openstack/devstack
Code Issues Proposed changes

Do not configure system-scope admin for keystone

Browse Source 
This patch removes a couple of tempest.conf settings that are being
overwrriten when Keystone is set to enforce scope.

These settings are already being set by the keystone devstack plugin [1]
and do not need to be overwritten here.

Keystone is changing the default admin credentials to be project-admin
instead of system-admin to address some failing tests in services that
require project-scoped admin for their admin APIs. [2]  These overrides
are preventing that change from taking effect.

[1] https://opendev.org/openstack/keystone/src/branch/stable/2024.1/devstack/lib/scope.sh#L24-L25
[2] https://review.opendev.org/c/openstack/keystone/+/913999

Change-Id: I48edbcbaa993f2d1f35160c415986d21a15a4999
This commit is contained in:
Douglas Mendizábal 2024-03-25 12:09:04 -04:00
parent f4f09416ca
commit e1b7cc0ef8
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/tempest
View File

@ -702,8 +702,6 @@ function configure_tempest {
# test can be run with scoped token. # test can be run with scoped token.
if [[ "$KEYSTONE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then if [[ "$KEYSTONE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $TEMPEST_CONFIG enforce_scope keystone true iniset $TEMPEST_CONFIG enforce_scope keystone true
iniset $TEMPEST_CONFIG auth admin_system 'all'
iniset $TEMPEST_CONFIG auth admin_project_name ''
fi fi
if [[ "$NOVA_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then if [[ "$NOVA_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then