Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / keystone / 6875ed1e6f7bab18ba41e60b8b1fcad447192fcb / . / tests / integration / pike / single / config_spec.rb
blob: a9f179217be9bf8fb4f3eb1b83db9e438047657b [file] [log] [blame]
sgarbuz6875ed12018-11-16 13:14:57 +0200[diff] [blame^]1ssl_enabled = attribute("ssl", default: false)
2
3keystone_oslo_messaging_default = {
4 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5672//openstack',
5}
6
7keystone_oslo_messaging_default_ssl = {
8 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5671//openstack'
9}
10
11keystone_default = {
12 'log_config_append' => '/etc/keystone/logging.conf',
13 'debug' => 'false',
14 'notification_format' => 'cadf',
15}
16
17keystone_assignment = {
18 'driver' => 'sql'
19}
20
21keystone_auth = {
22 'methods' => 'password,token',
23 'oidc' => 'keystone.auth.plugins.mapped.Mapped',
24 'saml2' => 'keystone.auth.plugins.mapped.Mapped',
25}
26
27#hardcod in config
28keystone_catalog = {
29 'template_file' => 'default_catalog.templates',
30 'driver' => 'sql',
31}
32
33keystone_credential = {
34 'key_repository' => '/var/lib/keystone/credential-keys'
35}
36
37keystone_fernet_tokens = {
38 'key_repository' => '/var/lib/keystone/fernet-keys',
39 'max_active_keys' => '3',
40}
41
42#hardcod in config
43keystone_identity = {
44 'driver' => 'sql',
45 'default_domain_id' => 'default_domain',
46 'domain_specific_drivers_enabled' => 'true',
47 'domain_config_dir' => '/etc/keystone/domains',
48}
49
50#hardcod in config
51keystone_policy = {
52 'driver' => 'sql'
53}
54
55keystone_token = {
56 'expiration' => '86400',
57 'provider' => 'fernet',
58 'caching' => 'false',
59 'hash_algorithm' => 'sha256',
60}
61
62keystone_cache = {
63 'backend' => 'oslo_cache.memcache_pool',
64 'enabled' => 'True',
65 'memcache_servers' => '127.0.0.1:11211',
66}
67
68#hardcod in config
69keystone_oslo_messaging_rabbit = {
70 'heartbeat_timeout_threshold' => '0',
71 'heartbeat_rate' => '2',
72}
73
74keystone_oslo_messaging_rabbit_ssl = {
75 'rabbit_use_ssl' => 'true',
76 'kombu_ssl_version' => 'TLSv1_2',
77 'kombu_ssl_ca_certs' => '/etc/keystone/ssl/mysql/ca-cert.pem',
78}
79
80keystone_database = {
81 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone',
82 'max_pool_size' => '10',
83 'max_retries' => '-1',
84 'max_overflow' => '30',
85 'idle_timeout' => '3600',
86}
87
88keystone_database_ssl = {
89 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone?charset=utf8&ssl_ca=/etc/keystone/ssl/mysql/ca-cert.pem&ssl_cert=/etc/keystone/ssl/mysql/client-cert.pem&ssl_key=/etc/keystone/ssl/mysql/client-key.pem',
90}
91
92keystone_oslo_middleware = {
93 'max_request_body_size' => '114688',
94 'enable_proxy_headers_parsing' => 'True',
95}
96
97keystone_cors = {
98 'allowed_origin' => 'https://horizon.example.com',
99 'allow_credentials' => 'True',
100 'expose_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token',
101 'max_age' => '3600',
102 'allow_methods' => 'GET,PUT,POST,DELETE,PATCH',
103 'allow_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name',
104}
105
106keystone_profiler = {
107 'enabled' => 'True',
108}
109
110keystone_oidc = {
111 'remote_id_attribute' => 'HTTP_OIDC_ISS'
112}
113
114keystone_saml2 = {
115 'remote_id_attribute' => 'HTTP_OIDC_ISS'
116}
117
118keystone_federation = {
119 'cache_group_membership_in_db' => 'True',
120}
121
122keystone_resource = {
123 'admin_project_domain_name' => 'project',
124 'admin_project_name' => 'projectname',
125}
126
127control 'Keystone' do
128
129 describe parse_config_file('/etc/keystone/keystone.conf') do
130
131 describe 'Keystone messaging' do
132
133 if ssl_enabled
134 keystone_oslo_messaging_rabbit.merge!(keystone_oslo_messaging_rabbit_ssl)
135 keystone_oslo_messaging_default.merge!(keystone_oslo_messaging_default_ssl)
136 describe 'SSL' do
137 its('DEFAULT') {
138 should include(keystone_oslo_messaging_default)
139 }
140 its('oslo_messaging_rabbit') {
141 should include(keystone_oslo_messaging_rabbit)
142 }
143 end
144 else
145 describe 'non SSL' do
146 its('DEFAULT') {
147 should include(keystone_oslo_messaging_default)
148 }
149 its('oslo_messaging_rabbit') {
150 should include(keystone_oslo_messaging_rabbit)
151 }
152 end
153 end
154
155 end
156
157 describe 'Keystone database' do
158
159 if ssl_enabled
160 keystone_database.merge!(keystone_database_ssl)
161 describe 'SSL' do
162 its('database') {
163 should include(keystone_database)
164 }
165 end
166 else
167 describe 'non SSL' do
168 its('database') {
169 should include(keystone_database)
170 }
171 end
172 end
173
174 end
175
176 describe 'Keystone config' do
177
178 its('DEFAULT') {
179 should include(keystone_default)
180 }
181 its('assignment') {
182 should include(keystone_assignment)
183 }
184 its('auth') {
185 should include(keystone_auth)
186 }
187 its('catalog') {
188 should include(keystone_catalog)
189 }
190 its('credential') {
191 should include(keystone_credential)
192 }
193 its('fernet_tokens') {
194 should include(keystone_fernet_tokens)
195 }
196 its('identity') {
197 should include(keystone_identity)
198 }
199 its('token') {
200 should include(keystone_token)
201 }
202 its('cors') {
203 should include(keystone_cors)
204 }
205 its('oidc') {
206 should include(keystone_oidc)
207 }
208 its('saml2') {
209 should include(keystone_saml2)
210 }
211 its('federation') {
212 should include(keystone_federation)
213 }
214 its('resource') {
215 should include(keystone_resource)
216 }
217
218 end
219 end
220end