From 7e626bcf8606c9026df7f5cefde01e5c88808cef Mon Sep 17 00:00:00 2001 From: Alex Kavanagh Date: Tue, 21 Feb 2023 11:53:00 +0000 Subject: [PATCH] Test the keystone rotate-service-user-password action This test, added as part of the default keystone tests, tests that the service user password can be rotated for the glance application. --- zaza/openstack/charm_tests/keystone/tests.py | 33 ++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/zaza/openstack/charm_tests/keystone/tests.py b/zaza/openstack/charm_tests/keystone/tests.py index 8fd06e3..502296d 100644 --- a/zaza/openstack/charm_tests/keystone/tests.py +++ b/zaza/openstack/charm_tests/keystone/tests.py @@ -191,6 +191,39 @@ class CharmOperationTest(BaseKeystoneTest): new_passwd = juju_utils.leader_get(self.application_name, ADMIN_PASSWD) assert old_passwd != new_passwd + def test_rotate_service_user_password(self): + """Verify action used to rotate a service user (glance) password.""" + GLANCE_PASSWD_KEY = "glance_passwd" + GLANCE_APP = "glance" + + # Only do the test if glance is in the model. + applications = juju_utils.sync_deployed(self.model_name) + if GLANCE_APP not in applications: + self.skipTest( + '{} is not deployed, so not doing password change' + .format(GLANCE_APP)) + # keep the old password to verify it is changed. + old_passwd = juju_utils.leader_get(GLANCE_APP, GLANCE_PASSWD_KEY) + + # verify that images can be listed. + glance_client = openstack_utils.get_glance_session_client(self.admin_keystone_session) + glance_client.images.list() + + # run the action to rotate the password. + zaza.model.run_action_on_leader( + self.application_name, + 'rotate-service-user-password', + action_params={'service-user': 'glance'}, + ) + + # verify that the password has changed + new_passwd = juju_utils.leader_get(GLANCE_APP, GLANCE_PASSWD_KEY) + self.assertNotEqual(old_passwd, new_passwd) + + # verify that the images can still be listed. + glance_client = openstack_utils.get_glance_session_client(self.admin_keystone_session) + glance_client.images.list() + class AuthenticationAuthorizationTest(BaseKeystoneTest): """Keystone authentication and authorization tests."""