From 0418cb4d2684035f90908d293c937b926ffd9065 Mon Sep 17 00:00:00 2001 From: Frode Nordahl Date: Mon, 20 Aug 2018 09:51:16 +0200 Subject: [PATCH] Pause lead unit during key rotation test Related LP: #1787719 --- zaza/charm_tests/keystone/tests.py | 128 +++++++++++++++-------------- 1 file changed, 65 insertions(+), 63 deletions(-) diff --git a/zaza/charm_tests/keystone/tests.py b/zaza/charm_tests/keystone/tests.py index 4796e41..ba0617b 100644 --- a/zaza/charm_tests/keystone/tests.py +++ b/zaza/charm_tests/keystone/tests.py @@ -65,72 +65,74 @@ class CharmOperationTest(BaseKeystoneTest): logging.info('skipping test < xenial_ocata') return - KEY_KEY_REPOSITORY = 'key_repository' - CREDENTIAL_KEY_REPOSITORY = '/etc/keystone/credential-keys/' - FERNET_KEY_REPOSITORY = '/etc/keystone/fernet-keys/' + with self.pause_resume(['apache2']): + KEY_KEY_REPOSITORY = 'key_repository' + CREDENTIAL_KEY_REPOSITORY = '/etc/keystone/credential-keys/' + FERNET_KEY_REPOSITORY = '/etc/keystone/fernet-keys/' - # get key repostiroy from leader storage - key_repository = json.loads(juju_utils.leader_get( - self.application_name, KEY_KEY_REPOSITORY)) - # sort keys so we can compare it to on-disk repositories - key_repository = json.loads(json.dumps( - key_repository, sort_keys=True), - object_pairs_hook=collections.OrderedDict) - logging.info('key_repository: "{}"' - .format(pprint.pformat(key_repository))) - for repo in [CREDENTIAL_KEY_REPOSITORY, FERNET_KEY_REPOSITORY]: - try: - for key_name, key in key_repository[repo].items(): - if int(key_name) > 1: - # after initialization the repository contains the - # staging key (0) and the primary key (1). After - # rotation the repository contains at least one key - # with higher index. - break - else: - # NOTE the charm should only rotate the fernet key - # repostiory and not rotate the credential key repository. - if repo == FERNET_KEY_REPOSITORY: - raise zaza_exceptions.KeystoneKeyRepositoryError( - 'Keys in Fernet key repository has not been ' - 'rotated.') - except KeyError: - raise zaza_exceptions.KeystoneKeyRepositoryError( - 'Dict in leader setting "{}" does not contain key ' - 'repository "{}"'.format(KEY_KEY_REPOSITORY, repo)) - - # get on-disk key repository from all units - on_disk = {} - units = zaza.model.get_units(self.application_name) - for unit in units: - on_disk[unit.entity_id] = {} + # get key repostiroy from leader storage + key_repository = json.loads(juju_utils.leader_get( + self.application_name, KEY_KEY_REPOSITORY)) + # sort keys so we can compare it to on-disk repositories + key_repository = json.loads(json.dumps( + key_repository, sort_keys=True), + object_pairs_hook=collections.OrderedDict) + logging.info('key_repository: "{}"' + .format(pprint.pformat(key_repository))) for repo in [CREDENTIAL_KEY_REPOSITORY, FERNET_KEY_REPOSITORY]: - on_disk[unit.entity_id][repo] = {} - result = zaza.model.run_on_unit( - unit.entity_id, 'sudo ls -1 {}'.format(repo)) - for key_name in result.get('Stdout').split(): - result = zaza.model.run_on_unit( - unit.entity_id, - 'sudo cat {}/{}'.format(repo, key_name)) - on_disk[unit.entity_id][repo][key_name] = result.get( - 'Stdout') - # sort keys so we can compare it to leader storage repositories - on_disk = json.loads( - json.dumps(on_disk, sort_keys=True), - object_pairs_hook=collections.OrderedDict) - logging.info('on_disk: "{}"'.format(pprint.pformat(on_disk))) + try: + for key_name, key in key_repository[repo].items(): + if int(key_name) > 1: + # after initialization the repository contains the + # staging key (0) and the primary key (1). After + # rotation the repository contains at least one key + # with higher index. + break + else: + # NOTE the charm should only rotate the fernet key + # repostiory and not rotate the credential key + # repository. + if repo == FERNET_KEY_REPOSITORY: + raise zaza_exceptions.KeystoneKeyRepositoryError( + 'Keys in Fernet key repository has not been ' + 'rotated.') + except KeyError: + raise zaza_exceptions.KeystoneKeyRepositoryError( + 'Dict in leader setting "{}" does not contain key ' + 'repository "{}"'.format(KEY_KEY_REPOSITORY, repo)) - for unit in units: - unit_repo = on_disk[unit.entity_id] - lead_repo = key_repository - if unit_repo != lead_repo: - raise zaza_exceptions.KeystoneKeyRepositoryError( - 'expect: "{}" actual({}): "{}"' - .format(pprint.pformat(lead_repo), unit.entity_id, - pprint.pformat(unit_repo))) - logging.info('"{}" == "{}"' - .format(pprint.pformat(unit_repo), - pprint.pformat(lead_repo))) + # get on-disk key repository from all units + on_disk = {} + units = zaza.model.get_units(self.application_name) + for unit in units: + on_disk[unit.entity_id] = {} + for repo in [CREDENTIAL_KEY_REPOSITORY, FERNET_KEY_REPOSITORY]: + on_disk[unit.entity_id][repo] = {} + result = zaza.model.run_on_unit( + unit.entity_id, 'sudo ls -1 {}'.format(repo)) + for key_name in result.get('Stdout').split(): + result = zaza.model.run_on_unit( + unit.entity_id, + 'sudo cat {}/{}'.format(repo, key_name)) + on_disk[unit.entity_id][repo][key_name] = result.get( + 'Stdout') + # sort keys so we can compare it to leader storage repositories + on_disk = json.loads( + json.dumps(on_disk, sort_keys=True), + object_pairs_hook=collections.OrderedDict) + logging.info('on_disk: "{}"'.format(pprint.pformat(on_disk))) + + for unit in units: + unit_repo = on_disk[unit.entity_id] + lead_repo = key_repository + if unit_repo != lead_repo: + raise zaza_exceptions.KeystoneKeyRepositoryError( + 'expect: "{}" actual({}): "{}"' + .format(pprint.pformat(lead_repo), unit.entity_id, + pprint.pformat(unit_repo))) + logging.info('"{}" == "{}"' + .format(pprint.pformat(unit_repo), + pprint.pformat(lead_repo))) class AuthenticationAuthorizationTest(BaseKeystoneTest):