Change-Id: I0601c1055bee5926830146723a7bf4983460fb63

Right now master is used, but it is not compatible with stein.
Tempest is already pinned to an older version, but there is no way
at the moment to globally pin tempest plugins to the last known
working version for a branch (but it will be added soon).

Change-Id: Iec75740e31e1be581ee0e7ef64214358ef6b790d

CentOS Stream 8 (aka CentOS 8 Stream) is the currently
supported runtime platform. [0]

DevStack works with CentOS Stream only now. [1]
This patch prepares the ground to drop the devstack-*-centos-8
nodeset.

[0] https://governance.openstack.org/tc/reference/runtimes/xena.html
[1] https://review.opendev.org/c/openstack/devstack/+/759122

Change-Id: I53231cb6b00a57927b3d19115f64117f7cd755ed

This job tests S3 backup driver with Swift S3 API.

Change-Id: I222c6ee4de01bdaba9ef5e5b5a92889486d6401b

We have stable/wallaby released so we should add
their job on master gate to keep branchless tempest
plugins compatible to stable branch.

Ref: Tempest plugins guide for stable branch testing:
- https://docs.openstack.org/tempest/latest/stable_branch_testing_policy.html

Change-Id: I493f44fdc7b5d4093e19ca19153644c20517941f

This commit lays down a basic structure for protection tests. These are
useful for testing various secure RBAC personas, but leveraging all the
dynamic credential work in tempest's authentication libraries to
provision clients for testing. We're also adding a non-voting protection
test job so that we can integrate protection testing into the cinder
gate as we work through policy changes.

This commit also adds some basic tests exercising the capabilities
admin-only API. These tests ensure that only operators (e.g.,
system-administrators) or formally known as project-administrators, can
access the capabilities API. Assertions and functionality in these tests
may expand in the future to accomodate system-scope when cinder can
properly consume system-scoped tokens from keystone.

For now, the tests assume project-administrators are deployment
operators, which is the legacy way of denoting "admin-ness" in OpenStack
deployments.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/778753

Change-Id: I6d4ae6d516f4c2dda4dcb6b974857b34f2ef2254

This fixes the jobs in stein (and potentially other older branches,
if they are not dropped before porting them to native Zuul v3).

Change-Id: Ie35075fe633376209a72c3fcc507357a7318187c

Those tests were disabled when ceph was upgraded
to a newer release (I51c90e592070b99422e692d5e9e97083d93146e8)
because they were failing.
But it seems they are working now, and it is not not trivial
at this point to understand whether something was fixed
in ceph or in cinder, so let's re-enable them.

Also, add a few additional (initially experimental) jobs
to double-check the ceph/c-bak scenario against
the stable branches.

This reverts commit 9d626d0d
and adds more functionalities.

Change-Id: I033e0dc04f342e27d6266ad412d3cb256787c0e6

Removed duplicated 'VIRT_DRIVER=libvirt' entry, removed deprecated service 'n-net' and added 'c-bak' service

Closes-Bug: #1824918
Change-Id: I6214b0e6f94abbfae795d8bd5ecb8adcdaa79c08
Signed-off-by: Rafael Fayan <rfayan@daitan.com>

Required to allow the default of CINDER_ISCSI_HELPER to change for
Ubuntu based hosts to lioadm without breaking these tgtadm jobs.

Change-Id: Ie9ca822f53abf90052ddfae52852b8b78c910ece

The first real cinderlib supported branch works with train,
so restructure the lvm/barbican jobs to disable cinderlib testing
with any branch older than train.
While those branches are in Extended Maintenance status,
the job may be still used there to remove their old legacy
counterpart to easy the maintenance.

Change-Id: I5fa1b2d0348e86988f616dd7404dedc4eb9c4666

Change I0b6ab9fb943c7b0925a0a0d2490a8bcdfa76cedc removed the 'member'
user from the default roles assigned to dynamic tempest users.
This broke cinder-backup with the default swift backend.

Set the full list of roles, including 'creator' which should be
added by the barbican devstack plugin. Unfortunately the values
here overrides any other setting.

Change-Id: Id6dc96915f5b15827e6e8f58cc8195a0f76e9686

While waiting for tempest scenario manager to stabilize its API,
a copy of it has been imported, so make sure to use it and to not
rely on tempest's one (whose API is changing during the stabilization
process, so it may break anytime).

Just one file needs to change its imports.
At the same time, fix the import order for another file.

Change-Id: I29c4784d59151948778cad57b7db56a368ed821d

Tempest replaced the below rolevar for run-tempest role
- tempest_test_blacklist is replaced by tempest_test_exclude_list
- tempest_black_regex is replaced by tempest_exclude_regex

old name are still supported for compatiblity but we recommend
to switch to new one.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/774835
Change-Id: I37302d238c0cf66b6b0ff696e7a63379d5e22b10

Each test should have one:
https://opendev.org/openstack/tempest/src/tag/26.0.0/HACKING.rst

Change-Id: Icd119d710376c0f5e4c6d2932ca39d55648cc9b7

We don't really have unit tests in the repository and any py3x venv
would not really be useful (the tests are executed through tempest),
but let's remove the old dependency anyway and depend on stestr
like all the other OpenStack projects.

Change-Id: I52d06f1c1e141cb455fb7a823a27be532afb4c16

This patch adds data integrity tests for snapshot with the following
procedure :

1) create a volume from image
2) Boot an instance from the volume
3) create file on vm and write data into it
4) create first snapshot
5) repeat 3
5) create second snapshot
6) repeat 3
7) create third snapshot

Now restore the snapshots one by one into volume, create instances
from it and check the number of files and file content at each
point snapshot was created.

We are also temporarily making a copy of tempest scenario manager until
the actual manager is available for import in tempest plugins.

Change-Id: I5c5ff6f996dd39b52fada82f3938b628e58b0a2c

It doesn't seem to provide any benefit and is also removed from cinder
project.
For detailed reason, please look into the commit message of the cinder
patch[1].

[1] https://opendev.org/openstack/cinder/commit/b0a56ddd252670dadb2c5e3eb0b03bfc7f93623d

Change-Id: I9a7749288706c8b326c1acd0cef6edd5ea91503e

As discussed in I50d3b874b7e0676436c434be6c059f221041560f the tests
introduced by I846b96ef925c34162cf462da91d854ceacabe022 broke
nova-ceph-multistore thanks to the use of
[workarounds]/never_download_image_if_on_rbd in the job and some image
creation in the test that isn't strictly required.

To ensure breakages like this are visable in the future this change adds
the nova-ceph-multistore job as a non-voting job within this repo.

Related-Bug: #1912607
Change-Id: Ifbdaef0b82cc4b1e77e0ecc440e194e5544fe320

An independent image isn't required for these tests and additionally
isn't required when calling create_server as the lack of an image
results in CONF.compute.image_ref being used by
tempest.common.compute.create_test_server [1].

The creation of this image resulted in the nova-ceph-multistore job
breaking as documented in bug #1912607. This broke as we use the job to
provide both our core ceph coverage and slightly more edgey topologies
using Glance multistore and the [workarounds]/ workaround option. This
option blocking the download of rbd images via g-api when n-cpu can't
clone the rbd volumes directly, as caused by the image creation in
test_volume_encrypted.

Iaf6f6e0dbcb25561bf00e969e1964cd30e974e64 is currently skipping any
encryption test in the nova-ceph-multistore job to workaround bug
 #1912607 for the time being but we would obviously like to revert that
if possible and expand our coverage.

A follow up change will also propose adding nova-ceph-multistore to the
gate of this plugin to avoid future breakage.

Related-Bug: #1912607

[1] https://opendev.org/openstack/tempest/src/branch/master/tempest/common/compute.py#L108-L109

Change-Id: I50d3b874b7e0676436c434be6c059f221041560f

Due to an error in the _setup_encryption_keys volume rekey code, a
cloned encrypted volume that has been rekeyed will specify an
encryption key different from the key used to format the volume,
so it cannot be attached.

This test scenario will cover this feature and also the case of
source-vol feature.

Related-Bug: #1904440
Depends-on: https://review.opendev.org/#/c/762884/
Change-Id: I846b96ef925c34162cf462da91d854ceacabe022

So that changes to this plugin (at least, most of them) don't break
victoria.

As stein moved to EM, remove its job according the common guidelines.

Change-Id: If4857a8beaa46b48c0f7d44ff707dd44425b530c

We need to specify doc requirements in doc/requirements.txt
to avoid problems with the pip resolver [1] for the release team [2][3].
Removed specific doc requirements from test-requirements.txt.

The problem here is that this repos haven't doc/requirements.txt file
and by default in this case zuul will use the test-requirements.txt file
to pull requirements [4].

This requirements file contains extra requirements like flake8 that
collided with those allowed in our job environment and so the new pip
resolver fails to install these requirements and the job exits in error.

This project meet the conditions leading to the bug however it doesn't
produce any doc or releasenotes, but uniformization can't hurt and help
us in the future.

/!\/!\/!\
Notice that I voluntarily added the doc directory even if no docs
are generated here because zuul will try to pull this requirements from
there first and the contained requirements are needed for reno but AFAIK
the releasenotes dir is ignored by zuul. c.f [4] for further details.
/!\/!\/!\

[1] http://lists.openstack.org/pipermail/release-job-failures/2021-January/001500.html
[2] http://lists.openstack.org/pipermail/openstack-discuss/2021-January/019611.html
[3] http://lists.openstack.org/pipermail/openstack-discuss/2021-January/019612.html
[4] https://opendev.org/zuul/zuul-jobs/src/branch/master/roles/ensure-sphinx/tasks/main.yaml#L36

Change-Id: I166c9479d94a42114adc94778140a9878a5949c5