Add fucntional tests for swift

This is a first pass at adding functional tests for swift using the
.functests within the upstream swift repository.

User specific tests, as defined in /etc/swift/test.conf, are enabled
with the exception of keystone v3 domain tests for which further work
will be required.

Change-Id: If0bcc96ce3b4bb2f80f08f4523dad3fd89023e77

tests/swift_test.conf.j2

@@ -0,0 +1,112 @@
+[func_test]
+# sample config for Swift with tempauth
+#auth_host = 10.100.100.2
+#auth_port = 5000
+#auth_ssl = no
+#auth_prefix = /auth/
+## sample config for Swift with Keystone v2 API
+# For keystone v2 change auth_version to 2 and auth_prefix to /v2.0/
+# And "allow_account_management" should not be set "true"
+auth_version = 3
+auth_host = 10.100.100.2
+auth_port = 5000
+auth_ssl = no
+auth_prefix = /v3/
+
+# Primary functional test account (needs admin access to the account)
+account = test1
+username = test1
+password = test1
+
+# User on a second account (needs admin access to the account)
+account2 = test2
+username2 = test2
+password2 = test2
+
+# User on same account as first, but without admin access
+username3 = test3
+password3 = test3
+
+# Fourth user is required for keystone v3 specific tests.
+# Account must be in a non-default domain.
+#account4 = test4
+#username4 = test4
+#password4 = test4
+#domain4 = test-domain
+
+# Fifth user is required for service token-specific tests.
+# The account must be different than the primary test account
+# The user must not have a group (tempauth) or role (keystoneauth) on
+# the primary test account. The user must have a group/role that is unique
+# and not given to the primary tester and is specified in the options
+# <prefix>_require_group (tempauth) or <prefix>_service_roles (keystoneauth).
+account5 = test5
+username5 = test5
+password5 = test5
+
+# The service_prefix option is used for service token-specific tests.
+# If service_prefix or username5 above is not supplied, the tests are skipped.
+# To set the value and enable the service token tests, look at the
+# reseller_prefix option in /etc/swift/proxy-server.conf. There must be at
+# least two prefixes. If not, add a prefix as follows (where we add SERVICE):
+#     reseller_prefix = AUTH, SERVICE
+# The service_prefix must match the <prefix> used in <prefix>_require_group
+# (tempauth) or <prefix>_service_roles (keystoneauth); for example:
+#    SERVICE_require_group = service
+#    SERVICE_service_roles = service
+# Note: Do not enable service token tests if the first prefix in
+# reseller_prefix is the empty prefix AND the primary functional test
+# account contains an underscore.
+service_prefix = SERVICE
+
+# Sixth user is required for access control tests.
+# Account must have a role for reseller_admin_role(keystoneauth).
+account6 = test6
+username6 = test6
+password6 = test6
+
+collate = C
+
+# Only necessary if a pre-existing server uses self-signed certificate
+insecure = no
+
+[unit_test]
+fake_syslog = False
+
+[probe_test]
+# check_server_timeout = 30
+# validate_rsync = false
+
+[swift-constraints]
+# The functional test runner will try to use the constraint values provided in
+# the swift-constraints section of test.conf.
+#
+# If a constraint value does not exist in that section, or because the
+# swift-constraints section does not exist, the constraints values found in
+# the /info API call (if successful) will be used.
+#
+# If a constraint value cannot be found in the /info results, either because
+# the /info API call failed, or a value is not present, the constraint value
+# used will fall back to those loaded by the constraints module at time of
+# import (which will attempt to load /etc/swift/swift.conf, see the
+# swift.common.constraints module for more information).
+#
+# Note that the cluster must have "sane" values for the test suite to pass
+# (for some definition of sane).
+#
+#max_file_size = 5368709122
+#max_meta_name_length = 128
+#max_meta_value_length = 256
+#max_meta_count = 90
+#max_meta_overall_size = 4096
+#max_header_size = 8192
+#extra_header_count = 0
+#max_object_name_length = 1024
+#container_listing_limit = 10000
+#account_listing_limit = 10000
+#max_account_name_length = 256
+#max_container_name_length = 256
+
+# Newer swift versions default to strict cors mode, but older ones were the
+# opposite.
+#strict_cors_mode = true

tests/test.yml

@@ -321,6 +321,10 @@
             index: 0
             repl_number: 3
             default: True
+    swift_proxy_server_conf_overrides:
+      "filter:keystoneauth":
+        reseller_prefix: "AUTH, SERVICE"
+        "SERVICE_service_roles": "test5"
     memcached_servers: 10.100.100.2
     external_lb_vip_address: 10.100.100.3
     internal_lb_vip_address: 10.100.100.3
@@ -347,3 +351,134 @@
     memcached_encryption_key: "secrete"
     debug: true
     verbose: true
+
+- name: Setup testing - run Swift functional tests
+  hosts: swift_proxy[0]
+  user: root
+  gather_facts: true
+  pre_tasks:
+  - name: Ensure test projects
+    keystone:
+      command: "ensure_tenant"
+      endpoint: "{{ keystone_service_adminurl }}"
+      login_user: "{{ keystone_admin_user_name }}"
+      login_password: "{{ keystone_auth_admin_password }}"
+      login_project_name: "{{ keystone_admin_tenant_name }}"
+      description: "Testing tenant"
+      tenant_name: "{{item.project_name }}"
+      domain_name: "{{ item.domain_name }}"
+      insecure: "{{ keystone_service_adminuri_insecure }}"
+    with_items:
+      - { project_name: "test1", domain_name: "Default" }
+      - { project_name: "test2", domain_name: "Default" }
+      - { project_name: "test5", domain_name: "Default" }
+      - { project_name: "test6", domain_name: "Default" }
+    register: add_service
+    run_once: true
+    until: add_service|success
+    retries: 5
+    delay: 10
+  - name: Ensure required roles
+    keystone:
+      command: "ensure_role"
+      endpoint: "{{ keystone_service_adminurl }}"
+      login_user: "{{ keystone_admin_user_name }}"
+      login_password: "{{ keystone_auth_admin_password }}"
+      login_project_name: "{{ keystone_admin_tenant_name }}"
+      role_name: "{{ item }}"
+      insecure: "{{ keystone_service_adminuri_insecure }}"
+    with_items:
+      - "ResellerAdmin"
+      - "test-role"
+      - "test5"
+    run_once: true
+    register: add_service
+    until: add_service|success
+    retries: 5
+    delay: 10
+  - name: Add swift users for testing
+    keystone:
+      command: "ensure_user"
+      endpoint: "{{ keystone_service_adminurl }}"
+      login_user: "{{ keystone_admin_user_name }}"
+      login_password: "{{ keystone_auth_admin_password }}"
+      login_project_name: "{{ keystone_admin_tenant_name }}"
+      user_name: "{{ item.user_name }}"
+      project_name: "{{ item.project_name }}"
+      domain_name: "{{ item.domain_name }}"
+      password: "{{ item.password }}"
+      insecure: "{{ keystone_service_adminuri_insecure }}"
+    with_items:
+      - { user_name: "test1", project_name: "test1", password: "test1", domain_name: "Default" }
+      - { user_name: "test2", project_name: "test2", password: "test2", domain_name: "Default" }
+      - { user_name: "test3", project_name: "test1", password: "test3", domain_name: "Default" }
+      - { user_name: "test5", project_name: "test5", password: "test5", domain_name: "Default" }
+      - { user_name: "test6", project_name: "test6", password: "test6", domain_name: "Default" }
+    run_once: true
+    register: add_service
+    until: add_service|success
+    retries: 5
+    delay: 10
+  - name: Ensure roles for swift test users
+    keystone:
+      command: "ensure_user_role"
+      endpoint: "{{ keystone_service_adminurl }}"
+      login_user: "{{ keystone_admin_user_name }}"
+      login_password: "{{ keystone_auth_admin_password }}"
+      login_project_name: "{{ keystone_admin_tenant_name }}"
+      user_name: "{{ item.user_name }}"
+      domain_name: "{{ item.domain_name }}"
+      project_name: "{{ item.project_name }}"
+      role_name: "{{ item.role_name }}"
+      insecure: "{{ keystone_service_adminuri_insecure }}"
+    with_items:
+      - { user_name: "test1", project_name: "test1", role_name: "admin", domain_name: "Default" }
+      - { user_name: "test2", project_name: "test2", role_name: "admin", domain_name: "Default" }
+      - { user_name: "test3", project_name: "test1", role_name: "test-role", domain_name: "Default" }
+      - { user_name: "test5", project_name: "test5", role_name: "test5", domain_name: "Default" }
+      - { user_name: "test6", project_name: "test6", role_name: "ResellerAdmin", domain_name: "Default" }
+    retries: 5
+    run_once: true
+    register: add_service
+    until: add_service|success
+    retries: 5
+    delay: 10
+  - name: Clone swift repository on proxy-host
+    git:
+      repo: "https://git.openstack.org/openstack/swift"
+      dest: "/opt/swift"
+      update: yes
+      clone: yes
+      version: master
+  - name: Install requirements for swift
+    pip:
+      requirements: "{{ item }}"
+      virtualenv: "{{ swift_venv_bin | dirname }}"
+    with_items:
+      - "/opt/swift/test-requirements.txt"
+      - "/opt/swift/requirements.txt"
+  - name: Setup test.conf for testing
+    template:
+      src: "swift_test.conf.j2"
+      dest: "/etc/swift/test.conf"
+      owner: "swift"
+      group: "swift"
+  - name: Run functional tests for swift
+    shell: "source /openstack/venvs/swift-untagged/bin/activate && ./.functests"
+    args:
+      chdir: "/opt/swift/"
+      executable: "/bin/bash"
+  vars:
+    keystone_admin_user_name: admin
+    keystone_admin_tenant_name: admin
+    keystone_auth_admin_password: "SuperSecretePassword"
+    keystone_service_adminuri_insecure: false
+    keystone_service_internaluri_insecure: false
+    keystone_service_internaluri: "http://10.100.100.2:5000"
+    keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
+    keystone_service_adminuri: "http://10.100.100.2:35357"
+    keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
+    swift_venv_tag: untagged
+    swift_venv_bin: "/openstack/venvs/swift-{{ swift_venv_tag }}/bin"
+    debug: true
+    verbose: true