openstack/keystone
Code Issues Proposed changes

Run Secure RBAC tests as project-admin

Browse Source 
This patch updates the devstack plugin so that tempest.conf is not
configured to use system-admin.  Currently tempest uses an all-in
approach to configuring admin clients, and forcing system scope in
tempest when SRBAC is turned on results in test failures for services
that don't understand system scope.

With this patch, keystone test will be run with a project-scoped admin,
which should be fine since policies have been previously updated to
accept project-admin tokens as legacy admin for Phase 1. [1]

[1] f2f1a5c388

Change-Id: I39d50b8e6e55b0835670d753c3783f32b19b6c47
This commit is contained in:
Douglas Mendizábal
2024-03-22 12:41:30 -04:00
parent fc10ccbc8c
commit a050129384
1 changed files with 0 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
devstack/lib/scope.sh
View File

@@ -21,6 +21,4 @@ function configure_enforce_scope {
function configure_protection_tests {
iniset $TEMPEST_CONFIG identity-feature-enabled enforce_scope true
iniset $TEMPEST_CONFIG auth admin_system true
iniset $TEMPEST_CONFIG auth admin_project_name ''
}