nixpkgs/nixos/tests/keystone.nix

{ system ? builtins.currentSystem }:

with import ../lib/testing.nix { inherit system; };
with pkgs.lib;

let
  keystoneMysqlPassword = "keystoneMysqlPassword";
  keystoneMysqlPasswordFile = "/var/run/keystoneMysqlPassword";
  keystoneAdminPassword = "keystoneAdminPassword";

  createKeystoneDb = pkgs.writeText "create-keystone-db.sql" ''
    create database keystone;
    GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '${keystoneMysqlPassword}';
    GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '${keystoneMysqlPassword}';
  '';
  # The admin keystone account
  adminOpenstackCmd = "OS_TENANT_NAME=admin OS_USERNAME=admin OS_PASSWORD=${keystoneAdminPassword} OS_AUTH_URL=http://localhost:5000/v3 OS_IDENTITY_API_VERSION=3 openstack";
  # The created demo keystone account
  demoOpenstackCmd = "OS_TENANT_NAME=demo OS_USERNAME=demo OS_PASSWORD=demo OS_AUTH_URL=http://localhost:5000/v3 OS_IDENTITY_API_VERSION=3 openstack";

in makeTest {
  meta = with pkgs.stdenv.lib.maintainers; {
    maintainers = [ lewo ];
  };
  machine =
    { config, pkgs, ... }:
    {
      # This is to simulate nixops deployment process.
      # https://nixos.org/nixops/manual/#opt-deployment.keys
      boot.postBootCommands = "echo ${keystoneMysqlPassword} > ${keystoneMysqlPasswordFile}";

      services.mysql.enable = true;
      services.mysql.initialScript = createKeystoneDb;

      virtualisation = {

        openstack.keystone = {
	  enable = true;
	  # Check if we can get the secret from a file
	  database.password = {
	    value = keystoneMysqlPasswordFile;
	    storage = "fromFile";
	  };
	  adminToken = {
	    value = "adminToken";
	    storage = "fromNixStore";
	  };

	  bootstrap.enable = true;
	  # Check if we can get the secret from the store
	  bootstrap.adminPassword = {
	    value = keystoneAdminPassword;
	    storage = "fromNixStore";
	  };
	};

        memorySize = 2096;
        diskSize = 4 * 1024;
	};

      environment.systemPackages = with pkgs.pythonPackages; with pkgs; [
        openstackclient
      ];
    };

  testScript =
    ''
     $machine->waitForUnit("keystone-all.service");

     # Verify that admin ccount is working
     $machine->succeed("${adminOpenstackCmd} token issue");

     # Try to create a new user
     $machine->succeed("${adminOpenstackCmd} project create --domain default --description 'Demo Project' demo");
     $machine->succeed("${adminOpenstackCmd} user create --domain default --password demo demo");
     $machine->succeed("${adminOpenstackCmd} role create user");
     $machine->succeed("${adminOpenstackCmd} role add --project demo --user demo user");

     # Verify this new account is working
     $machine->succeed("${demoOpenstackCmd} token issue");
    '';
}
nixos/keystone: init at liberty version This commit introduces a nixos module for the Openstack Keystone service. It also provides a optional bootstrap step that creates some basic initial resources (tenants, endpoints,...). The provided test starts Keystone by enabling bootstrapping and checks if user creation works well. This commit is based on initial works made by domenkozar. 2016-12-04 22:02:49 +01:00			`{ system ? builtins.currentSystem }:`

			`with import ../lib/testing.nix { inherit system; };`
			`with pkgs.lib;`

			`let`
nixos/keystone: secrets can be read from files A secret can be stored in a file. It is written at runtime in the configuration file. Note it is also possible to write them in the nix store for dev purposes. 2016-12-10 23:14:50 +01:00			`keystoneMysqlPassword = "keystoneMysqlPassword";`
			`keystoneMysqlPasswordFile = "/var/run/keystoneMysqlPassword";`
			`keystoneAdminPassword = "keystoneAdminPassword";`

nixos/keystone: init at liberty version This commit introduces a nixos module for the Openstack Keystone service. It also provides a optional bootstrap step that creates some basic initial resources (tenants, endpoints,...). The provided test starts Keystone by enabling bootstrapping and checks if user creation works well. This commit is based on initial works made by domenkozar. 2016-12-04 22:02:49 +01:00			`createKeystoneDb = pkgs.writeText "create-keystone-db.sql" ''`
			`create database keystone;`
nixos/keystone: secrets can be read from files A secret can be stored in a file. It is written at runtime in the configuration file. Note it is also possible to write them in the nix store for dev purposes. 2016-12-10 23:14:50 +01:00			`GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '${keystoneMysqlPassword}';`
			`GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '${keystoneMysqlPassword}';`
nixos/keystone: init at liberty version This commit introduces a nixos module for the Openstack Keystone service. It also provides a optional bootstrap step that creates some basic initial resources (tenants, endpoints,...). The provided test starts Keystone by enabling bootstrapping and checks if user creation works well. This commit is based on initial works made by domenkozar. 2016-12-04 22:02:49 +01:00			`'';`
			`# The admin keystone account`
nixos/keystone: secrets can be read from files A secret can be stored in a file. It is written at runtime in the configuration file. Note it is also possible to write them in the nix store for dev purposes. 2016-12-10 23:14:50 +01:00			`adminOpenstackCmd = "OS_TENANT_NAME=admin OS_USERNAME=admin OS_PASSWORD=${keystoneAdminPassword} OS_AUTH_URL=http://localhost:5000/v3 OS_IDENTITY_API_VERSION=3 openstack";`
nixos/keystone: init at liberty version This commit introduces a nixos module for the Openstack Keystone service. It also provides a optional bootstrap step that creates some basic initial resources (tenants, endpoints,...). The provided test starts Keystone by enabling bootstrapping and checks if user creation works well. This commit is based on initial works made by domenkozar. 2016-12-04 22:02:49 +01:00			`# The created demo keystone account`
			`demoOpenstackCmd = "OS_TENANT_NAME=demo OS_USERNAME=demo OS_PASSWORD=demo OS_AUTH_URL=http://localhost:5000/v3 OS_IDENTITY_API_VERSION=3 openstack";`

			`in makeTest {`
nixos/keystone: add test in release.nix 2016-12-15 13:24:03 +01:00			`meta = with pkgs.stdenv.lib.maintainers; {`
			`maintainers = [ lewo ];`
			`};`
nixos/keystone: init at liberty version This commit introduces a nixos module for the Openstack Keystone service. It also provides a optional bootstrap step that creates some basic initial resources (tenants, endpoints,...). The provided test starts Keystone by enabling bootstrapping and checks if user creation works well. This commit is based on initial works made by domenkozar. 2016-12-04 22:02:49 +01:00			`machine =`
			`{ config, pkgs, ... }:`
			`{`
nixos/keystone: secrets can be read from files A secret can be stored in a file. It is written at runtime in the configuration file. Note it is also possible to write them in the nix store for dev purposes. 2016-12-10 23:14:50 +01:00			`# This is to simulate nixops deployment process.`
			`# https://nixos.org/nixops/manual/#opt-deployment.keys`
			`boot.postBootCommands = "echo ${keystoneMysqlPassword} > ${keystoneMysqlPasswordFile}";`

nixos/keystone: init at liberty version This commit introduces a nixos module for the Openstack Keystone service. It also provides a optional bootstrap step that creates some basic initial resources (tenants, endpoints,...). The provided test starts Keystone by enabling bootstrapping and checks if user creation works well. This commit is based on initial works made by domenkozar. 2016-12-04 22:02:49 +01:00			`services.mysql.enable = true;`
			`services.mysql.initialScript = createKeystoneDb;`

			`virtualisation = {`
nixos/keystone: secrets can be read from files A secret can be stored in a file. It is written at runtime in the configuration file. Note it is also possible to write them in the nix store for dev purposes. 2016-12-10 23:14:50 +01:00
			`openstack.keystone = {`
			`enable = true;`
			`# Check if we can get the secret from a file`
			`database.password = {`
			`value = keystoneMysqlPasswordFile;`
			`storage = "fromFile";`
			`};`
			`adminToken = {`
			`value = "adminToken";`
			`storage = "fromNixStore";`
			`};`

			`bootstrap.enable = true;`
			`# Check if we can get the secret from the store`
			`bootstrap.adminPassword = {`
			`value = keystoneAdminPassword;`
			`storage = "fromNixStore";`
			`};`
			`};`
nixos/keystone: init at liberty version This commit introduces a nixos module for the Openstack Keystone service. It also provides a optional bootstrap step that creates some basic initial resources (tenants, endpoints,...). The provided test starts Keystone by enabling bootstrapping and checks if user creation works well. This commit is based on initial works made by domenkozar. 2016-12-04 22:02:49 +01:00
			`memorySize = 2096;`
			`diskSize = 4 * 1024;`
			`};`

			`environment.systemPackages = with pkgs.pythonPackages; with pkgs; [`
			`openstackclient`
			`];`
			`};`

			`testScript =`
			`''`
			`$machine->waitForUnit("keystone-all.service");`

			`# Verify that admin ccount is working`
			`$machine->succeed("${adminOpenstackCmd} token issue");`

			`# Try to create a new user`
			`$machine->succeed("${adminOpenstackCmd} project create --domain default --description 'Demo Project' demo");`
			`$machine->succeed("${adminOpenstackCmd} user create --domain default --password demo demo");`
			`$machine->succeed("${adminOpenstackCmd} role create user");`
			`$machine->succeed("${adminOpenstackCmd} role add --project demo --user demo user");`

			`# Verify this new account is working`
			`$machine->succeed("${demoOpenstackCmd} token issue");`
			`'';`
			`}`