Merge pull request #1005 from ajkavanagh/feature/test-rotate-service-user-password

Test the keystone rotate-service-user-password action
2023-02-28 15:30:32 -03:00
parent f5f420a1a7 eb4224284f
commit 4c414c25d0
1 changed files with 51 additions and 0 deletions
--- a/zaza/openstack/charm_tests/keystone/tests.py
+++ b/zaza/openstack/charm_tests/keystone/tests.py
@@ -14,6 +14,7 @@

 """Encapsulate keystone testing."""
 import collections
+import configparser
 import json
 import logging
 import pprint
@@ -191,6 +192,56 @@ class CharmOperationTest(BaseKeystoneTest):
        new_passwd = juju_utils.leader_get(self.application_name, ADMIN_PASSWD)
        assert old_passwd != new_passwd

+    def test_rotate_service_user_password(self):
+        """Verify action used to rotate a service user (glance) password."""
+        GLANCE_PASSWD_KEY = "glance_passwd"
+        GLANCE_APP = "glance"
+        GLANCE_CONF_FILE = '/etc/glance/glance-api.conf'
+
+        def _get_password_from_leader():
+            conf = zaza.model.file_contents('glance/leader', GLANCE_CONF_FILE)
+            config = configparser.ConfigParser()
+            config.read_string(conf)
+            return config['keystone_authtoken']['password'].strip()
+
+        # Only do the test if glance is in the model.
+        applications = zaza.model.sync_deployed(self.model_name)
+        if GLANCE_APP not in applications:
+            self.skipTest(
+                '{} is not deployed, so not doing password change'
+                .format(GLANCE_APP))
+        # keep the old password to verify it is changed.
+        old_passwd_leader_storage = juju_utils.leader_get(
+            self.application_name, GLANCE_PASSWD_KEY)
+        old_passwd_conf = _get_password_from_leader()
+
+        # verify that images can be listed.
+        glance_client = openstack_utils.get_glance_session_client(
+            self.admin_keystone_session)
+        glance_client.images.list()
+
+        # run the action to rotate the password.
+        zaza.model.run_action_on_leader(
+            self.application_name,
+            'rotate-service-user-password',
+            action_params={'service-user': 'glance'},
+        )
+
+        # verify that the password has changed
+        new_passwd_leader_storage = juju_utils.leader_get(
+            self.application_name, GLANCE_PASSWD_KEY)
+        new_passwd_conf = _get_password_from_leader()
+        self.assertNotEqual(old_passwd_leader_storage,
+                            new_passwd_leader_storage)
+        self.assertNotEqual(old_passwd_conf,
+                            new_passwd_conf)
+        self.assertEqual(new_passwd_leader_storage, new_passwd_conf)
+
+        # verify that the images can still be listed.
+        glance_client = openstack_utils.get_glance_session_client(
+            self.admin_keystone_session)
+        glance_client.images.list()
+

 class AuthenticationAuthorizationTest(BaseKeystoneTest):
    """Keystone authentication and authorization tests."""