Add molecule tests

This adds extra hosts in the deregister scenario and verifies
that those extra hosts and services are not deleted from IPA.

Change-Id: I90d73d3995d478e58bcf79e56a0987cf1a119a51

tripleo_ipa/molecule/deregister/converge.yml

@@ -86,7 +86,7 @@
             IPA_HOST: "{{ ipa_server_hostname }}"
             IPA_PASS: "{{ ipa_server_password }}"
 
-- name: Converge - add host and relevant services
+- name: Converge - add host and relevant services for test-1 host
   hosts: all
   vars:
     tripleo_ipa_enroll_base_server: true
@@ -133,14 +133,110 @@
         "compact_service_redis": [
           "internalapi"
         ],
-        "managed_service_haproxyctlplane": "haproxy/test-1.ctlplane.example.test",
-        "managed_service_haproxyexternal": "haproxy/test-1.example.test",
-        "managed_service_haproxyinternal_api": "haproxy/test-1.internalapi.example.test",
-        "managed_service_haproxystorage": "haproxy/test-1.storage.example.test",
-        "managed_service_haproxystorage_mgmt": "haproxy/test-1.storagemgmt.example.test",
-        "managed_service_mysqlinternal_api": "mysql/test-1.internalapi.example.test",
-        "managed_service_ovn_dbsinternal_api": "ovn_dbs/test-1.internalapi.example.test",
-        "managed_service_redisinternal_api": "redis/test-1.internalapi.example.test"
+        "managed_service_haproxyctlplane": "haproxy/overcloud.ctlplane.example.test",
+        "managed_service_haproxyexternal": "haproxy/overcloud.example.test",
+        "managed_service_haproxyinternal_api": "haproxy/overcloud.internalapi.example.test",
+        "managed_service_haproxystorage": "haproxy/overcloud.storage.example.test",
+        "managed_service_haproxystorage_mgmt": "haproxy/overcloud.storagemgmt.example.test",
+        "managed_service_mysqlinternal_api": "mysql/overcloud.internalapi.example.test",
+        "managed_service_ovn_dbsinternal_api": "ovn_dbs/overcloud.internalapi.example.test",
+        "managed_service_redisinternal_api": "redis/overcloud.internalapi.example.test"
+      }
+  roles:
+    - name: tripleo_ipa_registration
+  environment:
+    IPA_USER: admin
+    IPA_HOST: ipa.example.test
+    IPA_PASS: password123
+
+- name: Converge - add host and relevant services for test-2 host
+  hosts: all
+  vars:
+    tripleo_ipa_enroll_base_server: true
+    tripleo_ipa_base_server_fqdn: test-2.example.test
+    tripleo_ipa_base_server_short_name: test-2
+    tripleo_ipa_base_server_domain: example.test
+    tripleo_ipa_delegate_server: localhost
+    tripleo_ipa_server_metadata: |
+      {
+        "compact_service_HTTP": [
+          "ctlplane",
+          "storage",
+          "storagemgmt",
+          "internalapi",
+          "external"
+        ],
+        "compact_service_haproxy": [
+          "ctlplane",
+          "storage",
+          "storagemgmt",
+          "internalapi"
+        ],
+        "compact_service_libvirt-vnc": [
+          "internalapi"
+        ],
+        "compact_service_mysql": [
+          "internalapi"
+        ],
+        "compact_service_neutron_ovn": [
+          "internalapi"
+        ],
+        "compact_service_novnc-proxy": [
+          "internalapi"
+        ],
+        "compact_service_ovn_controller": [
+          "internalapi"
+        ],
+        "compact_service_ovn_dbs": [
+          "internalapi"
+        ],
+        "compact_service_rabbitmq": [
+          "internalapi"
+        ],
+        "compact_service_redis": [
+          "internalapi"
+        ],
+        "managed_service_haproxyctlplane": "haproxy/overcloud.ctlplane.example.test",
+        "managed_service_haproxyexternal": "haproxy/overcloud.example.test",
+        "managed_service_haproxyinternal_api": "haproxy/overcloud.internalapi.example.test",
+        "managed_service_haproxystorage": "haproxy/overcloud.storage.example.test",
+        "managed_service_haproxystorage_mgmt": "haproxy/overcloud.storagemgmt.example.test",
+        "managed_service_mysqlinternal_api": "mysql/overcloud.internalapi.example.test",
+        "managed_service_ovn_dbsinternal_api": "ovn_dbs/overcloud.internalapi.example.test",
+        "managed_service_redisinternal_api": "redis/overcloud.internalapi.example.test"
+      }
+  roles:
+    - name: tripleo_ipa_registration
+  environment:
+    IPA_USER: admin
+    IPA_HOST: ipa.example.test
+    IPA_PASS: password123
+
+- name: Converge - add host and relevant services for test-3 host
+  hosts: all
+  vars:
+    tripleo_ipa_enroll_base_server: true
+    tripleo_ipa_base_server_fqdn: test-3.example.test
+    tripleo_ipa_base_server_short_name: test-3
+    tripleo_ipa_base_server_domain: example.test
+    tripleo_ipa_delegate_server: localhost
+    tripleo_ipa_server_metadata: |
+      {
+        "compact_service_libvirt": [
+          "internalapi"
+        ],
+        "compact_service_libvirt-vnc": [
+          "internalapi"
+        ],
+        "compact_service_ovn_controller": [
+          "internalapi"
+        ],
+        "compact_service_ovn_metadata": [
+          "internalapi"
+        ],
+        "compact_service_qemu": [
+          "internalapi"
+        ]
       }
   roles:
     - name: tripleo_ipa_registration

tripleo_ipa/molecule/deregister/tests/test_default.py

@@ -23,71 +23,16 @@ def teardown_module(module):
         ).check_output('kdestroy')
 
 
-@pytest.mark.parametrize('perm', [
-    {'name': 'Modify host password', 'right': "write",
-     'type': "host", 'attrs': "userpassword"},
-    {'name': 'Write host certificate', 'right': "write",
-     'type': "host", 'attrs': "usercertificate"},
-    {'name': 'Modify host userclass', 'right': "write",
-     'type': "host", 'attrs': "userclass"},
-    {'name': 'Modify service managedBy attribute', 'right': "write",
-     'type': "service", 'attrs': "managedby"},
+@pytest.mark.parametrize('name', [
+    'overcloud.example.test',
+    'overcloud.ctlplane.example.test',
+    'overcloud.internalapi.example.test',
+    'overcloud.storage.example.test',
+    'overcloud.storagemgmt.example.test',
 ])
-def test_permissions(host, perm):
-    result = host.check_output('ipa permission-find "{name}"'.format(**perm))
-    assert '1 permission matched' in result
-    assert 'Granted rights: {right}'.format(**perm) in result
-    assert 'Type: {type}'.format(**perm) in result
-    assert 'Effective attributes: {attrs}'.format(**perm) in result
-
-
-@pytest.mark.parametrize('pri', [
-    'Nova Host Management',
-])
-def test_privilages(host, pri):
-    result = host.check_output('ipa privilege-find "{}"'.format(pri))
-    assert '1 privilege matched' in result
-    assert 'Privilege name: {}'.format(pri) in result
-    assert 'Description: {}'.format(pri) in result
-
-
-def test_privilege_permissions(host):
-    pri = 'Nova Host Management'
-    perms = [
-    'System: add hosts',
-    'System: remove hosts',
-    'Modify host password',
-    'Modify host userclass',
-    'System: Modify hosts',
-    'Modify service managedBy attribute',
-    'System: Add krbPrincipalName to a Host',
-    'System: Add Services',
-    'System: Remove Services',
-    'Revoke certificate',
-    'System: manage host keytab',
-    'System: Manage host certificates',
-    'System: modify services',
-    'System: manage service keytab',
-    'System: read dns entries',
-    'System: remove dns entries',
-    'System: add dns entries',
-    'System: update dns entries',
-    'Retrieve Certificates from the CA',
-    ]
-    result = host.check_output('ipa privilege-show "{}"'.format(pri))
-    assert 'Privilege name: {}'.format(pri) in result
-    for perm in perms:
-        assert perm.lower() in result.lower()
-
-
-def test_role(host):
-    role = 'Nova Host Manager'
-    pri = 'Nova Host Management'
-    result = host.check_output('ipa role-show "{}"'.format(role))
-    assert 'Role name: {}'.format(role) in result
-    assert 'Description: {}'.format(role) in result
-    assert 'Privileges: {}'.format(pri) in result
-    assert 'nova/test-0.example.test@EXAMPLE.TEST' in result
+def test_hosts_created(host, name):
+    result = host.check_output('ipa host-find {}'.format(name))
+    assert '1 host matched' in result
 
 
 @pytest.mark.parametrize('name', [
@@ -98,7 +43,7 @@ def test_role(host):
     'test-1.storage.example.test',
     'test-1.storagemgmt.example.test',
 ])
-def test_hosts(host, name):
+def test_hosts_deleted(host, name):
     host.run_expect([1], 'ipa host-find {}'.format(name))
 
 
@@ -121,8 +66,60 @@ def test_hosts(host, name):
     ('rabbitmq', 'internalapi'),
     ('redis', 'internalapi'),
 ])
-def test_services(host, service, subhost):
+def test_services1(host, service, subhost):
     host.run_expect(
         [2],
         'ipa service-show {}/test-1.{}.example.test@EXAMPLE.TEST'.format(
             service, subhost))
+
+
+@pytest.mark.parametrize('service, subhost', [
+    ('HTTP', 'ctlplane'),
+    ('HTTP', 'external'),
+    ('HTTP', 'internalapi'),
+    ('HTTP', 'storage'),
+    ('HTTP', 'storagemgmt'),
+    ('haproxy', 'ctlplane'),
+    ('haproxy', 'internalapi'),
+    ('haproxy', 'storage'),
+    ('haproxy', 'storagemgmt'),
+    ('libvirt-vnc', 'internalapi'),
+    ('mysql', 'internalapi'),
+    ('neutron_ovn', 'internalapi'),
+    ('novnc-proxy', 'internalapi'),
+    ('ovn_controller', 'internalapi'),
+    ('ovn_dbs', 'internalapi'),
+    ('rabbitmq', 'internalapi'),
+    ('redis', 'internalapi'),
+])
+def test_services2(host, service, subhost):
+    result = host.check_output(
+        'ipa service-show {}/test-2.{}.example.test@EXAMPLE.TEST'.format(
+            service, subhost))
+    assert 'Principal name: {}/test-2.{}.example.test@EXAMPLE.TEST'.format(
+        service, subhost) in result
+    assert 'Principal alias: {}/test-2.{}.example.test@EXAMPLE.TEST'.format(
+        service, subhost) in result
+    'Roles: Nova Host Manager' in result
+    assert 'Managed by: test-2.{}.example.test, test-2.example.test'.format(
+        subhost) in result
+
+
+@pytest.mark.parametrize('service, subhost', [
+    ('libvirt', 'internalapi'),
+    ('libvirt-vnc', 'internalapi'),
+    ('ovn_controller', 'internalapi'),
+    ('ovn_metadata', 'internalapi'),
+    ('qemu', 'internalapi'),
+])
+def test_services3(host, service, subhost):
+    result = host.check_output(
+        'ipa service-show {}/test-3.{}.example.test@EXAMPLE.TEST'.format(
+            service, subhost))
+    assert 'Principal name: {}/test-3.{}.example.test@EXAMPLE.TEST'.format(
+        service, subhost) in result
+    assert 'Principal alias: {}/test-3.{}.example.test@EXAMPLE.TEST'.format(
+        service, subhost) in result
+    'Roles: Nova Host Manager' in result
+    assert 'Managed by: test-3.{}.example.test, test-3.example.test'.format(
+        subhost) in result