Add Kitchen tests
Change-Id: Ieff6641e77179139365db01bc70c7371a31ae390
diff --git a/.kitchen.docker.yml b/.kitchen.docker.yml
deleted file mode 100644
index 7334571..0000000
--- a/.kitchen.docker.yml
+++ /dev/null
@@ -1,43 +0,0 @@
----
-driver:
- name: docker
- hostname: barbican.ci.local
- use_sudo: false
-
-provisioner:
- name: salt_solo
- salt_install: bootstrap
- salt_bootstrap_url: https://bootstrap.saltstack.com
- salt_version: latest
- require_chef: false
- log_level: error
- formula: barbican
- grains:
- noservices: True
- state_top:
- base:
- "*":
- - barbican
- pillars:
- top.sls:
- base:
- "*":
- - barbican
-
-verifier:
- name: inspec
- sudo: true
-
-
-platforms:
- - name: <%=ENV['PLATFORM'] || 'ubuntu-xenial'%>
- driver_config:
- image: <%=ENV['PLATFORM'] || 'trevorj/salty-whales:xenial'%>
- platform: ubuntu
-
-suites:
- - name: default
- # provisioner:
- # pillars-from-files:
- # barbican.sls: tests/pillar/default.sls
-# vim: ft=yaml sw=2 ts=2 sts=2 tw=125
diff --git a/.kitchen.yml b/.kitchen.yml
new file mode 100644
index 0000000..0aef785
--- /dev/null
+++ b/.kitchen.yml
@@ -0,0 +1,53 @@
+---
+driver:
+ name: docker
+ hostname: barbican.ci.local
+ use_sudo: false
+
+provisioner:
+ name: salt_solo
+ salt_install: bootstrap
+ salt_bootstrap_url: https://bootstrap.saltstack.com
+ salt_version: latest
+ require_chef: false
+ log_level: error
+ formula: barbican
+ grains:
+ noservices: True
+ state_top:
+ base:
+ "*":
+ - barbican
+ pillars:
+ top.sls:
+ base:
+ "*":
+ - barbican
+
+verifier:
+ name: inspec
+ sudo: true
+
+
+platforms:
+ - name: <%=ENV['PLATFORM'] || 'ubuntu-xenial-2017.7'%>
+ driver_config:
+ image: <%=ENV['PLATFORM'] || 'trevorj/salty-whales:xenial-2017.7'%>
+ platform: ubuntu
+
+suites:
+ - name: ssl
+ provisioner:
+ pillars-from-files:
+ barbican.sls: tests/pillar/ssl.sls
+
+ - name: control_single
+ provisioner:
+ pillars-from-files:
+ barbican.sls: tests/pillar/control_single.sls
+
+ - name: control_cluster
+ provisioner:
+ pillars-from-files:
+ barbican.sls: tests/pillar/control_cluster.sls
+# vim: ft=yaml sw=2 ts=2 sts=2 tw=125
diff --git a/.travis.yml b/.travis.yml
index 7a77247..f13f079 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -17,15 +17,20 @@
- bundle install
env:
- - PLATFORM=trevorj/salty-whales:trusty
- - PLATFORM=trevorj/salty-whales:xenial
+ - PLATFORM=trevorj/salty-whales:trusty-2017.7 SUITE=ssl
+ - PLATFORM=trevorj/salty-whales:xenial-2017.7 SUITE=ssl
+ - PLATFORM=trevorj/salty-whales:trusty-2017.7 SUITE=control-single
+ - PLATFORM=trevorj/salty-whales:xenial-2017.7 SUITE=control-single
+ - PLATFORM=trevorj/salty-whales:trusty-2017.7 SUITE=control-cluster
+ - PLATFORM=trevorj/salty-whales:xenial-2017.7 SUITE=control-cluster
before_script:
- set -o pipefail
- make test | tail
script:
- - test ! -e .kitchen.yml || bundle exec kitchen test -t tests/integration
+ - test ! -e .kitchen.yml || bundle exec kitchen converge ${SUITE} || true
+ - test ! -e .kitchen.yml || bundle exec kitchen verify ${SUITE} -t tests/integration
notifications:
webhooks:
diff --git a/barbican/server.sls b/barbican/server.sls
index ad2adce..ce05b71 100644
--- a/barbican/server.sls
+++ b/barbican/server.sls
@@ -47,6 +47,9 @@
service.running:
- enable: true
- name: apache2
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
- watch:
- file: /etc/barbican/barbican.conf
- file: /etc/apache2/sites-available/barbican-api.conf
@@ -55,6 +58,9 @@
service.running:
- names: {{ server.services }}
- enable: true
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
- watch:
- file: /etc/barbican/barbican.conf
@@ -64,6 +70,9 @@
- names:
- barbican-worker
- enable: true
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
- watch:
- file: /etc/barbican/barbican.conf
{%- else %}
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index 0a94c8e..b5fc183 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -85,3 +85,7 @@
port: 11211
- host: 10.10.10.12
port: 11211
+apache:
+ server:
+ enabled: true
+ default_mpm: event
\ No newline at end of file
diff --git a/tests/pillar/single.yml b/tests/pillar/single.yml
deleted file mode 100644
index 76fe8c1..0000000
--- a/tests/pillar/single.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-barbican:
- server:
- enabled: true
- bind:
- address: 0.0.0.0
diff --git a/tests/pillar/ssl.sls b/tests/pillar/ssl.sls
index a7e6d33..4a067f5 100644
--- a/tests/pillar/ssl.sls
+++ b/tests/pillar/ssl.sls
@@ -1,9 +1,84 @@
-include:
- - .control_single
-
barbican:
server:
+ enabled: true
+ version: ocata
+ host_href: ''
+ is_proxied: true
+ dogtag_admin_cert:
+ engine: manual
+ key: 'some dogtag key'
+ plugin:
+ simple_crypto:
+ kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY="
+ p11_crypto:
+ library_path: '/usr/lib/libCryptoki2_64.so'
+ login: 'mypassword'
+ mkek_label: 'an_mkek'
+ mkek_length: 32
+ hmac_label: 'my_hmac_label'
+ kmip:
+ username: 'admin'
+ password: 'password'
+ host: localhost
+ port: 5696
+ keyfile: '/path/to/certs/cert.key'
+ certfile: '/path/to/certs/cert.crt'
+ ca_certs: '/path/to/certs/LocalCA.crt'
+ dogtag:
+ pem_path: '/etc/barbican/kra_admin_cert.pem'
+ dogtag_host: localhost
+ dogtag_port: 8443
+ nss_db_path: '/etc/barbican/alias'
+ nss_db_path_ca: '/etc/barbican/alias-ca'
+ nss_password: 'password123'
+ simple_cmc_profile: 'caOtherCert'
+ ca_expiration_time: 1
+ plugin_working_dir: '/etc/barbican/dogtag'
+ store:
+ software:
+ crypto_plugin: simple_crypto
+ store_plugin: store_crypto
+ global_default: True
+ kmip:
+ store_plugin: kmip_plugin
+ dogtag:
+ store_plugin: dogtag_crypto
+ pkcs11:
+ store_plugin: store_crypto
+ crypto_plugin: p11_crypto
+ database:
+ engine: "mysql+pymysql"
+ host: 10.0.106.20
+ port: 3306
+ name: barbican
+ user: barbican
+ password: password
+ ssl:
+ enabled: True
+ bind:
+ address: 10.0.106.20
+ port: 9311
+ admin_port: 9312
+ identity:
+ engine: keystone
+ host: 10.0.106.20
+ port: 35357
+ domain: default
+ tenant: service
+ user: barbican
+ password: password
message_queue:
+ engine: rabbitmq
+ user: openstack
+ password: password
+ virtual_host: '/openstack'
+ members:
+ - host: 10.10.10.10
+ port: 5672
+ - host: 10.10.10.11
+ port: 5672
+ - host: 10.10.10.12
+ port: 5672
port: 5671
ssl:
# Case #1: specify cacert file and ca cert body explicitly
@@ -44,7 +119,11 @@
V0MAVuww51/1DqirRG6Ge/3Sw44eDZID22jjCwLrDH0GSX76cDTe6Bx/WS0Wg7y/
/86PB1o=
-----END CERTIFICATE-----
- database:
- # Case #2: use defaults - system wide installed CA certs
- ssl:
- enabled: True
+ cache:
+ members:
+ - host: 10.10.10.10
+ port: 11211
+ - host: 10.10.10.11
+ port: 11211
+ - host: 10.10.10.12
+ port: 11211