From 28db85e06ce6b0080f3ddf80df6d442633256f1a Mon Sep 17 00:00:00 2001 From: Alex Kavanagh Date: Wed, 20 Nov 2019 17:21:57 +0000 Subject: [PATCH] Fix more policyd tests so that they can work o-s dashboard The difference in how openstack-dashboard and every other service uses policies continues to create special cases. This set of fixes deals with some more of those differences. --- .../charm_tests/openstack_dashboard/tests.py | 33 +++++++++++++++---- zaza/openstack/charm_tests/policyd/tests.py | 33 +++++++++++++------ 2 files changed, 49 insertions(+), 17 deletions(-) diff --git a/zaza/openstack/charm_tests/openstack_dashboard/tests.py b/zaza/openstack/charm_tests/openstack_dashboard/tests.py index dd37080..991733f 100644 --- a/zaza/openstack/charm_tests/openstack_dashboard/tests.py +++ b/zaza/openstack/charm_tests/openstack_dashboard/tests.py @@ -14,6 +14,7 @@ """Encapsulate horizon (openstack-dashboard) charm testing.""" +import http.client import logging import requests import tenacity @@ -315,18 +316,29 @@ class OpenStackDashboardTests(test_utils.OpenStackBaseTest): logging.debug('Maybe enabling hardening for apache...') _app_config = zaza_model.get_application_config(self.application_name) logging.info(_app_config['harden']) + + # NOTE(ajkavanagh): it seems that apache2 doesn't start quickly enough + # for the test, and so it gets reset errors; repeat until either that + # stops or there is a failure + @tenacity.retry(wait=tenacity.wait_exponential(multiplier=1, + min=5, max=10), + retry=tenacity.retry_if_exception_type( + http.client.RemoteDisconnected), + reraise=True) + def _do_request(): + return urllib.request.urlopen('http://{}/server-status' + .format(dashboard_ip)) + with self.config_change( {'harden': _app_config['harden'].get('value', '')}, {'harden': 'apache'}): try: - urllib.request.urlopen('http://{}/server-status' - .format(dashboard_ip)) + _do_request() except urllib.request.HTTPError as e: - if e.code == 404: - return - # test failed if it didn't return 404 - msg = "Apache mod_status check failed." - assert False, msg + # test failed if it didn't return 404 + msg = "Apache mod_status check failed." + self.assertEqual(e.code, 404, msg) + logging.info('OK') def test_501_security_checklist_action(self): """Verify expected result on a default install. @@ -386,6 +398,13 @@ class OpenStackDashboardTests(test_utils.OpenStackBaseTest): class OpenStackDashboardPolicydTests(policyd.BasePolicydSpecialization): """Test the policyd override using the dashboard.""" + good = { + "identity/file1.yaml": "{'rule1': '!'}" + } + bad = { + "identity/file2.yaml": "{'rule': '!}" + } + path_infix = "keystone_policy.d" _rule = {'identity/rule.yaml': yaml.dump({ 'identity:list_domains': '!', 'identity:get_domain': '!', diff --git a/zaza/openstack/charm_tests/policyd/tests.py b/zaza/openstack/charm_tests/policyd/tests.py index e469458..d65c7b3 100644 --- a/zaza/openstack/charm_tests/policyd/tests.py +++ b/zaza/openstack/charm_tests/policyd/tests.py @@ -62,6 +62,13 @@ class PolicydTest(object): policyd: service: keystone """ + good = { + "file1.yaml": "{'rule1': '!'}" + } + bad = { + "file2.yaml": "{'rule': '!}" + } + path_infix = "" @classmethod def setUpClass(cls, application_name=None): @@ -115,9 +122,7 @@ class PolicydTest(object): def test_001_policyd_good_yaml(self): """Test that the policyd with a good zipped yaml file.""" - good = { - 'file1.yaml': "{'rule1': '!'}" - } + good = self.good good_zip_path = self._make_zip_file_from('good.zip', good) logging.info("Attaching good zip file as a resource.") zaza_model.attach_resource(self.application_name, @@ -127,8 +132,13 @@ class PolicydTest(object): logging.debug("Now setting config to true") self._set_config(True) # check that the file gets to the right location - path = os.path.join( - "/etc", self._service_name, "policy.d", 'file1.yaml') + if self.path_infix: + path = os.path.join( + "/etc", self._service_name, "policy.d", self.path_infix, + 'file1.yaml') + else: + path = os.path.join( + "/etc", self._service_name, "policy.d", 'file1.yaml') logging.info("Now checking for file contents: {}".format(path)) zaza_model.block_until_file_has_contents(self.application_name, path, @@ -162,9 +172,7 @@ class PolicydTest(object): def test_002_policyd_bad_yaml(self): """Test bad yaml file in the zip file is handled.""" - bad = { - "file2.yaml": "{'rule': '!}" - } + bad = self.bad bad_zip_path = self._make_zip_file_from('bad.zip', bad) logging.info("Attaching bad zip file as a resource") zaza_model.attach_resource(self.application_name, @@ -182,8 +190,13 @@ class PolicydTest(object): logging.debug("App status is valid for broken yaml file") zaza_model.block_until_all_units_idle() # now verify that no file got landed on the machine - path = os.path.join( - "/etc", self._service_name, "policy.d", 'file2.yaml') + if self.path_infix: + path = os.path.join( + "/etc", self._service_name, "policy.d", self.path_infix, + 'file2.yaml') + else: + path = os.path.join( + "/etc", self._service_name, "policy.d", 'file2.yaml') logging.info("Now checking that file {} is not present.".format(path)) zaza_model.block_until_file_missing(self.application_name, path) self._set_config(False)