diff --git a/zaza/openstack/charm_tests/ceph/tests.py b/zaza/openstack/charm_tests/ceph/tests.py index 10294d6..4762d5e 100644 --- a/zaza/openstack/charm_tests/ceph/tests.py +++ b/zaza/openstack/charm_tests/ceph/tests.py @@ -1753,6 +1753,20 @@ class CephMonJujuPersistent(test_utils.BaseCharmTest): class CephMonKeyRotationTests(test_utils.BaseCharmTest): """Tests for the rotate-key action.""" + def setUp(self): + """Initialize key rotation test class.""" + super(CephMonKeyRotationTests, self).setUp() + try: + # Workaround for ubuntu units that don't play nicely with zaza. + zaza_model.get_application('ubuntu') + self.app_states = { + 'ubuntu': { + 'workload-status-message': '' + } + } + except KeyError: + self.app_states = None + def _get_all_keys(self, unit, entity_filter): cmd = 'sudo ceph auth ls' result = zaza_model.run_on_unit(unit, cmd) @@ -1781,7 +1795,7 @@ class CephMonKeyRotationTests(test_utils.BaseCharmTest): action_params={'entity': entity} ) zaza_utils.assertActionRanOK(action_obj) - zaza_model.wait_for_application_states() + zaza_model.wait_for_application_states(states=self.app_states) new_keys = self._get_all_keys(unit, entity_filter) self.assertNotEqual(old_keys, new_keys) diff = new_keys - old_keys @@ -1798,6 +1812,13 @@ class CephMonKeyRotationTests(test_utils.BaseCharmTest): return None return next(iter(ret))[0] + def _get_fs_client(self, unit): + ret = self._get_all_keys(unit, lambda x: (x.startswith('mds.') and + x != 'mds.ceph-fs')) + if not ret: + return None + return next(iter(ret))[0] + def test_key_rotate(self): """Test that rotating the keys actually changes them.""" unit = 'ceph-mon/0' @@ -1813,3 +1834,16 @@ class CephMonKeyRotationTests(test_utils.BaseCharmTest): logging.info('ceph-radosgw units present, but no RGW service') except KeyError: pass + + try: + zaza_model.get_application('ceph-fs') + fs_svc = self._get_fs_client(unit) + if fs_svc is not None: + # Only wait for ceph-fs, as this model includes 'ubuntu' + # units, and those don't play nice with zaza (they don't + # set the workload-status-message correctly). + self._check_key_rotation(fs_svc, unit) + else: + logging.info('ceph-fs units present, but no MDS service') + except KeyError: + pass diff --git a/zaza/openstack/charm_tests/cinder/tests.py b/zaza/openstack/charm_tests/cinder/tests.py index 421d306..7668127 100644 --- a/zaza/openstack/charm_tests/cinder/tests.py +++ b/zaza/openstack/charm_tests/cinder/tests.py @@ -305,6 +305,46 @@ class CinderTests(test_utils.OpenStackBaseTest): 'lsblk -sn -o SIZE /dev/vdb', privkey=privkey, verify=verify) + def test_300_apipaste_includes_audit_section(self): + """Test api-paste.ini renders audit section when enabled.""" + service_name = 'cinder' + api_paste_ini_path = f"/etc/{service_name}/api-paste.ini" + expected_content = [ + "[filter:audit]", + "paste.filter_factory = keystonemiddleware.audit:filter_factory", + f"audit_map_file = /etc/{service_name}/api_audit_map.conf", + f"service_name = {service_name}" + ] + + set_default = {'audit-middleware': False} + set_alternate = {'audit-middleware': True} + + with self.config_change(set_default, set_alternate): + try: + api_paste_content = zaza.model.file_contents( + self.lead_unit, + api_paste_ini_path, + ) + except Exception as e: + self.fail("Error fetching api-paste.ini: {}".format(str(e))) + for line in expected_content: + self.assertIn(line, api_paste_content) + + def test_301_apipaste_excludes_audit_section(self): + """Test api_paste.ini does not render audit section when disabled.""" + service_name = 'cinder' + section_heading = '[filter:audit]' + api_paste_ini_path = f"/etc/{service_name}/api-paste.ini" + + try: + api_paste_content = zaza.model.file_contents( + self.lead_unit, + api_paste_ini_path + ) + except Exception as e: + self.fail("Error fetching api-paste.ini: {}".format(str(e))) + self.assertNotIn(section_heading, api_paste_content) + @property def services(self): """Return a list services for the selected OpenStack release."""