diff --git a/ceph-rgw/templates/bin/_helm-tests.sh.tpl b/ceph-rgw/templates/bin/_helm-tests.sh.tpl index ca022872a..9211e4acb 100644 --- a/ceph-rgw/templates/bin/_helm-tests.sh.tpl +++ b/ceph-rgw/templates/bin/_helm-tests.sh.tpl @@ -15,18 +15,110 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} + set -ex -function rgw_replicas_validation() +#NOTE: This function tests keystone based auth. It uses ceph_config_helper +#container image that has openstack and ceph installed +function rgw_keystone_bucket_validation () { - available_rgw_count=$(ceph -s -f json-pretty | jq '.servicemap.services.rgw.daemons | del(.["summary"]) | length') + echo "function: rgw_keystone_bucket_validation" + openstack service list - if [ "x${available_rgw_count}" == "x${CEPH_RGW_REPLICAS}" ]; then - echo "Correct number of RGWs available: ${available_rgw_count}" + echo "--> creating openstack_test_container container" + openstack container create 'openstack_test_container' + + echo "--> rgw bucket list" + radosgw-admin bucket list + + all_buckets_stats=$(radosgw-admin bucket stats --format json) + bucket_stat=$(echo $all_buckets_stats | jq -c '.[] | select(.bucket | contains("openstack_test_container"))') + if [[ -z ${bucket_stat} ]]; then + echo "--> rgw bucket openstack_test_container not found" + exit 1 else - echo "Incorrect number of RGWs. Expected count: ${CEPH_RGW_REPLICAS}, Available count: ${available_rgw_count}" + echo "--> rgw bucket openstack_test_container found" + + echo "--> deleting openstack_test_container container" + openstack container delete openstack_test_container + + echo "--> bucket list after deleting container" + radosgw-admin bucket list + fi +} + +#NOTE: This function tests s3 based auto. It uses ceph_rgw container image which has +# s3cmd util install +function rgw_s3_bucket_validation () +{ + echo "function: rgw_s3_bucket_validation" + + bucket=s3://rgw-test-bucket + create_bucket_output=$(s3cmd mb $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate) + + if [ $? -eq 0 ]; then + echo "Bucket $bucket created" + echo "Hello world!" > /tmp/hello.txt + + s3cmd put /tmp/hello.txt $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate + if [ $? -ne 0 ]; then + echo "Error during s3cmd execution" + exit 1 + else + echo "File uploaded to bucket" + fi + + s3cmd get s3://rgw-test-bucket/hello.txt -> /tmp/output.txt --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate + if [ $? -ne 0 ]; then + echo "Error during s3cmd execution" + exit 1 + else + echo "File downloaded from bucket" + fi + + content=$(cat /tmp/output.txt) + echo $content + if [ "Hello" == "${content}" ]; then + echo "Content matches from downloaded file using s3cmd" + fi + + s3cmd ls $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate + if [ $? -ne 0 ]; then + echo "Error during s3cmd execution" + exit 1 + fi + + s3cmd del s3://rgw-test-bucket/hello.txt --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate + if [ $? -ne 0 ]; then + echo "Error during s3cmd execution" + exit 1 + else + echo "File from bucket is deleted" + fi + + s3cmd del --recursive --force $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate + if [ $? -ne 0 ]; then + echo "Error during s3cmd execution" + exit 1 + else + echo "Bucket is deleted" + fi + + else + echo "Error during s3cmd execution" exit 1 fi } -rgw_replicas_validation +if [ {{ .Values.conf.rgw_ks.enabled }} == true ]; +then + echo "--> Keystone is enabled. Calling function to test keystone based auth " + rgw_keystone_bucket_validation +fi + +if [ {{ .Values.conf.rgw_s3.enabled }} == true ]; +then + echo "--> S3 is enabled. Calling function to test S2 based auth " + rgw_s3_bucket_validation +fi + diff --git a/ceph-rgw/templates/pod-helm-tests.yaml b/ceph-rgw/templates/pod-helm-tests.yaml index 922288475..ccf6dc8c7 100644 --- a/ceph-rgw/templates/pod-helm-tests.yaml +++ b/ceph-rgw/templates/pod-helm-tests.yaml @@ -62,6 +62,7 @@ spec: serviceAccountName: {{ $serviceAccountName }} initContainers: {{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} +{{ if .Values.conf.rgw_ks.enabled }} - name: ceph-keyring-placement {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }} securityContext: @@ -80,14 +81,23 @@ spec: subPath: key readOnly: true containers: - - name: ceph-rgw-validation + - name: ceph-rgw-ks-validation {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }} {{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} env: - - name: CEPH_DEPLOYMENT_NAMESPACE - value: {{ .Values.endpoints.ceph_mon.namespace }} - - name: CEPH_RGW_REPLICAS - value: "{{ .Values.pod.replicas.rgw }}" +{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user_rgw }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} + - name: OS_AUTH_TYPE + valueFrom: + secretKeyRef: + name: {{ $.Values.secrets.identity.user_rgw }} + key: OS_AUTH_TYPE + - name: OS_TENANT_NAME + valueFrom: + secretKeyRef: + name: {{ $.Values.secrets.identity.user_rgw }} + key: OS_TENANT_NAME +{{- end }} command: - /tmp/helm-tests.sh volumeMounts: @@ -120,3 +130,28 @@ spec: name: ceph-rgw-etc defaultMode: 0444 {{- end }} +{{ if .Values.conf.rgw_s3.enabled }} + containers: + - name: ceph-rgw-s3-validation +{{ tuple $envAll "ceph_rgw" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} + env: +{{- with $env := dict "s3AdminSecret" $envAll.Values.secrets.rgw_s3.admin }} +{{- include "helm-toolkit.snippets.rgw_s3_admin_env_vars" $env | indent 8 }} +{{- end }} + - name: RGW_HOST + value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} + command: + - /tmp/helm-tests.sh + volumeMounts: + - name: ceph-rgw-bin + mountPath: /tmp/helm-tests.sh + subPath: helm-tests.sh + readOnly: true + volumes: + - name: ceph-rgw-bin + configMap: + name: ceph-rgw-bin + defaultMode: 0555 +{{- end }} +{{- end }} diff --git a/ceph-rgw/templates/secret-keystone-rgw.yaml b/ceph-rgw/templates/secret-keystone-rgw.yaml index c1d8e0c7a..4ce94407e 100644 --- a/ceph-rgw/templates/secret-keystone-rgw.yaml +++ b/ceph-rgw/templates/secret-keystone-rgw.yaml @@ -18,6 +18,9 @@ limitations under the License. {{- $envAll := . }} {{- range $key1, $userClass := tuple "swift" }} {{- $secretName := index $envAll.Values.secrets.identity "user_rgw" }} +{{- $auth := index $envAll.Values.endpoints.identity.auth $userClass }} +{{ $osAuthType := $auth.os_auth_type }} +{{ $osTenantName := $auth.os_tenant_name }} --- apiVersion: v1 kind: Secret @@ -25,6 +28,8 @@ metadata: name: {{ $secretName }} type: Opaque data: -{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} -{{- end }} +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 }} + OS_AUTH_TYPE: {{ $osAuthType | b64enc }} + OS_TENANT_NAME: {{ $osTenantName | b64enc }} +{{ end }} {{- end }} diff --git a/ceph-rgw/values.yaml b/ceph-rgw/values.yaml index 3e32fb1b5..f39996f2a 100644 --- a/ceph-rgw/values.yaml +++ b/ceph-rgw/values.yaml @@ -396,6 +396,8 @@ endpoints: project_name: admin user_domain_name: default project_domain_name: default + os_auth_type: password + os_tenant_name: admin swift: role: admin region_name: RegionOne @@ -404,6 +406,8 @@ endpoints: project_name: service user_domain_name: service project_domain_name: service + os_auth_type: password + os_tenant_name: admin hosts: default: keystone internal: keystone-api @@ -496,4 +500,4 @@ manifests: secret_keystone: true service_ingress_rgw: true service_rgw: true - helm_tests: false + helm_tests: true