-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add test for keystone-openidc #925
Add test for keystone-openidc #925
Conversation
|
d15f582
to
9e8cd9e
Compare
9e8cd9e
to
aa667e9
Compare
^ this is the error when running the tests the deprecated decorator is provided by cryptography library, the name argument is available since 37.0.0 - pyca/cryptography@7274228 |
This commit fixes the CI failure - #930 |
This pull request is being exercised by this other patchset https://review.opendev.org/c/openstack/charm-keystone-openidc/+/858844 |
aa667e9
to
da876ef
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few minor nitpicks; otherwise looks great.
domain=domain, | ||
enabled=True) | ||
|
||
role = keystone_client.roles.find(name=role_name) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably should check that a role was returned and fail if not found?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ack, makes sense.
self.assertIsNotNone(token) | ||
logging.info('OK') | ||
|
||
def test_10_network_configuration(self): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this a set-up function? it "looks" like a test, but seems to just configure things?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, this doesn't look right. I will refactor this code to have a another class that interacts with the cloud, add this "bootstrap" code in the setupClass() of that new class.
:param keystone_session: Keystone session to use. | ||
:type keystone_session: keystoneauth1.session.Session |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The :type ..:
is Optional[keystoneauth1.session.Session]
isn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
correct, will fix that.
zaza/openstack/configure/guest.py
Outdated
@@ -120,10 +121,14 @@ def launch_instance(instance_key, use_boot_volume=False, vm_name=None, | |||
:param attach_to_external_network: Attach instance directly to external | |||
network. | |||
:type attach_to_external_network: bool | |||
:param keystone_session: Keystone session to use. | |||
:type keystone_session: keystoneauth1.session.Session |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again, isn't it Optional[...]
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
correct.
The keystone-openidc charm requires 2 configuration steps: 1) Configure the oidc-client-id, oidc-client-secret and oidc-provider-metadata-url, this information is tightly related to the Identity Provider configured, which for testing purposes this is the openidc-test-fixture charm, the setup function zaza.openstack.charm_tests.openidc.setup.configure_keystone_openidc takes care of setting these values once the fixture charm is ready for service. 2) Create the OpenStack objects to correctly configure the federation, this is made by the setup function zaza.openstack.charm_tests.openidc.setup.keystone_federation_setup_site1 which will create and configure the following resources: - Create a domain named 'federated_domain'. - Create a group named 'federated_users'. - Grant the 'Member' role to users in the 'federated_users' group. - Create an identity provider named 'openid'. - Create a mapping named 'openid_mapping'. - Create a federation protocol named 'openid' that relates the mapping and the identity provider.
get_keystone_session() uses the v3.OidcPassword class when the OS_AUTH_TYPE is set to v3oidcpassword, this class expects the following extra configuration options: - OS_IDENTITY_PROVIDER - OS_PROTOCOL - OS_CLIENT_ID - OS_CLIENT_SECRET - OS_ACCESS_TOKEN_ENDPOINT (optional) - OS_DISCOVERY_ENDPOINT (optional)
This patch introduces a new testing class named CharmKeystoneOpenIDCTest which interacts with keystone using users provided by openidc-test-fixture via OpenID Connect.
Adding the option to pass a keystone session allows callers to use credentials different from the ones provided by get_overcloud_keystone_session(), this is helpful when testing non default keystone configurations (e.g. Federation).
fe7f676
to
8655aa1
Compare
This testing class configures a private network in the user's project defined by the mapping rules during the setUpClass stage. Specifically this test performs the following steps: - Create keypair named 'zaza' in the user's project - Create a router for the project - Attach the router to the external network - Create a network - Create a subnet attached to the previously create network - Connect the subnet to the project's router The testing method launches an instance using a keystone session associated with a user backed by OpenID Connect.
8655aa1
to
18909b9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This patchset introduces testing for the keystone-openidc charm, the code does
the following:
oidc-provider-metadata-url, this information is tightly related to the
Identity Provider configured, which for testing purposes this is the
openidc-test-fixture charm, the setup function
zaza.openstack.charm_tests.openidc.setup.configure_keystone_openidc takes
care of setting these values once the fixture charm is ready for service.
made by the setup function
zaza.openstack.charm_tests.openidc.setup.keystone_federation_setup_site1
which will create and configure the following resources:
and the identity provider.
Changes to infrastructure code:
keystone_session
to launch_guest()