
and its support.

[1] https://governance.openstack.org/tc/reference/runtimes/zed.html

Change-Id: I817a4d1506fb7f15e72d37015ae0ba9547e2aa52
2022-05-10 19:30:04 -05:00
OpenStack Release Bot e826b05c3a Add Python3 xena unit tests
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for xena.

See also the PTI in governance [1].

[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html

Change-Id: I8e2babbd4d75bd2dc3e8451e5e2604bfe98668a7
2022-02-06 15:00:04 +09:00
OpenStack Release Bot 06383f5f61 Add Python3 wallaby unit tests
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for wallaby.

See also the PTI in governance [1].

[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html

Change-Id: I4170f4cc381d497a12796120b143f65a1894a301
2022-02-06 14:57:43 +09:00
Ghanshyam Mann e534806519 Remove broken tempest-full-py3-opensuse15 job
tempest-full-py3-opensuse15 is failing all the time[1] and
opensuse is not tested/supported distro in testing runtime
or devstack anymore. So let's remove opensuse broken job from
tempest too.

Needed-By: https://review.opendev.org/c/openstack/tempest/+/816569

[1] https://zuul.opendev.org/t/openstack/builds?job_name=tempest-full-py3-opensuse15

Change-Id: I0ad732d08758679ace2fc9fae776fd6560fced1a
2021-11-03 15:55:59 -05:00
Ade Lee 50f0a50cf4 Add FIPS check job
Testing a new FIPS enabled gate job here.  This job will be
for Centos 8 with FIPS enabled.  This will use a playbook in
the zuul-jobs repo to enable FIPS.

Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/788778
Change-Id: I3187971a14b38c7ca3bb64bdd3d18c64709c466f
2021-08-04 14:25:06 -04:00
Zuul ef711cd0eb Merge "Add job for keystone functional protection tests" 2021-03-03 21:19:31 +00:00
Lance Bragstad 9579c809d4 Add job for keystone functional protection tests
This commit introduces a new check and gate job for keystone to use the
functional RBAC tests in keystone-tempest-plugin.

These tests were derived from keystone's original protection tests, but
they use tempest and they're re-useable for people looking to validate
secure RBAC functionality in their own deployments.

Depends-On: https://review.opendev.org/#/c/686305/
Change-Id: I813cff07c20fcba1aaec6a5e68014a2a9eb9462e
2021-03-02 17:05:19 +00:00
ricolin c239cc6661 Add openstack-python3-wallaby-jobs-arm64 job
This is a non-voting job to validate py3 unittests on ARM64

Task: 40403
Story: 2007938

Change-Id: Ibb82d65784368ff82588d6879111cb6c7eb780ca
2021-01-19 06:01:39 +00:00
Kristi Nikolla d6610594d1 Drop lower-constraints job
Lower-constraints is not a requirement of the OpenStack Python PTI
[0] and there currently is a discussion on the mailing list [1]
about dropping the test, with the oslo team already having done
so [2].

The new dependency resolver in pip fails due to incompatible
dependency versions in our lower-constraints file, meaning that
we were never providing any real guarantees with it.

To unblock the CI, I am disabling lower-constraints job for now,
with the option to reenable it in case we fix the constraints,
and based on the outcome of the mailing list discussions and
consensus.

[0]. https://governance.openstack.org/tc/reference/pti/python.html
[1]. http://lists.openstack.org/pipermail/openstack-discuss/2021-January/019672.html
[2]. http://lists.openstack.org/pipermail/openstack-discuss/2021-January/019659.html

Change-Id: I47e747058891596e7717848a0b0bc10f0a235b2f
2021-01-07 15:02:14 -05:00
Ghanshyam Mann db25e505a3 [goal] Migrate testing to ubuntu focal
As per victoria cycle testing runtime and community goal[1]
we need to migrate upstream CI/CD to Ubuntu Focal(20.04).

Fixing:
- bug#1886298
Bump the lower constraints for required deps which added python3.8 support
in their later version.

Story: #2007865
Task: #40190

Closes-Bug: #1886298

[1] https://governance.openstack.org/tc/goals/selected/victoria/migrate-ci-cd-jobs-to-ubuntu-focal

Change-Id: I5712f29beee2bd7d8ba857c0ce2cd2287646d6b0
2020-09-16 15:33:44 -05:00
Ghanshyam Mann 0ba9e3a12e Fix gate by running l-c job on Bionic
l-c job template moved the l-c jobs running on Focal
and currently fails on many constraints.

Let's keep running l-c job on bionic as it was before and we
can move it to Focal once issues are identified and fixed.

- Fixing the hacking tests which are behaving differently between
< 3.8.0 (until Ubuntu Bionic) and 3.8.2 (Ubuntu Focal).

Squashing below review also
- https://review.opendev.org/#/c/750786/

Co-Author: Lance Bragstad <lbragstad@gmail.com>

Change-Id: If733e9824d87d8c73797f753e4daf95489bed9c2
2020-09-10 20:25:27 -05:00
Zuul 06633e1472 Merge "Port the grenade multinode job to Zuul v3" 2020-07-29 11:21:03 +00:00
Colleen Murphy fb86048d0a Run federation jobs on Ubuntu Focal
The packaging issue that was never fixed for Bionic[1] doesn't seem to
be a problem on Focal, so let's switch back to Ubuntu.

[1] https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp2/+bug/1776489

Change-Id: I69b2c650d20e30e35c2388b824cb28fcef2bae77
Depends-on: https://review.opendev.org/726994
2020-06-30 10:17:54 -07:00
Luigi Toscano 3be8d40fc5 Port the grenade multinode job to Zuul v3
It implements the same behavior of the old one.

It is worth noting that the existing job the MULTI_KEYSTONE does not
produce any effect because this change hasn't been merged yet:
- https://review.opendev.org/399472
and when that merges, the following devstack-gate changes should be
applied directly to this new job definition instead:
- https://review.opendev.org/394895

Both changes are out of scope for this porting.

Change-Id: I5d5d31c8d89b0d2812a5e9be18a81611041e6da8
2020-06-05 14:25:26 +02:00
Zuul 396d7c478d Merge "Switch to new grenade job name" 2020-05-06 09:01:29 +00:00
Andreas Jaeger 2b4e53792d Switch to new grenade job name
The integrated gate template (integrated-gate-py3) has been switched
to the new grenade name (grenade-py3 -> grenade). This repo uses the
template but also has for irrelevant files an extra entry.

Rename the job following the template change to avoid duplicate
grenade runs.

Details:
- http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014602.html

Depends-On: https://review.opendev.org/725148
Change-Id: I52ebbcae0d77c0420848a37babc73bb75dd58e0b
2020-05-04 08:20:44 +02:00
OpenStack Release Bot a20542af3a Add Python3 victoria unit tests
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for victoria.

See also the PTI in governance [1].

[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html

Change-Id: Ib79a6454dd7070832f639469767a807eebe5d12d
2020-04-24 08:42:59 +00:00
Zuul 62cd34d40d Merge "Copy shibboleth logs in federation jobs" 2020-03-17 20:30:27 +00:00
Colleen Murphy 0bbd2dd6fb Copy shibboleth logs in federation jobs
Ensure that Zuul publishes both the shibboleth config and the shibboleth
logs in the job artifacts so that we can debug issues with the SAML SP.

Change-Id: I53f844fae775d9b30d9b7f867bac0ed873b86bc7
2020-03-03 11:03:25 -08:00
Vishakha Agarwal 9ee3d337f7 Removing tempest-full from gate
This patch [1] doesn't remove tempest-full fully from the gate
jobs. It is a follow-up for the same.

[1] https://review.opendev.org/#/c/688601

Change-Id: I312a1a23b6cd11cbdec3fd58598f446f0e423071
2020-02-19 09:36:51 -05:00
Slawek Kaplonski f421a0f07a Drop old neutron-grenade job
This job is still running python 2.7. As we are dropping py2 support in
Ussuri cycle, lets drop this job now.
There is same job called "grenade-py3" which runs on python 3 already
and this is still used in project's CI.

Change-Id: Ie0faac1119c6d2bfea221ba60e26e67b6205909e
2019-11-14 11:38:56 +01:00
Zuul af1c1a822a Merge "Stop testing Python 2" 2019-11-14 10:28:52 +00:00
Arthur Dayne a92885a98b Stop testing Python 2
In Ussuri, Drop support for Python 2 according to [1] and [2]

[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010356.html
[2] https://governance.openstack.org/tc/resolutions/20180529-python2-deprecation-timeline.html

Change-Id: I35e871992dd21e96e7e812e440e6cafdb61d26ac
2019-11-01 08:57:08 +08:00
Zuul 7cf73e7aab Merge "Add voting k2k tests" 2019-10-25 23:05:33 +00:00
Colleen Murphy fb0be8e599 Add voting k2k tests
With the addition of K2K-specific tests in the tempest plugin and a
config toggle in the plugin to disable use of the external IdP, we can
safely add a voting federation job. This also fixes the devstack plugin
to install the xmlsec1 tool which is needed for K2K.

Change-Id: I9dc634e073657ff337751ec67363a57bd10e20d4
Depends-on: https://review.opendev.org/689222
2019-10-17 15:27:35 -07:00
Andreas Jaeger acfb602492 Switch to opensuse-15 nodeset
opensuse-150 nodeset is referring to openSUSE 15.0, which is still in
maintenance but openSUSE 15.1 has been released already. "opensuse-15"
is going to refer to the "latest openSUSE 15.x" build released and
working for OpenStack going forward, so add this nodeset and use
it by default going forward.

The new job tempest-full-py3-opensuse15 use the opensuse-15 nodeset,
change tempest-full-py3-opensuse150 to tempest-full-py3-opensuse15.

Change-Id: I03017b6595199e4af2f6e568ab58089517d689fe
2019-10-16 21:41:52 +02:00
Zuul f9a086e165 Merge "Switch to official Ussuri jobs" 2019-10-14 23:40:17 +00:00
Vishakha Agarwal 5d54d2d93d Switch to official Ussuri jobs
Change-Id: I0315d9fb97a960dc2c49ace9a2e101685cb7c4fc
2019-10-14 12:03:48 +05:30
Colleen Murphy 52ab0cf579 Import LDAP job into project
Import the legacy-tempest-dsvm-ldap-domain-specific-driver job[1] into the
keystone repo and convert it to be Zuulv3 native.

[1] https://opendev.org/openstack/openstack-zuul-jobs/src/branch/master/playbooks/legacy/tempest-dsvm-ldap-domain-specific-driver

Change-Id: Ie0b9f13d6fb06b776d6a58d5d1087c20df8a7cda
Needed-by: https://review.opendev.org/687444
2019-10-08 20:06:22 -07:00
Colleen Murphy 013c18d329 Readjust job timeouts
With the protection tests split out, the regular unit tests mostly
shouldn't reach the 40 minute timeout limit unless they are extremely
unlucky, so remove those overrides.

The protection tests themselves are still extremely expensive even when
split out from the rest of the tests, so bump their timeout to an hour.

Change-Id: I247478f998d7fb84c486cc04a3040517721e0dd3
2019-09-19 15:41:25 -07:00
Colleen Murphy 5e35efd55f Split protection unit tests into its own job
There are so many protection tests now, and for the moment they are so
inefficient, that running them all as part of our main unit test suite
for py27, py36, py37, and cover jobs yields a high rate of timeouts
which reduces our own development velocity and negatively impacts every
project that co-gates with keystone. This change splits the protection
tests into their own level of tests outside of the configured stestr
test_path and adds a separate tox environment and zuul job to run just
the protection tests on their own. Parallelizing these tests should help
alleviate the timeout issue while we work on making these tests more
efficient.

Change-Id: Ibb12053bd6864a153f7e3998dbd008b6eec4295b
2019-09-16 10:56:42 -07:00
Colleen Murphy db52869379 Increase tox job timeouts to 90 minutes
With the gate being extra-busy due to feature freeze week, we seem to be
having even more of a noisy neighbor problem and jobs are still often
hitting the 60 minute timeout. This change increases the timeout from 60
to 90 minutes. This is not an indication that things are normal and fine
but should hopefully alleviate pressure until we're in a position to
merge a more satisfactory workaround and fix.

Change-Id: I171eccc2dd46c26ada74def36523c6f7f29be868
2019-09-11 15:23:48 -07:00
Andreas Jaeger a73e057e25 Fix timeout Zuul changes
Change I90cbfdaad582900f3047acffbfcdd3189335ffbf added a timeout for
lower-constraints only to check queue but missed gate, add it there.

Change I0b9e0fbbd1760fe2d55935592f4349f337801209 added tox-cover to gate
but it is never run in gate, see
https://opendev.org/openstack/openstack-zuul-jobs/src/branch/master/zuul.d/project-templates.yaml#L416
Remove it again.

Change-Id: I78eaa450cdb7a84d9a81e2354a97617681babc40
2019-09-11 08:04:12 +02:00
Colleen Murphy a766085abc Bump timeout for lower-constraints job
In ba0dbdf we raised the timeouts for most of the tox jobs but neglected
the lower-constraints job which suffers the same timeout issues, so add
that one as well.

Change-Id: I213d6f91a815ba0dad5f5a04a5f0309722c91f62
2019-09-09 23:24:16 -07:00
Zuul a8b3d9e0a3 Merge "Override tox job timeouts" 2019-09-09 18:00:48 +00:00
Colleen Murphy ba0dbdf43b Override tox job timeouts
Currently our unit tests frequently hit the 40 minute timeout due to the
inefficiency of the protection unit tests. As a temporary workaround,
this change overrides the zuul tox jobs with a 60 minute timeout.
Overriding the values of jobs that are defined elsewhere in a project
template isn't exactly documented but it supposedly works[1].

[1] http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2019-09-06.log.html#t2019-09-06T23:35:57

Change-Id: I0b9e0fbbd1760fe2d55935592f4349f337801209
2019-09-07 18:51:07 -07:00
Colleen Murphy d02a01541a Fix federation CI
The devstack opensuse-150 nodeset went away[1] which is causing package
repo issues on the federation jobs. Update the nodeset to fix the jobs.

[1] https://review.opendev.org/667539

Change-Id: Icda90e0598383db0931a34dcede7fb4736fe195d
2019-09-06 21:52:17 -07:00
Ghanshyam Mann 54a5dd8e6d Run 'tempest-ipv6-only' job in gate
As part of Train community goal 'Support IPv6-Only Deployments and Testing'[1],
Tempest has defined the new job 'tempest-ipv6-only'(adding
in Depends-On patch) which will deploy services on IPv6 and run smoke
tests and IPv6 related tests present in Tempest.

This job will be part of Nova, Neutron, Cinder, Keystone, Glance, Swift
gate.

Verification structure will be:
- 'devstack-IPv6' deploy the service on IPv6
- 'devstack-tempest-ipv6' run will verify the IPv6-only setting and listen address
- 'tempest-ipv6-only' will run the smoke + IPv6 related test case.

This commit adds the new job 'tempest-ipv6-only' run on gate.

Story: #2005477
Task: #35898

Depends-On: https://review.opendev.org/#/c/671231/

[1] https://governance.openstack.org/tc/goals/train/ipv6-support-and-testing.html

Change-Id: I3aff9bf8e23e7c04119c6cd91f1ee3ce6add8eb0
2019-07-31 04:03:56 +00:00
ZhongShengping 96f35410bf Update Python 3 test runtimes for Train
This goal is to implement the process set out in the 2018-10-24 Python
Update Process TC resolution[1], for the Train cycle to ensure unit
testing is in place for all of the Tested Runtimes for Train[2].
In practice, this generally means adding unit tests for Python 3.7 and dropping
unit tests for Python 3.5. Using the Zuul template for Train will ensure that
all projects that support Python3 will be tested against the agreed runtime
versions, and make it easier to update them in future.

[1]https://governance.openstack.org/tc/resolutions/20181024-python-update-process.html
[2]https://governance.openstack.org/tc/reference/runtimes/train.html

Change-Id: Ied3c0fab32caf39cc34d9ce5d65551241c782f7b
Depends-On: https://review.opendev.org/#/c/641878/
2019-05-09 17:35:22 +08:00