Add test for keystone-openidc #925
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
freyes
force-pushed
the
test-keystone-openidc
branch
7 times, most recently
from
d15f582
to
9e8cd9e
Compare
freyes
force-pushed
the
test-keystone-openidc
branch
from
9e8cd9e
to
aa667e9
Compare
^ this is the error when running the tests the deprecated decorator is provided by cryptography library, the name argument is available since 37.0.0 - pyca/cryptography@7274228 |
|
This commit fixes the CI failure - #930 |
|
This pull request is being exercised by this other patchset https://review.opendev.org/c/openstack/charm-keystone-openidc/+/858844 |
freyes
force-pushed
the
test-keystone-openidc
branch
from
aa667e9
to
da876ef
Compare
ajkavanagh
reviewed
Sep 28, 2022
| domain=domain, | ||
| enabled=True) | ||
|
|
||
| role = keystone_client.roles.find(name=role_name) |
There was a problem hiding this comment.
Probably should check that a role was returned and fail if not found?
| self.assertIsNotNone(token) | ||
| logging.info('OK') | ||
|
|
||
| def test_10_network_configuration(self): |
There was a problem hiding this comment.
Is this a set-up function? it "looks" like a test, but seems to just configure things?
There was a problem hiding this comment.
yeah, this doesn't look right. I will refactor this code to have a another class that interacts with the cloud, add this "bootstrap" code in the setupClass() of that new class.
Comment on lines
776
to
777
| :param keystone_session: Keystone session to use. | ||
| :type keystone_session: keystoneauth1.session.Session |
There was a problem hiding this comment.
The :type ..: is Optional[keystoneauth1.session.Session] isn't it?
zaza/openstack/configure/guest.py
Outdated
| @@ -120,10 +121,14 @@ def launch_instance(instance_key, use_boot_volume=False, vm_name=None, | |||
| :param attach_to_external_network: Attach instance directly to external | |||
| network. | |||
| :type attach_to_external_network: bool | |||
| :param keystone_session: Keystone session to use. | |||
| :type keystone_session: keystoneauth1.session.Session | |||
There was a problem hiding this comment.
Again, isn't it Optional[...]?
The keystone-openidc charm requires 2 configuration steps:
1) Configure the oidc-client-id, oidc-client-secret and
oidc-provider-metadata-url, this information is tightly related to
the Identity Provider configured, which for testing purposes this is
the openidc-test-fixture charm, the setup function
zaza.openstack.charm_tests.openidc.setup.configure_keystone_openidc
takes care of setting these values once the fixture charm is ready
for service.
2) Create the OpenStack objects to correctly configure the federation,
this is made by the setup function
zaza.openstack.charm_tests.openidc.setup.keystone_federation_setup_site1
which will create and configure the following resources:
- Create a domain named 'federated_domain'.
- Create a group named 'federated_users'.
- Grant the 'Member' role to users in the 'federated_users' group.
- Create an identity provider named 'openid'.
- Create a mapping named 'openid_mapping'.
- Create a federation protocol named 'openid' that relates the mapping
and the identity provider.
get_keystone_session() uses the v3.OidcPassword class when the OS_AUTH_TYPE is set to v3oidcpassword, this class expects the following extra configuration options: - OS_IDENTITY_PROVIDER - OS_PROTOCOL - OS_CLIENT_ID - OS_CLIENT_SECRET - OS_ACCESS_TOKEN_ENDPOINT (optional) - OS_DISCOVERY_ENDPOINT (optional)
This patch introduces a new testing class named CharmKeystoneOpenIDCTest which interacts with keystone using users provided by openidc-test-fixture via OpenID Connect.
Adding the option to pass a keystone session allows callers to use credentials different from the ones provided by get_overcloud_keystone_session(), this is helpful when testing non default keystone configurations (e.g. Federation).
freyes
force-pushed
the
test-keystone-openidc
branch
3 times, most recently
from
fe7f676
to
8655aa1
Compare
This testing class configures a private network in the user's project defined by the mapping rules during the setUpClass stage. Specifically this test performs the following steps: - Create keypair named 'zaza' in the user's project - Create a router for the project - Attach the router to the external network - Create a network - Create a subnet attached to the previously create network - Connect the subnet to the project's router The testing method launches an instance using a keystone session associated with a user backed by OpenID Connect.
freyes
force-pushed
the
test-keystone-openidc
branch
from
8655aa1
to
18909b9
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patchset introduces testing for the keystone-openidc charm, the code does
the following:
oidc-provider-metadata-url, this information is tightly related to the
Identity Provider configured, which for testing purposes this is the
openidc-test-fixture charm, the setup function
zaza.openstack.charm_tests.openidc.setup.configure_keystone_openidc takes
care of setting these values once the fixture charm is ready for service.
made by the setup function
zaza.openstack.charm_tests.openidc.setup.keystone_federation_setup_site1
which will create and configure the following resources:
and the identity provider.
Changes to infrastructure code:
keystone_sessionto launch_guest()