1 require 'spec_helper_acceptance'
3 describe 'basic keystone server with resources' do
5 context 'default parameters' do
7 it 'should work with no errors' do
9 Exec { logoutput => 'on_failure' }
15 class { '::openstack_extras::repo::debian::ubuntu':
17 package_require => true,
21 class { '::openstack_extras::repo::redhat::redhat':
24 package { 'openstack-selinux': ensure => 'latest' }
27 fail("Unsupported osfamily (${::osfamily})")
31 class { '::mysql::server': }
34 class { '::keystone::client': }
35 class { '::keystone::cron::token_flush': }
36 class { '::keystone::db::mysql':
37 password => 'keystone',
42 database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone',
43 admin_token => 'admin_token',
46 # "v2" admin and service
47 class { '::keystone::roles::admin':
48 email => 'test@example.tld',
49 password => 'a_big_secret',
51 class { '::keystone::endpoint':
52 public_url => "http://127.0.0.1:5000/",
53 admin_url => "http://127.0.0.1:35357/",
54 default_domain => 'admin',
56 ::keystone::resource::service_identity { 'beaker-ci':
57 service_type => 'beaker',
58 service_description => 'beaker service',
59 service_name => 'beaker',
61 public_url => 'http://127.0.0.1:1234',
62 admin_url => 'http://127.0.0.1:1234',
63 internal_url => 'http://127.0.0.1:1234',
66 # we don't use ::keystone::roles::admin but still create resources manually:
67 keystone_domain { 'admin_domain':
70 description => 'Domain for admin v3 users',
72 keystone_domain { 'service_domain':
75 description => 'Domain for admin v3 users',
77 keystone_tenant { 'servicesv3':
80 description => 'Tenant for the openstack services',
81 domain => 'service_domain',
83 keystone_tenant { 'openstackv3':
86 description => 'admin tenant',
87 domain => 'admin_domain',
89 keystone_user { 'adminv3':
92 tenant => 'openstackv3', # note: don't have to use 'openstackv3::admin_domain' here since the tenant name 'openstackv3' is unique among all domains
93 email => 'test@example.tld',
94 password => 'a_big_secret',
95 domain => 'admin_domain',
97 keystone_user_role { 'adminv3@openstackv3':
101 # service user exists only in the service_domain - must
103 ::keystone::resource::service_identity { 'beaker-civ3':
104 service_type => 'beakerv3',
105 service_description => 'beakerv3 service',
106 service_name => 'beakerv3',
107 password => 'secret',
108 tenant => 'servicesv3',
109 public_url => 'http://127.0.0.1:1234/v3',
110 admin_url => 'http://127.0.0.1:1234/v3',
111 internal_url => 'http://127.0.0.1:1234/v3',
112 user_domain => 'service_domain',
113 project_domain => 'service_domain',
118 # Run it twice and test for idempotency
119 apply_manifest(pp, :catch_failures => true)
120 apply_manifest(pp, :catch_changes => true)
123 describe port(5000) do
124 it { is_expected.to be_listening.with('tcp') }
127 describe port(35357) do
128 it { is_expected.to be_listening.with('tcp') }
132 it { should have_entry('1 0 * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
135 shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v2 API' do |auth_creds|
136 it 'should find users in the default domain' do
137 shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v2.0 --os-identity-api-version 2 user list") do |r|
138 expect(r.stdout).to match(/admin/)
139 expect(r.stderr).to be_empty
142 it 'should find tenants in the default domain' do
143 shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v2.0 --os-identity-api-version 2 project list") do |r|
144 expect(r.stdout).to match(/openstack/)
145 expect(r.stderr).to be_empty
148 it 'should find beaker service' do
149 shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v2.0 --os-identity-api-version 2 service list") do |r|
150 expect(r.stdout).to match(/beaker/)
151 expect(r.stderr).to be_empty
154 it 'should find admin role' do
155 shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v2.0 --os-identity-api-version 2 role list") do |r|
156 expect(r.stdout).to match(/admin/)
157 expect(r.stderr).to be_empty
160 it 'should find beaker endpoints' do
161 shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v2.0 --os-identity-api-version 2 endpoint list --long") do |r|
162 expect(r.stdout).to match(/1234/)
163 expect(r.stderr).to be_empty
167 shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v3 API' do |auth_creds|
168 it 'should find beaker user' do
169 shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 user list") do |r|
170 expect(r.stdout).to match(/beaker/)
171 expect(r.stderr).to be_empty
174 it 'should find services tenant' do
175 shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 project list") do |r|
176 expect(r.stdout).to match(/services/)
177 expect(r.stderr).to be_empty
180 it 'should find beaker service' do
181 shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 service list") do |r|
182 expect(r.stdout).to match(/beaker/)
183 expect(r.stderr).to be_empty
186 it 'should find admin role' do
187 shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 role list") do |r|
188 expect(r.stdout).to match(/admin/)
189 expect(r.stderr).to be_empty
192 it 'should find beaker endpoints' do
193 shell("openstack #{auth_creds} --os-auth-url http://127.0.0.1:5000/v3 --os-identity-api-version 3 endpoint list") do |r|
194 expect(r.stdout).to match(/1234/)
195 expect(r.stderr).to be_empty
199 describe 'with v2 admin with v2 credentials' do
200 include_examples 'keystone user/tenant/service/role/endpoint resources using v2 API',
201 '--os-username admin --os-password a_big_secret --os-project-name openstack'
203 describe 'with v2 service with v2 credentials' do
204 include_examples 'keystone user/tenant/service/role/endpoint resources using v2 API',
205 '--os-username beaker-ci --os-password secret --os-project-name services'
207 describe 'with v2 admin with v3 credentials' do
208 include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
209 '--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name Default --os-project-domain-name Default'
211 describe "with v2 service with v3 credentials" do
212 include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
213 '--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default'
215 describe 'with v3 admin with v3 credentials' do
216 include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
217 '--os-username adminv3 --os-password a_big_secret --os-project-name openstackv3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain'
219 describe "with v3 service with v3 credentials" do
220 include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API',
221 '--os-username beaker-civ3 --os-password secret --os-project-name servicesv3 --os-user-domain-name service_domain --os-project-domain-name service_domain'