qa/suites/rgw/tempest: bump up keystone to 17.0.0

* also generate a sample conf file following the document at
  https://github.com/openstack/keystone/tree/17.0.0.0rc2/etc
* use "projects" instead of "tenants" to match the terminology used by
  openstack identify API 3.0.
* test API 3.0 instead of API 2.0, by changing
  `rgw_keystone_api_version` from "2" to "3"
* explicitly specify a domain "default" for project to be created,
  otherwise a POST request will fail with:
```
{"error":{"code":400,"message":"You have tried to create a resource using the admin token. As this token is not within a domain you must explicitly include a domain for this resource to belong
to.","title":"Bad Request"}}
````
* create "default" domain, and use it, othewise a GET request fails
  like:
```
2020-05-28T11:17:28.751 INFO:teuthology.orchestra.run.smithi092.stderr:http://smithi092.front.sepia.ceph.com:35357 "GET /v3/domains/default HTTP/1.1" 404 87
2020-05-28T11:17:28.752 INFO:teuthology.orchestra.run.smithi092.stderr:RESP: [404] Content-Length: 87 Content-Type: application/json Date: Thu, 28 May 2020 11:17:28 GMT Server: WSGIServer/0.2
CPython/3.6.9 Vary: X-Auth-Token x-openstack-request-id: req-bc33796f-2bc3-411c-a7fb-1208918e0dbd
2020-05-28T11:17:28.752 INFO:teuthology.orchestra.run.smithi092.stderr:RESP BODY: {"error":{"code":404,"message":"Could not find domain: default.","title":"Not Found"}}
```
* add user to "default" domain when creating it.
* use "type" as the positional argument, per
  https://docs.openstack.org/keystone/pike/admin/cli-keystone-manage-services.html
  otherwise we will have failures like:
```
2020-05-28T13:38:24.867 INFO:teuthology.orchestra.run.smithi198.stderr:openstack service create: error: unrecognized arguments: --type keystone
```
* update `create_endpoint()` to use the V3 API,
  see
  https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/endpoint.html

Fixes: https://tracker.ceph.com/issues/45692
Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 9bd3e0ff4027cfbef0c62931b669f20c989e8bb2)

diff --git a/qa/suites/rgw/crypt/2-kms/barbican.yaml b/qa/suites/rgw/crypt/2-kms/barbican.yaml
index a84a1627bfb91f3adafa6526324708a380100f41..0e0cda6204f78e701d416b61265009bbdb9265ea 100644 (file)
--- a/qa/suites/rgw/crypt/2-kms/barbican.yaml
+++ b/qa/suites/rgw/crypt/2-kms/barbican.yaml
@@ -15,30 +15,41 @@ tasks:
 - tox: [ client.0 ]
 - keystone:
     client.0:
-      sha1: 12.0.0.0b2
+      sha1: 17.0.0.0rc2
       force-branch: master
-      tenants:
+      domains:
+        - name: default
+          description: Default Domain
+      projects:
         - name: admin
           description:  Admin Tenant
+          domain: default
         - name: rgwcrypt
           description: Encryption Tenant
+          domain: default
         - name: barbican
           description: Barbican
+          domain: default
         - name: s3
           description: S3 project
+          domain: default
       users:
         - name: admin
           password: ADMIN
           project: admin
+          domain: default
         - name: rgwcrypt-user
           password: rgwcrypt-pass
           project: rgwcrypt
+          domain: default
         - name: barbican-user
           password: barbican-pass
           project: barbican
+          domain: default
         - name: s3-user
           password: s3-pass
           project: s3
+          domain: default
       roles: [ name: admin, name: Member, name: creator ]
       role-mappings:
         - name: admin

diff --git a/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml b/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml
index ad2de4858b561d994c2e0d8489eaf9d382bfb3f1..3f94dce94aa31da932dda4ccaf12fc501f79d046 100644 (file)
--- a/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml
+++ b/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml
@@ -8,15 +8,20 @@ tasks:
 - tox: [ client.0 ]
 - keystone:
     client.0:
-      sha1: 12.0.0.0b2
+      sha1: 17.0.0.0rc2
       force-branch: master
-      tenants:
+      domains:
+        - name: default
+          description: Default Domain
+      projects:
         - name: admin
           description:  Admin Tenant
+          domain: default
       users:
         - name: admin
           password: ADMIN
           project: admin
+          domain: default
       roles: [ name: admin, name: Member ]
       role-mappings:
         - name: admin
@@ -46,7 +51,9 @@ tasks:
       identity:
         uri: http://{keystone_public_host}:{keystone_public_port}/v2.0/
         uri_v3: http://{keystone_public_host}:{keystone_public_port}/v3/
+        auth_version: v3
         admin_role: admin
+        default_domain_name: default
       object-storage:
         reseller_admin_role: admin
       object-storage-feature-enabled:
@@ -69,6 +76,7 @@ overrides:
         osd_min_pg_log_entries: 10
         osd_max_pg_log_entries: 10
       client:
+        rgw keystone api version: 3
         rgw keystone admin token: ADMIN
         rgw keystone accepted roles: admin,Member
         rgw keystone implicit tenants: true

diff --git a/qa/tasks/barbican.py b/qa/tasks/barbican.py
index 51a9af1f9ebb3f31e38ce23fbf638aabc6761902..a4f619d339483f653ff38b9317701c9f39573d4b 100644 (file)
--- a/qa/tasks/barbican.py
+++ b/qa/tasks/barbican.py
@@ -393,9 +393,12 @@ def task(ctx, config):
       - tox: [ client.0 ]
       - keystone:
           client.0:
-            sha1: 12.0.0.0b2
+            sha1: 17.0.0.0rc2
             force-branch: master
-            tenants:
+            domains:
+              - name: default
+                description: Default Domain
+            projects:
               - name: admin
                 description:  Admin Tenant
               - name: rgwcrypt

diff --git a/qa/tasks/keystone.py b/qa/tasks/keystone.py
index 88abd7b978013d09e29e3dfe01425977a304b0c6..5690082eef2a30a7d6f49991bb429fa5ffba0d80 100644 (file)
--- a/qa/tasks/keystone.py
+++ b/qa/tasks/keystone.py
@@ -152,6 +152,13 @@ def configure_instance(ctx, config):
     keyrepo_dir = '{kdir}/etc/fernet-keys'.format(kdir=get_keystone_dir(ctx))
     for (client, _) in config.items():
         # prepare the config file
+        run_in_keystone_dir(ctx, client,
+            [
+                'source',
+                f'{get_toxvenv_dir(ctx)}/bin/activate',
+                run.Raw('&&'),
+                'tox', '-e', 'genconfig'
+            ])
         run_in_keystone_dir(ctx, client,
             [
                 'cp', '-f',
@@ -284,8 +291,8 @@ def run_section_cmds(ctx, cclient, section_cmd, special,
 
     auth_section = [
         ( 'os-token', 'ADMIN' ),
-        ( 'os-identity-api-version', '2.0' ),
-        ( 'os-url', 'http://{host}:{port}/v2.0'.format(host=admin_host,
+        ( 'os-identity-api-version', '3' ),
+        ( 'os-url', 'http://{host}:{port}/v3'.format(host=admin_host,
                                                        port=admin_port) ),
     ]
 
@@ -296,16 +303,16 @@ def run_section_cmds(ctx, cclient, section_cmd, special,
             [ '--debug' ])
 
 def create_endpoint(ctx, cclient, service, url, adminurl=None):
-    endpoint_section = {
-        'service': service,
-        'publicurl': url,
-    }
+    endpoint_sections = [
+        {'service': service, 'interface': 'public', 'url': url},
+    ]
     if adminurl:
-        endpoint_section.update( {
-            'adminurl': adminurl,
-            } )
-    return run_section_cmds(ctx, cclient, 'endpoint create', 'service',
-                            [ endpoint_section ])
+        endpoint_sections.append(
+            {'service': service, 'interface': 'admin', 'url': adminurl}
+        )
+    run_section_cmds(ctx, cclient, 'endpoint create',
+                     'service,interface,url',
+                     endpoint_sections)
 
 @contextlib.contextmanager
 def fill_keystone(ctx, config):
@@ -313,22 +320,24 @@ def fill_keystone(ctx, config):
 
     for (cclient, cconfig) in config.items():
         # configure tenants/projects
+        run_section_cmds(ctx, cclient, 'domain create', 'name',
+                         cconfig['domains'])
         run_section_cmds(ctx, cclient, 'project create', 'name',
-                         cconfig['tenants'])
+                         cconfig['projects'])
         run_section_cmds(ctx, cclient, 'user create', 'name',
                          cconfig['users'])
         run_section_cmds(ctx, cclient, 'role create', 'name',
                          cconfig['roles'])
         run_section_cmds(ctx, cclient, 'role add', 'name',
                          cconfig['role-mappings'])
-        run_section_cmds(ctx, cclient, 'service create', 'name',
+        run_section_cmds(ctx, cclient, 'service create', 'type',
                          cconfig['services'])
 
         public_host, public_port = ctx.keystone.public_endpoints[cclient]
-        url = 'http://{host}:{port}/v2.0'.format(host=public_host,
+        url = 'http://{host}:{port}/v3'.format(host=public_host,
                                                  port=public_port)
         admin_host, admin_port = ctx.keystone.admin_endpoints[cclient]
-        admin_url = 'http://{host}:{port}/v2.0'.format(host=admin_host,
+        admin_url = 'http://{host}:{port}/v3'.format(host=admin_host,
                                                        port=admin_port)
         create_endpoint(ctx, cclient, 'keystone', url, admin_url)
         # for the deferred endpoint creation; currently it's used in rgw.py
@@ -368,7 +377,10 @@ def task(ctx, config):
       - keystone:
           client.0:
             force-branch: master
-            tenants:
+            domains:
+              - name: default
+                description: Default Domain
+            projects:
               - name: admin
                 description:  Admin Tenant
             users: