def test_leader_get_fails(self):
self.patch_object(juju_utils, 'yaml')
self.patch_object(juju_utils, 'model')
self.model.run_on_leader.return_value = {'Code': 1, 'Stderr': 'ERROR'}
with self.assertRaises(Exception):
juju_utils.leader_get('application')
self.model.run_on_leader.assert_called_with(
'application', 'leader-get --format=yaml ', model_name=None)
self.assertFalse(self.yaml.safe_load.called)
def test_leader_get_key(self):
self.patch_object(juju_utils, 'yaml')
self.patch_object(juju_utils, 'model')
data = {'foo': 'bar'}
self.model.run_on_leader.return_value = {
'Code': 0,
'Stdout': data['foo']
}
juju_utils.leader_get('application', 'foo')
self.model.run_on_leader.assert_called_with(
'application', 'leader-get --format=yaml foo', model_name=None)
self.yaml.safe_load.assert_called_with(data['foo'])
def basic_setup():
"""Run setup for testing Trilio.
Setup for testing Trilio is currently part of functional
tests.
"""
logging.info("Configuring NFS Server")
nfs_server_ip = zaza_model.get_app_ips("nfs-server-test-fixture")[0]
trilio_wlm_unit = zaza_model.get_first_unit_name("trilio-wlm")
nfs_shares_conf = {"nfs-shares": "{}:/srv/testing".format(nfs_server_ip)}
_trilio_services = ["trilio-wlm", "trilio-data-mover"]
conf_changed = False
for juju_service in _trilio_services:
app_config = zaza_model.get_application_config(juju_service)
if app_config["nfs-shares"] != nfs_shares_conf["nfs-shares"]:
zaza_model.set_application_config(juju_service, nfs_shares_conf)
conf_changed = True
if conf_changed:
zaza_model.wait_for_agent_status()
# NOTE(jamespage): wlm-api service must be running in order
# to execute the setup actions
zaza_model.block_until_service_status(
unit_name=trilio_wlm_unit,
services=["wlm-api"],
target_status="active",
)
logging.info("Executing create-cloud-admin-trust")
password = juju_utils.leader_get("keystone", "admin_passwd")
generic_utils.assertActionRanOK(
zaza_model.run_action_on_leader(
"trilio-wlm",
"create-cloud-admin-trust",
raise_on_failure=True,
action_params={"password": password},
)
)
logging.info("Executing create-license")
test_license = os.environ.get("TEST_TRILIO_LICENSE")
if test_license and os.path.exists(test_license):
zaza_model.attach_resource("trilio-wlm",
resource_name='license',
resource_path=test_license)
generic_utils.assertActionRanOK(
zaza_model.run_action_on_leader(
"trilio-wlm", "create-license",
raise_on_failure=True
)
)
else:
logging.error("Unable to find Trilio License file")
def trust_setup():
"""Run setup Trilio trust setup."""
logging.info("Executing create-cloud-admin-trust")
password = juju_utils.leader_get("keystone", "admin_passwd")
generic_utils.assertActionRanOK(
zaza_model.run_action_on_leader(
"trilio-wlm",
"create-cloud-admin-trust",
raise_on_failure=True,
action_params={"password": password},
))
def test_key_distribution_and_rotation(self):
"""Verify key rotation.
Note that we make the assumption that test bundle configure
`token-expiration` to 60 and that it takes > 60s from deployment
completes until we get to this test.
"""
if (openstack_utils.get_os_release() <
openstack_utils.get_os_release('xenial_ocata')):
logging.info('skipping test < xenial_ocata')
return
with self.pause_resume(['apache2']):
KEY_KEY_REPOSITORY = 'key_repository'
CREDENTIAL_KEY_REPOSITORY = '/etc/keystone/credential-keys/'
FERNET_KEY_REPOSITORY = '/etc/keystone/fernet-keys/'
# get key repostiroy from leader storage
key_repository = json.loads(
juju_utils.leader_get(self.application_name,
KEY_KEY_REPOSITORY))
# sort keys so we can compare it to on-disk repositories
key_repository = json.loads(
json.dumps(key_repository, sort_keys=True),
object_pairs_hook=collections.OrderedDict)
logging.info('key_repository: "{}"'.format(
pprint.pformat(key_repository)))
for repo in [CREDENTIAL_KEY_REPOSITORY, FERNET_KEY_REPOSITORY]:
try:
for key_name, key in key_repository[repo].items():
if int(key_name) > 1:
# after initialization the repository contains the
# staging key (0) and the primary key (1). After
# rotation the repository contains at least one key
# with higher index.
break
else:
# NOTE the charm should only rotate the fernet key
# repostiory and not rotate the credential key
# repository.
if repo == FERNET_KEY_REPOSITORY:
raise zaza_exceptions.KeystoneKeyRepositoryError(
'Keys in Fernet key repository has not been '
'rotated.')
except KeyError:
raise zaza_exceptions.KeystoneKeyRepositoryError(
'Dict in leader setting "{}" does not contain key '
'repository "{}"'.format(KEY_KEY_REPOSITORY, repo))
# get on-disk key repository from all units
on_disk = {}
units = zaza.model.get_units(self.application_name)
for unit in units:
on_disk[unit.entity_id] = {}
for repo in [CREDENTIAL_KEY_REPOSITORY, FERNET_KEY_REPOSITORY]:
on_disk[unit.entity_id][repo] = {}
result = zaza.model.run_on_unit(
unit.entity_id, 'sudo ls -1 {}'.format(repo))
for key_name in result.get('Stdout').split():
result = zaza.model.run_on_unit(
unit.entity_id,
'sudo cat {}/{}'.format(repo, key_name))
on_disk[unit.entity_id][repo][key_name] = result.get(
'Stdout')
# sort keys so we can compare it to leader storage repositories
on_disk = json.loads(json.dumps(on_disk, sort_keys=True),
object_pairs_hook=collections.OrderedDict)
logging.info('on_disk: "{}"'.format(pprint.pformat(on_disk)))
for unit in units:
unit_repo = on_disk[unit.entity_id]
lead_repo = key_repository
if unit_repo != lead_repo:
raise zaza_exceptions.KeystoneKeyRepositoryError(
'expect: "{}" actual({}): "{}"'.format(
pprint.pformat(lead_repo), unit.entity_id,
pprint.pformat(unit_repo)))
logging.info('"{}" == "{}"'.format(pprint.pformat(unit_repo),
pprint.pformat(lead_repo)))