Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / keystone / c4b6ed93cbcbf8115d1887bd60048524c95f6d20 / . / tests / integration / pike / single / config_spec.rb
blob: 5937921df84966df7a6a4afac0066845fec4b145 [file] [log] [blame]
sgarbuzc4b6ed92019-01-15 11:53:08 +0200[diff] [blame^]1ssl_enabled = attribute("ssl", default: false)
2
3keystone_default_ssl = {
4 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5671//openstack',
5 'log_config_append' => '/etc/keystone/logging.conf',
6 'debug' => 'false',
7 'notification_format' => 'cadf',
8 'admin_token' => 'RANDOMSTRINGTOKEN',
9 'log_dir' => '/var/log/keystone',
10 'secure_proxy_ssl_header' => 'HTTP_X_FORWARDED_PROTO',
11 'verbose' => 'true',
12}
13
14keystone_default = {
15 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5672//openstack',
16 'log_config_append' => '/etc/keystone/logging.conf',
17 'debug' => 'false',
18 'notification_format' => 'cadf',
19 'admin_token' => 'RANDOMSTRINGTOKEN',
20 'log_dir' => '/var/log/keystone',
21 'secure_proxy_ssl_header' => 'HTTP_X_FORWARDED_PROTO',
22 'verbose' => 'true',
23}
24
25keystone_assignment = {
26 'driver' => 'sql'
27}
28
29keystone_auth = {
30 'methods' => 'password,token',
31 'oidc' => 'keystone.auth.plugins.mapped.Mapped',
32 'saml2' => 'keystone.auth.plugins.mapped.Mapped',
33}
34
35keystone_catalog = {
36 'template_file' => 'default_catalog.templates',
37 'driver' => 'sql',
38}
39
40keystone_credential = {
41 'key_repository' => '/var/lib/keystone/credential-keys'
42}
43
44keystone_fernet_tokens = {
45 'key_repository' => '/etc/keystone/fernet-keys/',
46 'max_active_keys' => '3',
47}
48
49keystone_identity = {
50 'driver' => 'sql',
51}
52
53keystone_token = {
54 'expiration' => '86400',
55 'provider' => 'fernet',
56 'caching' => 'false',
57 'hash_algorithm' => 'sha256',
58 'driver' => 'keystone.token.persistence.backends.memcache_pool.Token',
59 'revoke_by_id' => 'False',
60}
61
62keystone_cache = {
63 'backend' => 'oslo_cache.memcache_pool',
64 'enabled' => 'True',
65 'memcache_servers' => '127.0.0.1:11211',
66}
67
68keystone_oslo_messaging_rabbit = {
69 'heartbeat_timeout_threshold' => '0',
70 'heartbeat_rate' => '2',
71}
72
73keystone_oslo_messaging_rabbit_ssl = {
74 'rabbit_use_ssl' => 'true',
75 'kombu_ssl_version' => 'TLSv1_2',
76 'kombu_ssl_ca_certs' => '/etc/keystone/ssl/mysql/ca-cert.pem',
77}
78
79keystone_database = {
80 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone?charset=utf8',
81 'max_pool_size' => '10',
82 'max_retries' => '-1',
83 'max_overflow' => '30',
84 'idle_timeout' => '3600',
85}
86
87keystone_database_ssl = {
88 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone?charset=utf8&ssl_ca=/etc/keystone/ssl/mysql/ca-cert.pem&ssl_cert=/etc/keystone/ssl/mysql/client-cert.pem&ssl_key=/etc/keystone/ssl/mysql/client-key.pem',
89 'max_pool_size' => '10',
90 'max_retries' => '-1',
91 'max_overflow' => '30',
92 'idle_timeout' => '3600',
93}
94
95keystone_oslo_middleware = {
96 'max_request_body_size' => '114688',
97 'enable_proxy_headers_parsing' => 'True',
98}
99
100keystone_cors = {
101 'allowed_origin' => 'https://horizon.example.com',
102 'allow_credentials' => 'True',
103 'expose_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token',
104 'max_age' => '3600',
105 'allow_methods' => 'GET,PUT,POST,DELETE,PATCH',
106 'allow_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name',
107}
108
109keystone_profiler = {
110 'enabled' => 'True',
111}
112
113keystone_oidc = {
114 'remote_id_attribute' => 'HTTP_OIDC_ISS'
115}
116
117keystone_saml2 = {
118 'remote_id_attribute' => 'HTTP_OIDC_ISS'
119}
120
121keystone_federation = {
122 'cache_group_membership_in_db' => 'True',
123}
124
125keystone_resource = {
126 'admin_project_domain_name' => 'project',
127 'admin_project_name' => 'projectname',
128}
129
130keystone_extra_headers = {
131 'Distribution' => 'Ubuntu',
132}
133
134control 'Keystone' do
135
136 describe parse_config_file('/etc/keystone/keystone.conf') do
137
138 describe 'Keystone messaging' do
139
140 if ssl_enabled
141 keystone_oslo_messaging_rabbit.merge!(keystone_oslo_messaging_rabbit_ssl)
142 keystone_default.merge!(keystone_default_ssl)
143 describe 'SSL' do
144 its('DEFAULT') {
145 should include(keystone_default)
146 }
147 its('oslo_messaging_rabbit') {
148 should include(keystone_oslo_messaging_rabbit)
149 }
150 end
151 else
152 describe 'non SSL' do
153 its('DEFAULT') {
154 should include(keystone_default)
155 }
156 its('oslo_messaging_rabbit') {
157 should include(keystone_oslo_messaging_rabbit)
158 }
159 end
160 end
161
162 end
163
164 describe 'Keystone database' do
165
166 if ssl_enabled
167 keystone_database.merge!(keystone_database_ssl)
168 describe 'SSL' do
169 its('database') {
170 should include(keystone_database)
171 }
172 end
173 else
174 describe 'non SSL' do
175 its('database') {
176 should include(keystone_database)
177 }
178 end
179 end
180
181 end
182
183 describe 'Keystone config' do
184
185 its('DEFAULT') {
186 should include(keystone_default)
187 }
188 its('assignment') {
189 should include(keystone_assignment)
190 }
191 its('auth') {
192 should include(keystone_auth)
193 }
194 its('catalog') {
195 should include(keystone_catalog)
196 }
197 its('credential') {
198 should include(keystone_credential)
199 }
200 its('fernet_tokens') {
201 should include(keystone_fernet_tokens)
202 }
203 its('identity') {
204 should include(keystone_identity)
205 }
206 its('token') {
207 should include(keystone_token)
208 }
209 its('cors') {
210 should include(keystone_cors)
211 }
212 its('oidc') {
213 should include(keystone_oidc)
214 }
215 its('saml2') {
216 should include(keystone_saml2)
217 }
218 its('federation') {
219 should include(keystone_federation)
220 }
221 its('resource') {
222 should include(keystone_resource)
223 }
224 its('extra_headers') {
225 should include(keystone_extra_headers)
226 }
227
228 end
229 end
230end