commit 1bccf00ac50d1ad0c398cbdc76af9399fb011acc
author Ievgeniia Zadorozhna <izadorozhna@mirantis.com> Thu Nov 14 18:47:36 2019 +0300
committer Ievgeniia Zadorozhna <izadorozhna@mirantis.com> Wed Nov 20 08:25:32 2019 +0000
tree ffb748e16ab86053212a2a5a6f3726934da2f5ec
parent ea5a9aed561e5f74d6d6c1dc1352fd2bb5e2f324

[Sanity] Added test to check fernet token rotation is consistent

The test checks that /var/lib/keystone/fernet-keys/ directory at ctl*:
* has the same files and same number of files;
* all same files on different ctl* nodes have the same MD5 sum.

When fernet token rotation is not equal on all ctl* nodes and these files
are not consistent, the OpenStack API works unexpectedly and responds with
random 500 HTTP errors for random requests.

Change-Id: I65a26c48060c56e621028575aeff235921b70f79
Related-PROD: #PROD-32322

test_set/cvp-sanity/tests/test_keystone.py

diff --git a/test_set/cvp-sanity/tests/test_keystone.py b/test_set/cvp-sanity/tests/test_keystone.py
new file mode 100644
index 0000000..57b1cab
--- /dev/null
+++ b/test_set/cvp-sanity/tests/test_keystone.py
@@ -0,0 +1,38 @@
+import copy
+import json
+
+import pytest
+
+
+@pytest.mark.smoke
+@pytest.mark.usefixtures('check_openstack')
+def test_fernet_token_consistency(local_salt_client):
+    """
+    The test checks that /var/lib/keystone/fernet-keys/ directory at ctl*:
+    * has the same files and same number of files;
+    * all same files on different ctl* nodes have the same MD5 sum.
+
+    When fernet token rotation is not equal on all ctl* nodes and these files
+    are not consistent, the OpenStack API works unexpectedly and responds with
+    random 500 HTTP errors for random requests.
+    """
+    fernet_keys_files = local_salt_client.cmd(
+        tgt='keystone:server',
+        param='ls -1 /var/lib/keystone/fernet-keys/',
+        expr_form='pillar')
+    for k in fernet_keys_files:
+        fernet_keys_files[k] = fernet_keys_files[k].replace('\n', ', ')
+    assert len(set(fernet_keys_files.values())) == 1, (
+        "Fernet keys files are not equal on all nodes, please check "
+        "/var/lib/keystone/fernet-keys/ at all ctl* nodes: {}".format(
+            json.dumps(fernet_keys_files, indent=4)))
+
+    md5sums = local_salt_client.cmd(
+        tgt='keystone:server',
+        param='md5sum /var/lib/keystone/fernet-keys/*',
+        expr_form='pillar')
+    md5sums_print = copy.deepcopy(md5sums)
+    for k in md5sums_print: md5sums_print[k] = md5sums_print[k].split('\n')
+    assert len(set(md5sums.values())) == 1, (
+        "Fernet keys files are not consistent - MD5 sums are not equal on "
+        "all ctl* nodes: {}".format(json.dumps(md5sums_print, indent=4)))