Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / keystone / 205a1c6a25ec7eb60edfc3ad33e3e41d0382fba1 / . / tests / integration / rocky / single / config_spec.rb
blob: e05e89f8226c54d85c3ac3b58859dda759fd3e8a [file] [log] [blame]
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]1ssl_enabled = attribute('ssl', default: false)
2
3keystone_default_ssl = {
4 'conn_pool_min_size' => '2',
5 'conn_pool_ttl' => '1200',
6 'control_exchange' => 'openstack',
7 'debug' => 'True',
8 'executor_thread_pool_size' => '64',
9 'log_config_append' => '/etc/keystone/logging.conf',
10 'log_dir' => 'logdir',
11 'log_file' => 'logfile.log',
12 'notification_format' => 'cadf',
13 'rpc_ack_timeout_base' => '15',
14 'rpc_ack_timeout_multiplier'=> '2',
15 'rpc_conn_pool_size' => '30',
16 'rpc_message_ttl' => '300',
17 'rpc_poll_timeout' => '1',
18 'rpc_response_timeout' => '60',
19 'rpc_retry_attempts' => '3',
20 'rpc_thread_pool_size' => '100',
21 'rpc_use_acks' => 'False',
22 'syslog_log_facility' => 'LOG_USER',
23 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5671//openstack',
24 'use_syslog' => 'True'
25}
26
27keystone_default = {
28 'conn_pool_min_size' => '2',
29 'conn_pool_ttl' => '1200',
30 'control_exchange' => 'openstack',
31 'debug' => 'True',
32 'executor_thread_pool_size' => '64',
33 'log_config_append' => '/etc/keystone/logging.conf',
34 'log_dir' => 'logdir',
35 'log_file' => 'logfile.log',
36 'notification_format' => 'cadf',
37 'rpc_ack_timeout_base' => '15',
38 'rpc_ack_timeout_multiplier' => '2',
39 'rpc_conn_pool_size' => '30',
40 'rpc_message_ttl' => '300',
41 'rpc_poll_timeout' => '1',
42 'rpc_response_timeout' => '60',
43 'rpc_retry_attempts' => '3',
44 'rpc_thread_pool_size' => '100',
45 'rpc_use_acks' => 'False',
46 'syslog_log_facility' => 'LOG_USER',
47 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5672//openstack',
48 'use_syslog' => 'True'
49}
50
51keystone_assignment = {
52 'driver' => 'sql'
53}
54
55keystone_auth = {
56 'methods' => 'password,token',
57 'oidc' => 'keystone.auth.plugins.mapped.Mapped',
58 'saml2' => 'keystone.auth.plugins.mapped.Mapped',
59}
60
61keystone_catalog = {
62 'template_file' => 'default_catalog.templates',
63 'driver' => 'sql',
64}
65
66keystone_credential = {
67 'key_repository' => '/var/lib/keystone/credential-keys'
68}
69
70keystone_fernet_tokens = {
71 'key_repository' => '/etc/keystone/fernet-keys/',
72 'max_active_keys' => '3',
73}
74
75keystone_identity = {
76 'driver' => 'sql',
77}
78
79keystone_token = {
80 'expiration' => '86400',
81 'provider' => 'fernet',
82 'caching' => 'false',
83 'hash_algorithm' => 'sha256',
84}
85
86keystone_cache = {
87 'backend' => 'oslo_cache.memcache_pool',
88 'enabled' => 'True',
89}
90
91keystone_oslo_messaging_rabbit = {
92 'heartbeat_rate' => '2',
93}
94
95keystone_oslo_messaging_rabbit_ssl = {
96 'heartbeat_rate' => '2',
97 'heartbeat_timeout_threshold' => '60',
98 'rabbit_ha_queues' => 'True',
99 'rabbit_interval_max' => '30',
100 'rabbit_qos_prefetch_count' => '64',
101 'rabbit_retry_backoff' => '2',
102 'rabbit_retry_interval' => '1',
103 'rabbit_transient_queues_ttl' => '1800',
104 'ssl' => 'true',
105 'ssl_ca_file' => '/etc/keystone/ssl/mysql/ca-cert.pem',
106 'ssl_version' => 'TLSv1_2',
107}
108
109keystone_database = {
110 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone?charset=utf8',
111 'max_overflow' => '30',
112 'max_pool_size' => '10',
113 'max_retries' => '-1',
114}
115
116keystone_database_ssl = {
117 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone?charset=utf8&ssl_ca=/etc/keystone/ssl/mysql/ca-cert.pem&ssl_cert=/etc/keystone/ssl/mysql/client-cert.pem&ssl_key=/etc/keystone/ssl/mysql/client-key.pem',
118 'max_overflow' => '30',
119 'max_pool_size' => '10',
120 'max_retries' => '-1',
121}
122
123keystone_oslo_middleware = {
124 'max_request_body_size' => '114688',
125 'enable_proxy_headers_parsing' => 'True',
126}
127
128keystone_cors = {
129 'allowed_origin' => 'https://horizon.example.com',
130 'allow_credentials' => 'True',
131 'expose_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token',
132 'max_age' => '3600',
133 'allow_methods' => 'GET,PUT,POST,DELETE,PATCH',
134 'allow_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name',
135}
136
137keystone_oidc = {
138 'remote_id_attribute' => 'HTTP_OIDC_ISS'
139}
140
141keystone_saml2 = {
142 'remote_id_attribute' => 'HTTP_OIDC_ISS'
143}
144
Oleksandr Shyshko004f17b2019-02-21 12:51:25 +0000[diff] [blame]145keystone_security_compliance = {
146 'disable_user_account_days_inactive' => '90',
Oleksandr Shyshko3d95b712019-04-19 11:50:49 +0300[diff] [blame]147 'lockout_failure_attempts' => '60',
Oleksandr Shyshko004f17b2019-02-21 12:51:25 +0000[diff] [blame]148 'lockout_duration' => '600',
Oleksandr Shyshko3d95b712019-04-19 11:50:49 +0300[diff] [blame]149 'password_expires_days' => '730',
150 'unique_last_password_count' => '5',
Oleksandr Shyshko004f17b2019-02-21 12:51:25 +0000[diff] [blame]151 'minimum_password_age' => '0',
Oleksandr Shyshko3d95b712019-04-19 11:50:49 +0300[diff] [blame]152 'password_regex' => '^[a-zA-Z0-9]{32,}$$',
153 'password_regex_description' => 'Your password could contains capital letters, lowercase letters, digits and have a minimum length of 32 characters',
154 'change_password_upon_first_use' => 'False',
Oleksandr Shyshko004f17b2019-02-21 12:51:25 +0000[diff] [blame]155}
156
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]157keystone_federation = {
158 'cache_group_membership_in_db' => 'True',
159}
160
161keystone_resource = {
162 'admin_project_domain_name' => 'project',
163 'admin_project_name' => 'projectname',
164}
165
166keystone_oslo_middleware = {
167 'max_request_body_size' => '114688',
168}
169
170control 'Keystone' do
171
172 describe parse_config_file('/etc/keystone/keystone.conf') do
173
174 describe 'Keystone messaging' do
175
176 if ssl_enabled
177 keystone_oslo_messaging_rabbit.merge!(keystone_oslo_messaging_rabbit_ssl)
178 keystone_default.merge!(keystone_default_ssl)
179 describe 'SSL' do
180 its('DEFAULT') {
181 should include(keystone_default)
182 }
183 its('oslo_messaging_rabbit') {
184 should include(keystone_oslo_messaging_rabbit)
185 }
186 end
187 else
188 describe 'non SSL' do
189 its('DEFAULT') {
190 should include(keystone_default)
191 }
192 its('oslo_messaging_rabbit') {
193 should include(keystone_oslo_messaging_rabbit)
194 }
195 end
196 end
197
198 end
199
200 describe 'Keystone database' do
201
202 if ssl_enabled
203 keystone_database.merge!(keystone_database_ssl)
204 describe 'SSL' do
205 its('database') {
206 should include(keystone_database)
207 }
208 end
209 else
210 describe 'non SSL' do
211 its('database') {
212 should include(keystone_database)
213 }
214 end
215 end
216
217 end
218
219 describe 'Keystone config' do
220
221 its('DEFAULT') {
222 should include(keystone_default)
223 }
224 its('assignment') {
225 should include(keystone_assignment)
226 }
227 its('auth') {
228 should include(keystone_auth)
229 }
230 its('catalog') {
231 should include(keystone_catalog)
232 }
233 its('credential') {
234 should include(keystone_credential)
235 }
236 its('fernet_tokens') {
237 should include(keystone_fernet_tokens)
238 }
239 its('identity') {
240 should include(keystone_identity)
241 }
242 its('token') {
243 should include(keystone_token)
244 }
245 its('cors') {
246 should include(keystone_cors)
247 }
248 its('oidc') {
249 should include(keystone_oidc)
250 }
251 its('saml2') {
252 should include(keystone_saml2)
253 }
Oleksandr Shyshko004f17b2019-02-21 12:51:25 +0000[diff] [blame]254 its('security_compliance') {
255 should include(keystone_security_compliance)
256 }
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame]257 its('federation') {
258 should include(keystone_federation)
259 }
260 its('resource') {
261 should include(keystone_resource)
262 }
263 its('oslo_middleware') {
264 should include(keystone_oslo_middleware)
265 }
266 its('cache') {
267 should include(keystone_cache)
268 }
269
270 end
271 end
272end