Allow to pass --insecure options into VMs
currently Heat tests have troubles running when self-signed SSL CA is
used on public Heat API and standard upstream images (Cirros, Ubuntu)
are used as those lack trust to those CA - example is DevStack
with tls-proxy service enabled.
A workaround is to set [clients_heat]insecure=True, but that is
not really a production-ready setting, and does not work for CFN-style
signaling, only for WaitConditions.
Instead, this patch adds an extra config option
`vm_to_heat_api_insecure` (defaults to False), and when enabled tests will
pass the correct option to the curl or cfn-signal commands running from
instance's user data via new parameters that test templates are now
accepting.
Change-Id: I94a82caf1fcb6999151ff1e6fbbe1e2ba211bbb9
diff --git a/heat_tempest_plugin/config.py b/heat_tempest_plugin/config.py
index c30981c..d572340 100644
--- a/heat_tempest_plugin/config.py
+++ b/heat_tempest_plugin/config.py
@@ -162,6 +162,11 @@
cfg.StrOpt('credential_secret_id',
help="Barbican secret id which storing cloud credential in "
"remote site."),
+ cfg.BoolOpt('vm_to_heat_api_insecure',
+ default=False,
+ help="Set this to True if VM images used for tests "
+ "can not verify a (self-signed) SSL certificate "
+ "of public Heat endpoint."),
]
heat_features_group = cfg.OptGroup(
diff --git a/heat_tempest_plugin/tests/functional/test_os_wait_condition.py b/heat_tempest_plugin/tests/functional/test_os_wait_condition.py
index bb8513a..bb069c2 100644
--- a/heat_tempest_plugin/tests/functional/test_os_wait_condition.py
+++ b/heat_tempest_plugin/tests/functional/test_os_wait_condition.py
@@ -29,6 +29,9 @@
timeout:
type: number
default: 60
+ wc_extra_args:
+ type: string
+ default: ""
resources:
instance1:
type: OS::Nova::Server
@@ -72,7 +75,10 @@
'
params:
wc_notify:
- get_attr: [wait_handle, curl_cli]
+ list_join:
+ - " "
+ - [ get_attr: [ wait_handle, curl_cli],
+ get_param: wc_extra_args ]
wait_condition:
type: OS::Heat::WaitCondition
@@ -107,4 +113,6 @@
'image': self.conf.minimal_image_ref,
'network': self.conf.fixed_network_name,
'timeout': 180}
+ if self.conf.vm_to_heat_api_insecure:
+ params['wc_extra_args'] = '--insecure'
self.stack_create(template=self.template, parameters=params)
diff --git a/heat_tempest_plugin/tests/scenario/templates/app_server_lbv2_neutron.yaml b/heat_tempest_plugin/tests/scenario/templates/app_server_lbv2_neutron.yaml
index f750a98..ca4117b 100644
--- a/heat_tempest_plugin/tests/scenario/templates/app_server_lbv2_neutron.yaml
+++ b/heat_tempest_plugin/tests/scenario/templates/app_server_lbv2_neutron.yaml
@@ -29,13 +29,20 @@
subnet:
type: string
+ wc_extra_args:
+ type: string
+ default: ""
+
resources:
config:
type: OS::Test::WebAppConfig
properties:
app_port: { get_param: app_port }
- wc_curl_cli: { get_attr: [ handle, curl_cli ] }
+ wc_curl_cli:
+ list_join:
+ - " "
+ - [ get_attr: [ handle, curl_cli ], get_param: wc_extra_args ]
server:
type: OS::Nova::Server
diff --git a/heat_tempest_plugin/tests/scenario/templates/app_server_neutron.yaml b/heat_tempest_plugin/tests/scenario/templates/app_server_neutron.yaml
index 9cbf82a..c098ff9 100644
--- a/heat_tempest_plugin/tests/scenario/templates/app_server_neutron.yaml
+++ b/heat_tempest_plugin/tests/scenario/templates/app_server_neutron.yaml
@@ -26,13 +26,20 @@
timeout:
type: number
+ wc_extra_args:
+ type: string
+ default: ""
+
resources:
config:
type: OS::Test::WebAppConfig
properties:
app_port: { get_param: app_port }
- wc_curl_cli: { get_attr: [ handle, curl_cli ] }
+ wc_curl_cli:
+ list_join:
+ - " "
+ - [ get_attr: [ handle, curl_cli ], get_param: wc_extra_args ]
server:
type: OS::Nova::Server
diff --git a/heat_tempest_plugin/tests/scenario/templates/test_autoscaling_lb_neutron.yaml b/heat_tempest_plugin/tests/scenario/templates/test_autoscaling_lb_neutron.yaml
index d47e787..033581a 100644
--- a/heat_tempest_plugin/tests/scenario/templates/test_autoscaling_lb_neutron.yaml
+++ b/heat_tempest_plugin/tests/scenario/templates/test_autoscaling_lb_neutron.yaml
@@ -27,6 +27,9 @@
timeout:
type: number
default: 600
+ wc_extra_args:
+ type: string
+ default: ""
resources:
@@ -55,6 +58,7 @@
app_port: { get_param: app_port }
pool_id: { get_resource: pool }
timeout: { get_param: timeout }
+ wc_extra_args: { get_param: wc_extra_args }
scale_up:
type: OS::Heat::ScalingPolicy
diff --git a/heat_tempest_plugin/tests/scenario/templates/test_autoscaling_lbv2_neutron.yaml b/heat_tempest_plugin/tests/scenario/templates/test_autoscaling_lbv2_neutron.yaml
index 4702366..a26f7f7 100644
--- a/heat_tempest_plugin/tests/scenario/templates/test_autoscaling_lbv2_neutron.yaml
+++ b/heat_tempest_plugin/tests/scenario/templates/test_autoscaling_lbv2_neutron.yaml
@@ -27,6 +27,9 @@
timeout:
type: number
default: 600
+ wc_extra_args:
+ type: string
+ default: ""
resources:
@@ -56,6 +59,7 @@
pool: { get_resource: pool }
subnet: { get_param: subnet }
timeout: { get_param: timeout }
+ wc_extra_args: { get_param: wc_extra_args }
scale_up:
type: OS::Heat::ScalingPolicy
diff --git a/heat_tempest_plugin/tests/scenario/templates/test_server_cfn_init.yaml b/heat_tempest_plugin/tests/scenario/templates/test_server_cfn_init.yaml
index ccd9bd1..237ac55 100644
--- a/heat_tempest_plugin/tests/scenario/templates/test_server_cfn_init.yaml
+++ b/heat_tempest_plugin/tests/scenario/templates/test_server_cfn_init.yaml
@@ -13,6 +13,9 @@
Type: String
timeout:
Type: Number
+ SignalExtraArgs:
+ Type: String
+ Default: ""
Resources:
CfnUser:
Type: AWS::IAM::User
@@ -69,10 +72,11 @@
UserData:
Fn::Replace:
- WaitHandle: {Ref: WaitHandle}
+ SignalExtraArgs: {Ref: SignalExtraArgs}
- |
#!/bin/bash -v
/usr/bin/cfn-init
- /usr/bin/cfn-signal -e 0 --data "`cat /tmp/smoke-status`" \
+ /usr/bin/cfn-signal SignalExtraArgs -e 0 --data "`cat /tmp/smoke-status`" \
--id smoke_status "WaitHandle"
WaitHandle:
Type: AWS::CloudFormation::WaitConditionHandle
diff --git a/heat_tempest_plugin/tests/scenario/templates/test_server_signal.yaml b/heat_tempest_plugin/tests/scenario/templates/test_server_signal.yaml
index 4466a5e..4556a2f 100644
--- a/heat_tempest_plugin/tests/scenario/templates/test_server_signal.yaml
+++ b/heat_tempest_plugin/tests/scenario/templates/test_server_signal.yaml
@@ -26,6 +26,9 @@
user_data_format:
type: string
default: RAW
+ wc_extra_args:
+ type: string
+ default: ""
resources:
sg:
type: OS::Neutron::SecurityGroup
@@ -86,7 +89,10 @@
#!/bin/sh
wc_notify --data-binary '{"status": "SUCCESS", "data": "test complete"}'
params:
- wc_notify: { get_attr: ['wait_handle', 'curl_cli'] }
+ wc_notify:
+ list_join:
+ - " "
+ - [ get_attr: ['wait_handle', 'curl_cli'], get_param: wc_extra_args ]
server_floating_ip_assoc:
type: OS::Neutron::FloatingIPAssociation
diff --git a/heat_tempest_plugin/tests/scenario/templates/test_volumes_create_from_backup.yaml b/heat_tempest_plugin/tests/scenario/templates/test_volumes_create_from_backup.yaml
index ab1edf8..bc288f7 100644
--- a/heat_tempest_plugin/tests/scenario/templates/test_volumes_create_from_backup.yaml
+++ b/heat_tempest_plugin/tests/scenario/templates/test_volumes_create_from_backup.yaml
@@ -39,6 +39,11 @@
description: Description of volume
default: A volume description
+ wc_extra_args:
+ type: string
+ description: extra options to add to CURL command
+ default: ""
+
resources:
volume:
type: OS::Cinder::Volume
@@ -77,14 +82,15 @@
then
mount /dev/dev_name /mnt
TESTDATA=$(cat /mnt/testfile)
- curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "SUCCESS", "Reason": "Test Complete", "Data": "Volume Data:'$TESTDATA'", "UniqueId": "instance1"}' "wc_url"
+ curl wc_extra_args -X PUT -H 'Content-Type:' --data-binary '{"Status": "SUCCESS", "Reason": "Test Complete", "Data": "Volume Data:'$TESTDATA'", "UniqueId": "instance1"}' "wc_url"
else
- curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "Test Failed", "Data": "Expected device dev_name not found.", "UniqueId": "instance1"}' "wc_url"
+ curl wc_extra_args -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "Test Failed", "Data": "Expected device dev_name not found.", "UniqueId": "instance1"}' "wc_url"
fi
params:
wc_url: { get_resource: wait_handle }
dev_name: { get_param: dev_name }
rescan_timeout: { get_param: rescan_timeout }
+ wc_extra_args: { get_param: wc_extra_args }
wait_handle:
type: OS::Heat::UpdateWaitConditionHandle
diff --git a/heat_tempest_plugin/tests/scenario/templates/test_volumes_delete_snapshot.yaml b/heat_tempest_plugin/tests/scenario/templates/test_volumes_delete_snapshot.yaml
index 3893b52..b383220 100644
--- a/heat_tempest_plugin/tests/scenario/templates/test_volumes_delete_snapshot.yaml
+++ b/heat_tempest_plugin/tests/scenario/templates/test_volumes_delete_snapshot.yaml
@@ -45,6 +45,11 @@
description: Size of volume
default: 1
+ wc_extra_args:
+ type: string
+ description: extra options to add to CURL command
+ default: ""
+
resources:
volume:
deletion_policy: 'Snapshot'
@@ -86,15 +91,16 @@
mount /dev/dev_name /mnt
echo "test_string" > /mnt/testfile
umount /mnt
- curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "SUCCESS", "Reason": "Test Complete", "Data": "Completed volume configuration.", "UniqueId": "instance1"}' "wc_url"
+ curl wc_extra_args -X PUT -H 'Content-Type:' --data-binary '{"Status": "SUCCESS", "Reason": "Test Complete", "Data": "Completed volume configuration.", "UniqueId": "instance1"}' "wc_url"
else
- curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "Test Failed", "Data": "Expected device dev_name not found.", "UniqueId": "instance1"}' "wc_url"
+ curl wc_extra_args -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "Test Failed", "Data": "Expected device dev_name not found.", "UniqueId": "instance1"}' "wc_url"
fi
params:
wc_url: { get_resource: wait_handle }
dev_name: { get_param: dev_name }
rescan_timeout: { get_param: rescan_timeout }
test_string: { get_param: test_string }
+ wc_extra_args: { get_param: wc_extra_args }
wait_handle:
type: OS::Heat::UpdateWaitConditionHandle
diff --git a/heat_tempest_plugin/tests/scenario/test_autoscaling_lb.py b/heat_tempest_plugin/tests/scenario/test_autoscaling_lb.py
index 23e27c7..3323bc5 100644
--- a/heat_tempest_plugin/tests/scenario/test_autoscaling_lb.py
+++ b/heat_tempest_plugin/tests/scenario/test_autoscaling_lb.py
@@ -74,6 +74,8 @@
'lb_port': 80,
'timeout': 600
}
+ if self.conf.vm_to_heat_api_insecure:
+ parameters['wc_extra_args'] = '--insecure'
app_server_template = self._load_template(
__file__, self.app_server_template_name, self.sub_dir
diff --git a/heat_tempest_plugin/tests/scenario/test_autoscaling_lbv2.py b/heat_tempest_plugin/tests/scenario/test_autoscaling_lbv2.py
index c3bda78..eee1fbc 100644
--- a/heat_tempest_plugin/tests/scenario/test_autoscaling_lbv2.py
+++ b/heat_tempest_plugin/tests/scenario/test_autoscaling_lbv2.py
@@ -73,6 +73,8 @@
'subnet': self.conf.fixed_subnet_name,
'public_net': self.conf.floating_network_name
}
+ if self.conf.vm_to_heat_api_insecure:
+ parameters['wc_extra_args'] = '--insecure'
app_server_template = self._load_template(
__file__, self.app_server_template_name, self.sub_dir
diff --git a/heat_tempest_plugin/tests/scenario/test_server_cfn_init.py b/heat_tempest_plugin/tests/scenario/test_server_cfn_init.py
index 963d1ad..817e8c6 100644
--- a/heat_tempest_plugin/tests/scenario/test_server_cfn_init.py
+++ b/heat_tempest_plugin/tests/scenario/test_server_cfn_init.py
@@ -113,6 +113,8 @@
'timeout': self.conf.build_timeout,
'subnet': self.net['subnets'][0],
}
+ if self.conf.vm_to_heat_api_insecure:
+ parameters['SignalExtraArgs'] = '--insecure'
# Launch stack
stack_id = self.launch_stack(
diff --git a/heat_tempest_plugin/tests/scenario/test_server_signal.py b/heat_tempest_plugin/tests/scenario/test_server_signal.py
index 1823087..167dfa0 100644
--- a/heat_tempest_plugin/tests/scenario/test_server_signal.py
+++ b/heat_tempest_plugin/tests/scenario/test_server_signal.py
@@ -33,7 +33,8 @@
'timeout': self.conf.build_timeout,
'user_data_format': user_data_format
}
-
+ if self.conf.vm_to_heat_api_insecure:
+ parameters['wc_extra_args'] = '--insecure'
# Launch stack
sid = self.launch_stack(
template_name="test_server_signal.yaml",
diff --git a/heat_tempest_plugin/tests/scenario/test_volumes.py b/heat_tempest_plugin/tests/scenario/test_volumes.py
index 7dfa8bf..732213c 100644
--- a/heat_tempest_plugin/tests/scenario/test_volumes.py
+++ b/heat_tempest_plugin/tests/scenario/test_volumes.py
@@ -121,7 +121,8 @@
'timeout': self.conf.build_timeout,
'network': self.net['id']
}
-
+ if self.conf.vm_to_heat_api_insecure:
+ parameters['wc_extra_args'] = '--insecure'
# Launch stack
stack_id = self.launch_stack(
template_name='test_volumes_delete_snapshot.yaml',