Helm-Test: remove user and tenant creation from test context

This PS removes the user managemnt from the rally driven helm tests
which allows LDAP and other read only sources being used to validate
service functionality, in addition to reducing false -ve results in
the Zuul gates.

Change-Id: I1cc0e99bf74d578648b3cd40eaf60c1804044d88
This commit is contained in:
portdirect 2018-01-27 11:12:30 -05:00 committed by Pete Birley
parent 7e630ad8ea
commit 4746de33f4
21 changed files with 370 additions and 296 deletions

View File

@ -11,10 +11,6 @@
type: "constant"
times: 1
concurrency: 1
context:
users:
tenants: 1
users_per_tenant: 1
sla:
failure_rate:
max: 0
@ -28,9 +24,6 @@
failure_rate:
max: 0
context:
users:
tenants: 1
users_per_tenant: 1
ceilometer:
counter_name: "benchmark_meter"
counter_type: "gauge"
@ -67,10 +60,6 @@
type: "constant"
times: 1
concurrency: 1
context:
users:
tenants: 1
users_per_tenant: 1
sla:
failure_rate:
max: 0

View File

@ -18,31 +18,56 @@ limitations under the License.
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.tests }}
{{- $mounts_ceilometer_tests := .Values.pod.mounts.ceilometer_tests.ceilometer_tests }}
{{- $mounts_ceilometer_tests_init := .Values.pod.mounts.ceilometer_tests.init_container }}
{{- $mounts_tests := .Values.pod.mounts.ceilometer_tests.ceilometer_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.ceilometer_tests.init_container }}
{{- $serviceAccountName := print .Release.Name "-test" }}
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
name: "{{.Release.Name}}-test"
name: {{ print $envAll.Release.Name "-test" }}
annotations:
"helm.sh/hook": test-success
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: Never
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll $dependencies $mounts_ceilometer_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ tuple $envAll $dependencies $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
- name: {{ .Release.Name }}-test-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ceilometer-bin
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "test"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: {{.Release.Name}}-token-issue-test
- name: {{ .Release.Name }}-test
image: {{ .Values.images.tags.test }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: RALLY_ENV_NAME
value: {{.Release.Name}}
@ -59,7 +84,7 @@ spec:
readOnly: true
- name: rally-db
mountPath: /var/lib/rally
{{ if $mounts_ceilometer_tests.volumeMounts }}{{ toYaml $mounts_ceilometer_tests.volumeMounts | indent 8 }}{{ end }}
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
volumes:
- name: ceilometer-etc
configMap:
@ -71,5 +96,5 @@ spec:
defaultMode: 0555
- name: rally-db
emptyDir: {}
{{ if $mounts_ceilometer_tests.volumes }}{{ toYaml $mounts_ceilometer_tests.volumes | indent 4 }}{{ end }}
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }}

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "ceilometer" }}
{{- range $key1, $userClass := tuple "admin" "ceilometer" "test" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -1601,6 +1601,7 @@ secrets:
identity:
admin: ceilometer-keystone-admin
ceilometer: ceilometer-keystone-user
test: ceilometer-keystone-test
oslo_db:
admin: ceilometer-db-admin
ceilometer: ceilometer-db-user
@ -1631,6 +1632,14 @@ endpoints:
project_name: service
user_domain_name: default
project_domain_name: default
test:
role: admin
region_name: RegionOne
username: test
password: password
project_name: test
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone

View File

@ -18,8 +18,8 @@ limitations under the License.
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.tests }}
{{- $mounts_cinder_tests := .Values.pod.mounts.cinder_tests.cinder_tests }}
{{- $mounts_cinder_tests_init := .Values.pod.mounts.cinder_tests.init_container }}
{{- $mounts_tests := .Values.pod.mounts.cinder_tests.cinder_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.cinder_tests.init_container }}
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
@ -34,15 +34,40 @@ spec:
restartPolicy: Never
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll $dependencies $mounts_cinder_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
{{ tuple $envAll $dependencies $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
- name: {{ .Release.Name }}-test-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: cinder-bin
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "test"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: {{.Release.Name}}-token-issue-test
- name: {{ .Release.Name }}-test
image: {{ .Values.images.tags.test }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: RALLY_ENV_NAME
value: {{.Release.Name}}
@ -59,7 +84,7 @@ spec:
readOnly: true
- name: rally-db
mountPath: /var/lib/rally
{{ if $mounts_cinder_tests.volumeMounts }}{{ toYaml $mounts_cinder_tests.volumeMounts | indent 8 }}{{ end }}
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
volumes:
- name: cinder-etc
configMap:
@ -71,5 +96,5 @@ spec:
defaultMode: 0555
- name: rally-db
emptyDir: {}
{{ if $mounts_cinder_tests.volumes }}{{ toYaml $mounts_cinder_tests.volumes | indent 4 }}{{ end }}
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }}

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "cinder" }}
{{- range $key1, $userClass := tuple "admin" "cinder" "test" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -458,10 +458,6 @@ conf:
CinderVolumes.create_and_delete_volume:
- args:
size: 1
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -473,10 +469,6 @@ conf:
size:
max: 5
min: 1
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -600,6 +592,7 @@ secrets:
identity:
admin: cinder-keystone-admin
cinder: cinder-keystone-user
test: cinder-keystone-test
oslo_db:
admin: cinder-db-admin
cinder: cinder-db-user
@ -630,6 +623,14 @@ endpoints:
project_name: service
user_domain_name: default
project_domain_name: default
test:
role: admin
region_name: RegionOne
username: test
password: password
project_name: test
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone

View File

@ -18,31 +18,56 @@ limitations under the License.
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.tests }}
{{- $mounts_glance_tests := .Values.pod.mounts.glance_tests.glance_tests }}
{{- $mounts_glance_tests_init := .Values.pod.mounts.glance_tests.init_container }}
{{- $mounts_tests := .Values.pod.mounts.glance_tests.glance_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.glance_tests.init_container }}
{{- $serviceAccountName := print .Release.Name "-test" }}
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
name: "{{.Release.Name}}-test"
name: {{ print $envAll.Release.Name "-test" }}
annotations:
"helm.sh/hook": test-success
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: Never
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll $dependencies $mounts_glance_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
{{ tuple $envAll $dependencies $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
- name: {{ .Release.Name }}-test-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: glance-bin
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "test"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: {{.Release.Name}}-token-issue-test
- name: {{ .Release.Name }}-test
image: {{ .Values.images.tags.test }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: RALLY_ENV_NAME
value: {{.Release.Name}}
@ -59,7 +84,7 @@ spec:
readOnly: true
- name: rally-db
mountPath: /var/lib/rally
{{ if $mounts_glance_tests.volumeMounts }}{{ toYaml $mounts_glance_tests.volumeMounts | indent 8 }}{{ end }}
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
volumes:
- name: glance-etc
configMap:
@ -71,5 +96,5 @@ spec:
defaultMode: 0555
- name: rally-db
emptyDir: {}
{{ if $mounts_glance_tests.volumes }}{{ toYaml $mounts_glance_tests.volumes | indent 4 }}{{ end }}
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }}

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "glance" }}
{{- range $key1, $userClass := tuple "admin" "glance" "test" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -68,10 +68,6 @@ conf:
container_format: bare
disk_format: qcow2
image_location: http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -84,10 +80,6 @@ conf:
container_format: bare
disk_format: qcow2
image_location: http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -379,6 +371,7 @@ secrets:
identity:
admin: glance-keystone-admin
glance: glance-keystone-user
test: glance-keystone-test
oslo_db:
admin: glance-db-admin
glance: glance-db-user
@ -407,6 +400,14 @@ endpoints:
project_name: service
user_domain_name: default
project_domain_name: default
test:
role: admin
region_name: RegionOne
username: test
password: password
project_name: test
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone

View File

@ -19,19 +19,45 @@ limitations under the License.
set -ex
{{- $rallyTests := index . 0 }}
: ${RALLY_ENV_NAME:="openstack-helm"}
: "${RALLY_ENV_NAME:="openstack-helm"}"
rally-manage db create
rally deployment create --fromenv --name ${RALLY_ENV_NAME}
rally deployment use ${RALLY_ENV_NAME}
cat > /tmp/rally-config.json << EOF
{
"type": "ExistingCloud",
"auth_url": "${OS_AUTH_URL}",
"region_name": "${OS_REGION_NAME}",
"endpoint_type": "public",
"admin": {
"username": "${OS_USERNAME}",
"password": "${OS_PASSWORD}",
"project_name": "${OS_PROJECT_NAME}",
"user_domain_name": "${OS_USER_DOMAIN_NAME}",
"project_domain_name": "${OS_PROJECT_DOMAIN_NAME}"
},
"users": [
{
"username": "${SERVICE_OS_USERNAME}",
"password": "${SERVICE_OS_PASSWORD}",
"project_name": "${SERVICE_OS_PROJECT_NAME}",
"user_domain_name": "${SERVICE_OS_USER_DOMAIN_NAME}",
"project_domain_name": "${SERVICE_OS_PROJECT_DOMAIN_NAME}"
}
]
}
EOF
rally deployment create --file /tmp/rally-config.json --name "${RALLY_ENV_NAME}"
rm -f /tmp/rally-config.json
rally deployment use "${RALLY_ENV_NAME}"
rally deployment check
{{- if $rallyTests.run_tempest }}
rally verify create-verifier --name ${RALLY_ENV_NAME}-tempest --type tempest
SERVICE_TYPE=$(rally deployment check | grep ${RALLY_ENV_NAME} | awk -F \| '{print $3}' | tr -d ' ' | tr -d '\n')
rally verify start --pattern tempest.api.$SERVICE_TYPE*
rally verify delete-verifier --id ${RALLY_ENV_NAME}-tempest --force
rally verify create-verifier --name "${RALLY_ENV_NAME}-tempest" --type tempest
SERVICE_TYPE="$(rally deployment check | grep "${RALLY_ENV_NAME}" | awk -F \| '{print $3}' | tr -d ' ' | tr -d '\n')"
rally verify start --pattern "tempest.api.${SERVICE_TYPE}*"
rally verify delete-verifier --id "${RALLY_ENV_NAME}-tempest" --force
{{- end }}
rally task validate /etc/rally/rally_tests.yaml
rally task start /etc/rally/rally_tests.yaml
rally deployment destroy --deployment ${RALLY_ENV_NAME}
rally deployment destroy --deployment "${RALLY_ENV_NAME}"
rally task sla-check
{{- end }}

View File

@ -29,6 +29,8 @@ data:
{{- end }}
rally-test.sh: |
{{ tuple $rallyTests | include "helm-toolkit.scripts.rally_test" | indent 4 }}
ks-user.sh: |+
{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
db-sync.sh: |

View File

@ -18,31 +18,56 @@ limitations under the License.
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.tests }}
{{- $mounts_keystone_tests := .Values.pod.mounts.keystone_tests.keystone_tests }}
{{- $mounts_keystone_tests_init := .Values.pod.mounts.keystone_tests.init_container }}
{{- $mounts_tests := .Values.pod.mounts.keystone_tests.keystone_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.keystone_tests.init_container }}
{{- $serviceAccountName := print .Release.Name "-test" }}
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
name: "{{.Release.Name}}-test"
name: {{ print $envAll.Release.Name "-test" }}
annotations:
"helm.sh/hook": test-success
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: Never
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll $dependencies $mounts_keystone_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
{{ tuple $envAll $dependencies $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
- name: {{ .Release.Name }}-test-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: keystone-bin
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "test"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: {{.Release.Name}}-token-issue-test
- name: {{ .Release.Name }}-test
image: {{ .Values.images.tags.test }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: RALLY_ENV_NAME
value: {{.Release.Name}}
@ -59,7 +84,7 @@ spec:
readOnly: true
- name: rally-db
mountPath: /var/lib/rally
{{ if $mounts_keystone_tests.volumeMounts }}{{ toYaml $mounts_keystone_tests.volumeMounts | indent 8 }}{{ end }}
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
volumes:
- name: keystone-etc
configMap:
@ -71,5 +96,5 @@ spec:
defaultMode: 0555
- name: rally-db
emptyDir: {}
{{ if $mounts_keystone_tests.volumes }}{{ toYaml $mounts_keystone_tests.volumes | indent 4 }}{{ end }}
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }}

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" }}
{{- range $key1, $userClass := tuple "admin" "test" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -30,6 +30,7 @@ images:
db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
keystone_db_sync: docker.io/kolla/ubuntu-source-keystone:3.0.3
db_drop: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
keystone_fernet_setup: docker.io/kolla/ubuntu-source-keystone:3.0.3
keystone_fernet_rotate: docker.io/kolla/ubuntu-source-keystone:3.0.3
keystone_credential_setup: docker.io/kolla/ubuntu-source-keystone:3.0.3
@ -509,11 +510,7 @@ conf:
run_tempest: false
tests:
KeystoneBasic.add_and_remove_user_role:
- context:
users:
tenants: 1
users_per_tenant: 1
runner:
- runner:
concurrency: 1
times: 1
type: constant
@ -530,11 +527,7 @@ conf:
failure_rate:
max: 0
KeystoneBasic.create_add_and_list_user_roles:
- context:
users:
tenants: 1
users_per_tenant: 1
runner:
- runner:
concurrency: 1
times: 1
type: constant
@ -542,11 +535,7 @@ conf:
failure_rate:
max: 0
KeystoneBasic.create_and_delete_ec2credential:
- context:
users:
tenants: 1
users_per_tenant: 1
runner:
- runner:
concurrency: 1
times: 1
type: constant
@ -574,10 +563,6 @@ conf:
max: 0
KeystoneBasic.create_and_get_role:
- args: {}
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -586,11 +571,7 @@ conf:
failure_rate:
max: 0
KeystoneBasic.create_and_list_ec2credentials:
- context:
users:
tenants: 1
users_per_tenant: 1
runner:
- runner:
concurrency: 1
times: 1
type: constant
@ -722,6 +703,7 @@ conf:
secrets:
identity:
admin: keystone-keystone-admin
test: keystone-keystone-test
oslo_db:
admin: keystone-db-admin
keystone: keystone-db-user
@ -742,6 +724,14 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
test:
role: admin
region_name: RegionOne
username: test
password: password
project_name: test
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone

View File

@ -18,36 +18,60 @@ limitations under the License.
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.tests }}
{{- $mounts_neutron_tests := .Values.pod.mounts.neutron_tests.neutron_tests }}
{{- $mounts_neutron_tests_init := .Values.pod.mounts.neutron_tests.init_container }}
{{- $mounts_tests := .Values.pod.mounts.neutron_tests.neutron_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.neutron_tests.init_container }}
{{- $serviceAccountName := print .Release.Name "-test" }}
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
name: "{{.Release.Name}}-test"
name: {{ print $envAll.Release.Name "-test" }}
annotations:
"helm.sh/hook": test-success
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: Never
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
{{ tuple $envAll $dependencies $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
- name: {{ .Release.Name }}-test-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: neutron-bin
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "test"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: {{.Release.Name}}-token-issue-test
image: {{ .Values.images.tags.neutron_test }}
- name: {{ .Release.Name }}-test
image: {{ .Values.images.tags.test }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: RALLY_ENV_NAME
value: {{.Release.Name}}
command:
- bash
- /tmp/rally-test.sh
volumeMounts:
- name: neutron-etc
@ -60,7 +84,7 @@ spec:
readOnly: true
- name: rally-db
mountPath: /var/lib/rally
{{ if $mounts_neutron_tests.volumeMounts }}{{ toYaml $mounts_neutron_tests.volumeMounts | indent 8 }}{{ end }}
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
volumes:
- name: neutron-etc
configMap:
@ -72,5 +96,5 @@ spec:
defaultMode: 0555
- name: rally-db
emptyDir: {}
{{ if $mounts_neutron_tests.volumes }}{{ toYaml $mounts_neutron_tests.volumes | indent 4 }}{{ end }}
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }}

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "neutron" }}
{{- range $key1, $userClass := tuple "admin" "neutron" "test" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -22,7 +22,7 @@ release_group: null
images:
tags:
bootstrap: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
neutron_test: docker.io/kolla/ubuntu-source-rally:4.0.0
test: docker.io/kolla/ubuntu-source-rally:4.0.0
db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
neutron_db_sync: docker.io/kolla/ubuntu-source-neutron-server:3.0.3
db_drop: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
@ -399,9 +399,6 @@ conf:
quotas:
neutron:
network: -1
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -420,9 +417,6 @@ conf:
neutron:
network: -1
port: -1
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -444,9 +438,6 @@ conf:
network: -1
router: -1
subnet: -1
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -466,9 +457,6 @@ conf:
neutron:
network: -1
subnet: -1
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -490,9 +478,6 @@ conf:
network: -1
router: -1
subnet: -1
users:
tenants: 3
users_per_tenant: 3
runner:
concurrency: 1
times: 1
@ -512,9 +497,6 @@ conf:
neutron:
network: -1
subnet: -1
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -529,9 +511,6 @@ conf:
quotas:
neutron:
network: -1
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -549,9 +528,6 @@ conf:
quotas:
neutron:
network: -1
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -575,9 +551,6 @@ conf:
neutron:
network: -1
port: -1
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -602,9 +575,6 @@ conf:
network: -1
router: -1
subnet: -1
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -627,9 +597,6 @@ conf:
neutron:
network: -1
subnet: -1
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -640,10 +607,6 @@ conf:
NeutronNetworks.list_agents:
- args:
agent_args: {}
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -658,9 +621,6 @@ conf:
quotas:
neutron:
security_group: -1
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -676,9 +636,6 @@ conf:
quotas:
neutron:
security_group: -1
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -1061,6 +1018,7 @@ secrets:
identity:
admin: neutron-keystone-admin
neutron: neutron-keystone-user
test: neutron-keystone-test
oslo_db:
admin: neutron-db-admin
neutron: neutron-db-user
@ -1166,6 +1124,14 @@ endpoints:
user_domain_name: default
username: nova
password: password
test:
role: admin
region_name: RegionOne
username: test
password: password
project_name: test
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone

View File

@ -18,35 +18,60 @@ limitations under the License.
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.tests }}
{{- $mounts_nova_tests := .Values.pod.mounts.nova_tests.nova_tests }}
{{- $mounts_nova_tests_init := .Values.pod.mounts.nova_tests.init_container }}
{{- $mounts_tests := .Values.pod.mounts.nova_tests.nova_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.nova_tests.init_container }}
{{- $serviceAccountName := print .Release.Name "-test" }}
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
name: "{{.Release.Name}}-test"
name: {{ print $envAll.Release.Name "-test" }}
annotations:
"helm.sh/hook": test-success
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: Never
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll $dependencies $mounts_nova_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
containers:
- name: {{.Release.Name}}-token-issue-test
image: {{ .Values.images.tags.test }}
{{ tuple $envAll $dependencies $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
- name: {{ .Release.Name }}-test-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: nova-bin
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "test"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: {{ .Release.Name }}-test
image: {{ .Values.images.tags.test }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: RALLY_ENV_NAME
value: {{.Release.Name}}
command:
- bash
- /tmp/rally-test.sh
volumeMounts:
- name: nova-etc
@ -59,7 +84,7 @@ spec:
readOnly: true
- name: rally-db
mountPath: /var/lib/rally
{{ if $mounts_nova_tests.volumeMounts }}{{ toYaml $mounts_nova_tests.volumeMounts | indent 8 }}{{ end }}
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
volumes:
- name: nova-etc
configMap:
@ -71,5 +96,5 @@ spec:
defaultMode: 0555
- name: rally-db
emptyDir: {}
{{ if $mounts_nova_tests.volumes }}{{ toYaml $mounts_nova_tests.volumes | indent 4 }}{{ end }}
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }}

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "nova" }}
{{- range $key1, $userClass := tuple "admin" "nova" "test" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -344,10 +344,6 @@ conf:
NovaAggregates.create_and_get_aggregate_details:
- args:
availability_zone: nova
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -358,10 +354,6 @@ conf:
NovaAggregates.create_and_update_aggregate:
- args:
availability_zone: nova
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -392,10 +384,6 @@ conf:
disk: 1
ram: 500
vcpus: 1
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -432,10 +420,6 @@ conf:
disk: 1
ram: 500
vcpus: 1
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -450,10 +434,6 @@ conf:
'quota:disk_read_bytes_sec': 10240
ram: 500
vcpus: 1
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -464,10 +444,6 @@ conf:
NovaFlavors.list_flavors:
- args:
detailed: true
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -486,10 +462,6 @@ conf:
NovaHypervisors.list_and_get_hypervisors:
- args:
detailed: true
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -500,10 +472,6 @@ conf:
NovaHypervisors.list_and_get_uptime_hypervisors:
- args:
detailed: true
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -514,10 +482,6 @@ conf:
NovaHypervisors.list_and_search_hypervisors:
- args:
detailed: true
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -537,10 +501,6 @@ conf:
max: 0
NovaHypervisors.statistics_hypervisors:
- args: {}
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -551,10 +511,6 @@ conf:
NovaImages.list_images:
- args:
detailed: true
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -563,11 +519,7 @@ conf:
failure_rate:
max: 0
NovaKeypair.create_and_delete_keypair:
- context:
users:
tenants: 1
users_per_tenant: 1
runner:
- runner:
concurrency: 1
times: 1
type: constant
@ -575,11 +527,7 @@ conf:
failure_rate:
max: 0
NovaKeypair.create_and_list_keypairs:
- context:
users:
tenants: 1
users_per_tenant: 1
runner:
- runner:
concurrency: 1
times: 1
type: constant
@ -590,10 +538,6 @@ conf:
- args:
rules_per_security_group: 1
security_group_count: 1
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -605,10 +549,6 @@ conf:
- args:
rules_per_security_group: 1
security_group_count: 1
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -619,10 +559,6 @@ conf:
NovaSecGroup.create_and_update_secgroups:
- args:
security_group_count: 1
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -636,10 +572,6 @@ conf:
kwargs:
policies:
- affinity
context:
users:
tenants: 1
users_per_tenant: 1
runner:
concurrency: 1
times: 1
@ -1067,6 +999,7 @@ secrets:
admin: nova-keystone-admin
nova: nova-keystone-user
placement: nova-keystone-placement
test: nova-keystone-test
oslo_db:
admin: nova-db-admin
nova: nova-db-user
@ -1190,6 +1123,14 @@ endpoints:
project_name: service
user_domain_name: default
project_domain_name: default
test:
role: admin
region_name: RegionOne
username: test
password: password
project_name: test
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone