From a050129384ac4803d1c56001a3140fc547fe134b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Douglas=20Mendiz=C3=A1bal?= <dmendiza@redhat.com>
Date: Fri, 22 Mar 2024 12:41:30 -0400
Subject: [PATCH] Run Secure RBAC tests as project-admin

This patch updates the devstack plugin so that tempest.conf is not
configured to use system-admin.  Currently tempest uses an all-in
approach to configuring admin clients, and forcing system scope in
tempest when SRBAC is turned on results in test failures for services
that don't understand system scope.

With this patch, keystone test will be run with a project-scoped admin,
which should be fine since policies have been previously updated to
accept project-admin tokens as legacy admin for Phase 1. [1]

[1] https://opendev.org/openstack/keystone/commit/f2f1a5c38847ddc5aa28eec9722885d9c64c6e7b

Change-Id: I39d50b8e6e55b0835670d753c3783f32b19b6c47
---
 devstack/lib/scope.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/devstack/lib/scope.sh b/devstack/lib/scope.sh
index 255ed695e1..4f1f5bc82a 100644
--- a/devstack/lib/scope.sh
+++ b/devstack/lib/scope.sh
@@ -21,6 +21,4 @@ function configure_enforce_scope {
 
 function configure_protection_tests {
     iniset $TEMPEST_CONFIG identity-feature-enabled enforce_scope true
-    iniset $TEMPEST_CONFIG auth admin_system true
-    iniset $TEMPEST_CONFIG auth admin_project_name ''
 }