controller-token¶
Role Documentation¶
Role Defaults¶
keystone_conf_file: /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf
Role Variables: main.yml¶
metadata:
description: 'This validation checks that keystone admin token is disabled on both
undercloud and overcloud controller after deployment.
'
groups:
- post-deployment
name: Verify that keystone admin token is disabled
Molecule Scenarios¶
Scenario: default¶
Example default configuration¶
driver:
name: docker
lint:
enabled: false
log: true
platforms:
- easy_install:
- pip
environment:
http_proxy: '{{ lookup(''env'', ''http_proxy'') }}'
https_proxy: '{{ lookup(''env'', ''https_proxy'') }}'
hostname: centos7
image: centos:7
name: centos7
pkg_extras: python-setuptools python-enum34
- environment:
http_proxy: '{{ lookup(''env'', ''http_proxy'') }}'
https_proxy: '{{ lookup(''env'', ''https_proxy'') }}'
hostname: fedora28
image: fedora:28
name: fedora28
pkg_extras: python*-setuptools python*-enum
provisioner:
env:
ANSIBLE_LIBRARY: ../../../../library
ANSIBLE_STDOUT_CALLBACK: yaml
log: true
name: ansible
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
lint:
name: flake8
name: testinfra
Example default playbook¶
- gather_facts: false
hosts: all
name: Converge
tasks:
- include_role:
name: controller-token
name: pass validation
- block:
- copy:
content: '[DEFAULT]
admin_token = CHANGEME
'
dest: /keystone.conf
name: provide configuration file
- include_role:
name: controller-token
vars:
keystone_conf_file: /keystone.conf
name: fail validation
rescue:
- meta: clear_host_errors
name: Clear host errors
- debug:
msg: The validation works! End the playbook run
- meta: end_play
name: End play
- fail:
msg: 'Controller-token validation failed finding bad configuration!
'
name: Fail the test
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.