43ab59d8b3
Implement acceptance tests. Those jobs will run in the post-review pipeline requiring access to secrets containing credentials of friendly public clouds to test sdk with them. Base job is generating a token from the given credentials and writes clouds.yaml file with the token inside instead of password. As a post step the token is physically revoked. This is done to prevent potential leakage of real credentials from the test jobs/logs. Since devstack is not a real cloud we do not use zuul secrets. Change-Id: I95af9b81e6abd51af2a7dd91cae14b56926a869c
19 lines
525 B
YAML
19 lines
525 B
YAML
- hosts: localhost
|
|
tasks:
|
|
# TODO:
|
|
# - clean the resources, which might have been created
|
|
# - revoke the temp token explicitly
|
|
- name: read token
|
|
command: "cat {{ zuul.executor.work_root }}/.{{ zuul.build }}"
|
|
register: token_data
|
|
no_log: true
|
|
|
|
- name: delete data file
|
|
command: "shred {{ zuul.executor.work_root }}/.{{ zuul.build }}"
|
|
|
|
- include_role:
|
|
name: revoke_token
|
|
vars:
|
|
cloud: "{{ openstack_credentials }}"
|
|
token: "{{ token_data.stdout }}"
|