d3fddec498
This commit lays down a basic structure for protection tests. These are useful for testing various secure RBAC personas, but leveraging all the dynamic credential work in tempest's authentication libraries to provision clients for testing. We're also adding a non-voting protection test job so that we can integrate protection testing into the cinder gate as we work through policy changes. This commit also adds some basic tests exercising the capabilities admin-only API. These tests ensure that only operators (e.g., system-administrators) or formally known as project-administrators, can access the capabilities API. Assertions and functionality in these tests may expand in the future to accomodate system-scope when cinder can properly consume system-scoped tokens from keystone. For now, the tests assume project-administrators are deployment operators, which is the legacy way of denoting "admin-ness" in OpenStack deployments. Depends-On: https://review.opendev.org/c/openstack/tempest/+/778753 Change-Id: I6d4ae6d516f4c2dda4dcb6b974857b34f2ef2254 |
||
---|---|---|
.. | ||
v3 | ||
__init__.py |