Merge "Add polkit rule to allow kolla nova user access to libvirtd socket on docker host"

author: Jenkins <jenkins@review.openstack.org> 2017-06-08 09:49:49 +0000
committer: Gerrit Code Review <review@openstack.org> 2017-06-08 09:49:49 +0000
commit: 5b8fd71be2cb5888de43b7ce61ce3ed5538db898 (patch)
tree: ffa0fa92df4ff3621d09adf4f8ff2ef04d05891a /spec
parent: 782ffcba1e5657370df8e88b71cfa7dfa48c445a (diff)
parent: 016cef3ea729e1e3aed948ff3d07d650a5d92884 (diff)
1 files changed, 79 insertions, 0 deletions
diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb
index 0b988f6..bb21055 100644
--- a/spec/classes/tripleo_profile_base_docker_spec.rb
+++ b/spec/classes/tripleo_profile_base_docker_spec.rb
@@ -124,6 +124,85 @@ describe 'tripleo::profile::base::docker' do
       }
     end
 
+    context 'with step 4 and configure_libvirt_polkit disabled' do
+      let(:params) { {
+          :step                    => 4,
+          :configure_libvirt_polkit => false
+      } }
+      it {
+        is_expected.to_not contain_group('docker_nova_group')
+        is_expected.to_not contain_user('docker_nova_user')
+        is_expected.to_not contain_package('polkit')
+        is_expected.to_not contain_file('/etc/polkit-1/rules.d/50-nova.rules')
+      }
+    end
+
+    context 'with step 4 and configure_libvirt_polkit enabled' do
+      let(:params) { {
+          :step                    => 4,
+          :configure_libvirt_polkit => true
+      } }
+      it {
+        is_expected.to contain_group('docker_nova_group').with(
+          :name => 'docker_nova',
+          :gid  => 42436
+        )
+        is_expected.to contain_user('docker_nova_user').with(
+          :name => 'docker_nova',
+          :uid  => 42436,
+          :gid  => 42436,
+          :shell => '/sbin/nologin',
+          :groups => ['nobody']
+        )
+        is_expected.to contain_package('polkit')
+        is_expected.to contain_file('/etc/polkit-1/rules.d/50-nova.rules')
+      }
+    end
+
+    context 'with step 4 and nova_compute service installed' do
+      let(:params) { {
+          :step          => 4,
+          :services_enabled => ['docker', 'nova_compute']
+      } }
+      it {
+        is_expected.to contain_group('docker_nova_group').with(
+          :name => 'docker_nova',
+          :gid  => 42436
+        )
+        is_expected.to contain_user('docker_nova_user').with(
+          :name => 'docker_nova',
+          :uid  => 42436,
+          :gid  => 42436,
+          :shell => '/sbin/nologin',
+          :groups => ['nobody']
+        )
+        is_expected.to contain_package('polkit')
+        is_expected.to contain_file('/etc/polkit-1/rules.d/50-nova.rules')
+      }
+    end
+
+    context 'with step 4 and configure_libvirt_polkit enabled and docker_nova uid' do
+      let(:params) { {
+          :step                    => 4,
+          :configure_libvirt_polkit => true,
+          :docker_nova_uid         => 12345
+      } }
+      it {
+        is_expected.to contain_group('docker_nova_group').with(
+          :name => 'docker_nova',
+          :gid  => 12345
+        )
+        is_expected.to contain_user('docker_nova_user').with(
+          :name => 'docker_nova',
+          :uid  => 12345,
+          :gid  => 12345,
+          :shell => '/sbin/nologin',
+          :groups => ['nobody']
+        )
+        is_expected.to contain_package('polkit')
+        is_expected.to contain_file('/etc/polkit-1/rules.d/50-nova.rules')
+      }
+    end
   end
 
   on_supported_os.each do |os, facts|
author	Jenkins <jenkins@review.openstack.org>	2017-06-08 09:49:49 +0000
committer	Gerrit Code Review <review@openstack.org>	2017-06-08 09:49:49 +0000
commit	5b8fd71be2cb5888de43b7ce61ce3ed5538db898 (patch)
tree	ffa0fa92df4ff3621d09adf4f8ff2ef04d05891a /spec
parent	782ffcba1e5657370df8e88b71cfa7dfa48c445a (diff)
parent	016cef3ea729e1e3aed948ff3d07d650a5d92884 (diff)