From 6bd8016a1914d5fd55530316ff97abb738e56086 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 21 Aug 2022 03:40:07 +0900 Subject: [PATCH] Enable scenario tests to test Barbican Change-Id: I8d25953dc77f449a3b6cdf63be850b157014bec2 --- fixtures/scenario002.pp | 4 +++- manifests/glance.pp | 16 +++++++++++++++- manifests/tempest.pp | 6 ++++++ run_tests.sh | 4 ++++ 4 files changed, 28 insertions(+), 2 deletions(-) diff --git a/fixtures/scenario002.pp b/fixtures/scenario002.pp index 6a5eab503..dc4ca16c2 100644 --- a/fixtures/scenario002.pp +++ b/fixtures/scenario002.pp @@ -53,7 +53,8 @@ class { 'openstack_integration::keystone': token_expiration => '2400', } class { 'openstack_integration::glance': - backend => 'swift', + backend => 'swift', + image_encryption => true, } include openstack_integration::neutron include openstack_integration::swift @@ -87,6 +88,7 @@ class { 'openstack_integration::gnocchi': class { 'openstack_integration::tempest': aodh => true, + barbican => true, ceilometer => true, cinder => true, cinder_backup => true, diff --git a/manifests/glance.pp b/manifests/glance.pp index 311c8be55..77e6cc821 100644 --- a/manifests/glance.pp +++ b/manifests/glance.pp @@ -5,8 +5,13 @@ # Can be 'file', 'swift', 'rbd' or 'cinder'. # Defaults to 'file'. # +# [*image_encryption*] +# (optional) Boolean to configure or not image encryption +# Defaults to false. +# class openstack_integration::glance ( - $backend = 'file', + $backend = 'file', + $image_encryption = false, ) { include openstack_integration::config @@ -122,4 +127,13 @@ class openstack_integration::glance ( rabbit_use_ssl => $::openstack_integration::config::ssl, } + if $image_encryption { + class { 'glance::key_manager': + backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager' + } + class { 'glance::key_manager::barbican': + barbican_endpoint => "${::openstack_integration::config::base_url}:9311", + auth_endpoint => "${::openstack_integration::config::keystone_auth_uri}/v3" + } + } } diff --git a/manifests/tempest.pp b/manifests/tempest.pp index d11015859..22e8bb616 100644 --- a/manifests/tempest.pp +++ b/manifests/tempest.pp @@ -4,6 +4,10 @@ # (optional) Define if Aodh needs to be tested. # Default to false. # +# [*barbican*] +# (optional) Define if Barbican needs to be tested. +# Default to false. +# # [*bgpvpn*] # (optional) Define if BGPVPN needs to be tested. # Default to false. @@ -137,6 +141,7 @@ # class openstack_integration::tempest ( $aodh = false, + $barbican = false, $bgpvpn = false, $ceilometer = false, $cinder = false, @@ -291,6 +296,7 @@ class openstack_integration::tempest ( neutron_bgpvpn_available => $bgpvpn, neutron_l2gw_available => $l2gw, neutron_dr_available => $dr, + barbican_available => $barbican, ceilometer_available => $ceilometer, aodh_available => $aodh, trove_available => $trove, diff --git a/run_tests.sh b/run_tests.sh index f1f48deca..3af559b4a 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -319,6 +319,10 @@ echo "test_create_show_list_update_delete_l2gateway" >> /tmp/openstack/tempest/t # noop drivers. echo "octavia_tempest_plugin.tests.scenario.*standalone_CRUD" >> /tmp/openstack/tempest/test-include-list.txt +# Barbican +echo 'barbican_tempest_plugin.tests.scenario.test_volume_encryption.VolumeEncryptionTest' >> /tmp/openstack/tempest/test-include-list.txt +echo 'barbican_tempest_plugin.tests.scenario.test_image_signing.ImageSigningTest.test_signed_image_upload_and_boot' >> /tmp/openstack/tempest/test-include-list.txt + if uses_debs; then echo "mistral_tempest_tests.tests.api.v2.test_executions.ExecutionTestsV2.test_get_list_executions" > /tmp/openstack/tempest/test-exclude-list.txt echo "telemetry_tempest_plugin.scenario.test_telemetry_integration.TestTelemetryIntegration" >> /tmp/openstack/tempest/test-exclude-list.txt