Blame - tests/integration/queens/single/config_spec.rb - salt-formulas/keystone

blob: 5740f259afab48ed81d87f4a41060098a486d777 [file] [log] [blame]

Martin Polreich	1266334	2019-10-14 18:39:26 +0200	[diff] [blame]	1	ssl_enabled = attribute('ssl', default: false)
				2
				3	keystone_default_ssl = {
				4	'conn_pool_min_size' => '2',
				5	'conn_pool_ttl' => '1200',
				6	'control_exchange' => 'openstack',
				7	'debug' => 'True',
				8	'executor_thread_pool_size' => '64',
				9	'log_config_append' => '/etc/keystone/logging.conf',
				10	'log_dir' => 'logdir',
				11	'log_file' => 'logfile.log',
				12	'notification_format' => 'cadf',
				13	'rpc_ack_timeout_base' => '15',
				14	'rpc_ack_timeout_multiplier' => '2',
				15	'rpc_conn_pool_size' => '30',
				16	'rpc_message_ttl' => '300',
				17	'rpc_poll_timeout' => '1',
				18	'rpc_response_timeout' => '60',
				19	'rpc_retry_attempts' => '3',
				20	'rpc_thread_pool_size' => '100',
				21	'rpc_use_acks' => 'False',
				22	'syslog_log_facility' => 'LOG_USER',
				23	'transport_url' => 'rabbit://openstack:password@127.0.0.1:5671//openstack',
				24	'use_syslog' => 'True',
				25	}
				26
				27	keystone_default = {
				28	'conn_pool_min_size' => '2',
				29	'conn_pool_ttl' => '1200',
				30	'control_exchange' => 'openstack',
				31	'debug' => 'True',
				32	'executor_thread_pool_size' => '64',
				33	'log_config_append' => '/etc/keystone/logging.conf',
				34	'log_dir' => 'logdir',
				35	'log_file' => 'logfile.log',
				36	'notification_format' => 'cadf',
				37	'rpc_ack_timeout_base' => '15',
				38	'rpc_ack_timeout_multiplier' => '2',
				39	'rpc_conn_pool_size' => '30',
				40	'rpc_message_ttl' => '300',
				41	'rpc_poll_timeout' => '1',
				42	'rpc_response_timeout' => '60',
				43	'rpc_retry_attempts' => '3',
				44	'rpc_thread_pool_size' => '100',
				45	'rpc_use_acks' => 'False',
				46	'syslog_log_facility' => 'LOG_USER',
				47	'transport_url' => 'rabbit://openstack:password@127.0.0.1:5672//openstack',
				48	'use_syslog' => 'True',
				49	}
				50
				51	keystone_assignment = {
				52	'driver' => 'sql'
				53	}
				54
				55	keystone_auth = {
				56	'methods' => 'password,token',
				57	'oidc' => 'keystone.auth.plugins.mapped.Mapped',
				58	'saml2' => 'keystone.auth.plugins.mapped.Mapped',
				59	}
				60
				61	keystone_catalog = {
				62	'template_file' => 'default_catalog.templates',
				63	'driver' => 'sql',
				64	}
				65
				66	keystone_credential = {
				67	'key_repository' => '/var/lib/keystone/credential-keys'
				68	}
				69
				70	keystone_fernet_tokens = {
				71	'key_repository' => '/etc/keystone/fernet-keys/',
				72	'max_active_keys' => '3',
				73	}
				74
				75	keystone_identity = {
				76	'driver' => 'sql',
				77	}
				78
				79	keystone_token = {
				80	'expiration' => '86400',
				81	'provider' => 'fernet',
				82	'caching' => 'false',
				83	'hash_algorithm' => 'sha256',
				84	}
				85
				86	keystone_cache = {
				87	'backend' => 'oslo_cache.memcache_pool',
				88	'enabled' => 'True',
				89	}
				90
				91	keystone_oslo_messaging_rabbit = {
				92	'heartbeat_rate' => '2',
				93	}
				94
				95	keystone_oslo_messaging_rabbit_ssl = {
				96	'channel_max' => '2',
				97	'connection_factory' => 'single',
				98	'default_notification_exchange' => 'exchange',
				99	'default_notification_retry_attempts' => '1',
				100	'default_rpc_exchange' => 'rpc_exchange',
				101	'default_rpc_retry_attempts' => '10',
				102	'default_serializer_type' => 'json',
				103	'frame_max' => '2',
				104	'heartbeat_interval' => '3',
				105	'heartbeat_rate' => '2',
				106	'heartbeat_timeout_threshold' => '60',
				107	'host_connection_reconnect_delay' => '10',
				108	'notification_listener_prefetch_count' => '100',
				109	'notification_persistence' => 'False',
				110	'notification_retry_delay' => '10',
				111	'pool_max_overflow' => '0',
				112	'pool_max_size' => '30',
				113	'pool_recycle' => '600',
				114	'pool_stale' => '60',
				115	'pool_timeout' => '30',
				116	'rabbit_ha_queues' => 'True',
				117	'rabbit_interval_max' => '30',
				118	'rabbit_qos_prefetch_count' => '64',
				119	'rabbit_retry_backoff' => '2',
				120	'rabbit_retry_interval' => '1',
				121	'rabbit_transient_queues_ttl' => '1800',
				122	'rpc_listener_prefetch_count' => '100',
				123	'rpc_queue_expiration' => '60',
				124	'rpc_reply_exchange' => 'rpc_reply_exchange',
				125	'rpc_reply_listener_prefetch_count' => '100',
				126	'rpc_reply_retry_attempts' => '10',
				127	'rpc_reply_retry_delay' => '10',
				128	'rpc_retry_delay' => '10',
				129	'socket_timeout' => '10',
				130	'ssl' => 'true',
				131	'ssl_ca_file' => '/etc/keystone/ssl/mysql/ca-cert.pem',
				132	'ssl_version' => 'TLSv1_2',
				133	'tcp_user_timeout' => '10',
				134	}
				135
				136	keystone_database = {
Taras Khlivnyak	45c36d7	2021-08-19 10:57:43 +0300	[diff] [blame^]	137	'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1:3306/keystone?charset=utf8',
Martin Polreich	1266334	2019-10-14 18:39:26 +0200	[diff] [blame]	138	'max_overflow' => '30',
				139	'max_pool_size' => '10',
				140	'max_retries' => '-1',
				141	}
				142
				143	keystone_database_ssl = {
Taras Khlivnyak	45c36d7	2021-08-19 10:57:43 +0300	[diff] [blame^]	144	'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1:3306/keystone?charset=utf8&ssl_ca=/etc/keystone/ssl/mysql/ca-cert.pem&ssl_cert=/etc/keystone/ssl/mysql/client-cert.pem&ssl_key=/etc/keystone/ssl/mysql/client-key.pem',
Martin Polreich	1266334	2019-10-14 18:39:26 +0200	[diff] [blame]	145	'max_overflow' => '30',
				146	'max_pool_size' => '10',
				147	'max_retries' => '-1',
Taras Khlivnyak	dbdac22	2021-06-17 10:34:25 +0300	[diff] [blame]	148	'connection_recycle_time' => '3600',
Martin Polreich	1266334	2019-10-14 18:39:26 +0200	[diff] [blame]	149	}
				150
				151	keystone_oslo_middleware = {
				152	'max_request_body_size' => '114688',
				153	'enable_proxy_headers_parsing' => 'True',
				154	}
				155
				156	keystone_cors = {
				157	'allowed_origin' => 'https://horizon.example.com',
				158	'allow_credentials' => 'True',
				159	'expose_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token',
				160	'max_age' => '3600',
				161	'allow_methods' => 'GET,PUT,POST,DELETE,PATCH',
				162	'allow_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name',
				163	}
				164
				165	keystone_oidc = {
				166	'remote_id_attribute' => 'HTTP_OIDC_ISS'
				167	}
				168
				169	keystone_saml2 = {
				170	'remote_id_attribute' => 'HTTP_OIDC_ISS'
				171	}
				172
				173	keystone_security_compliance = {
				174	'disable_user_account_days_inactive' => '90',
				175	'lockout_failure_attempts' => '60',
				176	'lockout_duration' => '600',
				177	'password_expires_days' => '730',
				178	'unique_last_password_count' => '5',
				179	'minimum_password_age' => '0',
				180	'password_regex' => '^[a-zA-Z0-9]{32,}$$',
				181	'password_regex_description' => 'Your password could contains capital letters, lowercase letters, digits and have a minimum length of 32 characters',
				182	'change_password_upon_first_use' => 'False',
				183	}
				184
				185	keystone_federation = {
				186	'cache_group_membership_in_db' => 'True',
				187	}
				188
				189	keystone_resource = {
				190	'admin_project_domain_name' => 'project',
				191	'admin_project_name' => 'projectname',
				192	}
				193
				194	keystone_oslo_middleware = {
				195	'max_request_body_size' => '114688',
				196	}
				197
				198	control 'Keystone' do
				199
				200	describe parse_config_file('/etc/keystone/keystone.conf') do
				201
				202	describe 'Keystone messaging' do
				203
				204	if ssl_enabled
				205	keystone_oslo_messaging_rabbit.merge!(keystone_oslo_messaging_rabbit_ssl)
				206	keystone_default.merge!(keystone_default_ssl)
				207	describe 'SSL' do
				208	its('DEFAULT') {
				209	should include(keystone_default)
				210	}
				211	its('oslo_messaging_rabbit') {
				212	should include(keystone_oslo_messaging_rabbit)
				213	}
				214	end
				215	else
				216	describe 'non SSL' do
				217	its('DEFAULT') {
				218	should include(keystone_default)
				219	}
				220	its('oslo_messaging_rabbit') {
				221	should include(keystone_oslo_messaging_rabbit)
				222	}
				223	end
				224	end
				225
				226	end
				227
				228	describe 'Keystone database' do
				229
				230	if ssl_enabled
				231	keystone_database.merge!(keystone_database_ssl)
				232	describe 'SSL' do
				233	its('database') {
				234	should include(keystone_database)
				235	}
				236	end
				237	else
				238	describe 'non SSL' do
				239	its('database') {
				240	should include(keystone_database)
				241	}
				242	end
				243	end
				244
				245	end
				246
				247	describe 'Keystone config' do
				248
				249	its('DEFAULT') {
				250	should include(keystone_default)
				251	}
				252	its('assignment') {
				253	should include(keystone_assignment)
				254	}
				255	its('auth') {
				256	should include(keystone_auth)
				257	}
				258	its('catalog') {
				259	should include(keystone_catalog)
				260	}
				261	its('credential') {
				262	should include(keystone_credential)
				263	}
				264	its('fernet_tokens') {
				265	should include(keystone_fernet_tokens)
				266	}
				267	its('identity') {
				268	should include(keystone_identity)
				269	}
				270	its('token') {
				271	should include(keystone_token)
				272	}
				273	its('cors') {
				274	should include(keystone_cors)
				275	}
				276	its('oidc') {
				277	should include(keystone_oidc)
				278	}
				279	its('saml2') {
				280	should include(keystone_saml2)
				281	}
				282	its('security_compliance') {
				283	should include(keystone_security_compliance)
				284	}
				285	its('federation') {
				286	should include(keystone_federation)
				287	}
				288	its('resource') {
				289	should include(keystone_resource)
				290	}
				291	its('oslo_middleware') {
				292	should include(keystone_oslo_middleware)
				293	}
				294	its('cache') {
				295	should include(keystone_cache)
				296	}
				297
				298	end
				299	end
				300	end