Enable all keystone tests for HA

2019-03-13 20:52:06 +00:00
parent cb3ef6ef13
commit 25bdb0ef44
2 changed files with 27 additions and 5 deletions
--- a/zaza/charm_tests/keystone/init.py
+++ b/zaza/charm_tests/keystone/init.py
@@ -33,7 +33,23 @@ class BaseKeystoneTest(test_utils.OpenStackBaseTest):
    def setUpClass(cls):
        """Run class setup for running Keystone charm operation tests."""
        super(BaseKeystoneTest, cls).setUpClass()
+        # Local copy of keystone's CA certificate
+        cls.LOCAL_KEYSTONE_CACERT = "/tmp/keystone_juju_ca_cert.crt"
+        # Check if we are related to Vault TLS certificates
+        cls.tls_rid = zaza.model.get_relation_id(
+            'keystone', 'vault', remote_interface_name='certificates')
+        # Check for VIP
+        cls.vip = (zaza.model.get_application_config('keystone')
+                   .get('vip').get('value'))
        cls.keystone_ips = zaza.model.get_app_ips('keystone')
+        # If we have a VIP set and we are using TLS only check the VIP
+        # If you check the individual IP haproxy may send to a different
+        # back end which leads to mismatched certificates.
+        if cls.vip:
+            if cls.tls_rid:
+                cls.keystone_ips = [cls.vip]
+            else:
+                cls.keystone_ips.append(cls.vip)
        if (openstack_utils.get_os_release() <
                openstack_utils.get_os_release('xenial_queens')):
            cls.default_api_version = '2'
--- a/zaza/charm_tests/keystone/tests.py
+++ b/zaza/charm_tests/keystone/tests.py
@@ -52,17 +52,15 @@ class CharmOperationTest(BaseKeystoneTest):
        This test should run early. It validates that if a VIP is set it is in
        the catalog entry for keystone.
        """
-        vip = (zaza.model.get_application_config('keystone')
-               .get('vip').get('value'))
-        if not vip:
+        if not self.vip:
            # If the vip is not set skip this test.
            return
        endpoint_filter = {'service_type': 'identity',
                           'interface': 'public',
                           'region_name': 'RegionOne'}
        ep = self.admin_keystone_client.session.get_endpoint(**endpoint_filter)
-        assert vip in ep, (
-            "VIP: {} not found in catalog entry: {}".format(vip, ep))
+        assert self.vip in ep, (
+            "VIP: {} not found in catalog entry: {}".format(self.vip, ep))

    def test_pause_resume(self):
        """Run pause and resume tests.
@@ -237,6 +235,10 @@ class AuthenticationAuthorizationTest(BaseKeystoneTest):
                    'OS_USER_DOMAIN_NAME': DEMO_DOMAIN,
                    'OS_DOMAIN_NAME': DEMO_DOMAIN,
                }
+                if self.tls_rid:
+                    openrc['OS_CACERT'] = self.LOCAL_KEYSTONE_CACERT
+                    openrc['OS_AUTH_URL'] = (
+                        openrc['OS_AUTH_URL'].replace('http', 'https'))
                logging.info('keystone IP {}'.format(ip))
                keystone_session = openstack_utils.get_keystone_session(
                    openrc, scope='DOMAIN')
@@ -263,6 +265,10 @@ class AuthenticationAuthorizationTest(BaseKeystoneTest):
        of `token-provider`.
        """
        def _validate_token_data(openrc):
+            if self.tls_rid:
+                openrc['OS_CACERT'] = self.LOCAL_KEYSTONE_CACERT
+                openrc['OS_AUTH_URL'] = (
+                    openrc['OS_AUTH_URL'].replace('http', 'https'))
            keystone_session = openstack_utils.get_keystone_session(
                openrc)
            keystone_client = openstack_utils.get_keystone_session_client(