Add task to allow creation of provided roles

Some tempest tests require that a specific role is available for use. Add a new variable, `tempest_roles`, to allow users to provide a list of roles to create. The existing tasks that create the 'reseller_admin' and 'remote_image' roles have been removed. The correctly named 'ResellerAdmin' role is already created by the os_swift role and the 'remote_image' is no longer required since the glance tests make use of an admin user. Depends-On: I66b7c639494d98fdb3baa52fe56c670e32dea3ce Change-Id: I7987c5a4dbf50e97322a5b348c3cbd817b2672d6
2017-11-08 11:40:07 -08:00 · 2017-11-08 11:40:07 -08:00 · 960422c5b9
parent 06a6106364
commit 960422c5b9
4 changed files with 19 additions and 29 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -208,6 +208,8 @@ tempest_flavors:
    disk: 1
    vcpus: 1

+tempest_roles: []
+
 # This variable is used by the repo_build process to determine
 # which host group to check for members of before building the
 # pip packages required by this role. The value is picked up
--- a/releasenotes/notes/os-tempest-roles-cead45b2cd38811f.yaml
+++ b/releasenotes/notes/os-tempest-roles-cead45b2cd38811f.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - A new variable, ``tempest_roles``, has been added to the
+    os_tempest role allowing users to define keystone roles
+    to be during tempest testing.
--- a/tasks/tempest_resources.yml
+++ b/tasks/tempest_resources.yml
@ -109,6 +109,18 @@
    - demo
    - alt_demo

+- name: Ensure tempest roles
+  os_keystone_role:
+    cloud: default
+    endpoint_type: internal
+    validate_certs: "{{ keystone_service_internaluri_insecure | ternary(false, true) }}"
+    name: "{{ item }}"
+  register: add_service
+  until: add_service|success
+  retries: 5
+  delay: 10
+  with_items: "{{ tempest_roles }}"
+
 - name: Ensure tempest users have heat_stack_owner role
  keystone:
    command: ensure_user_role
@ -129,34 +141,6 @@
    - demo
    - alt_demo

- name: Ensure reseller_admin role
-  keystone:
-    command: ensure_role
-    endpoint: "{{ keystone_service_adminurl }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    role_name: "reseller_admin"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
-  register: add_service
-  until: add_service|success
-  retries: 5
-  delay: 10
-
- name: Ensure remote_image role exists
-  keystone:
-    command: ensure_role
-    role_name: remote_image
-    endpoint: "{{ keystone_service_adminurl }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
-  register: add_service
-  until: add_service|success
-  retries: 5
-  delay: 10
-
 - name: Get demo tenant id
  keystone:
    command: get_tenant
--- a/templates/tempest.conf.j2
+++ b/templates/tempest.conf.j2
@ -9,7 +9,6 @@ log_file = {{ tempest_log_dir}}/tempest.log


 [auth]
-tempest_roles = remote_image
 use_dynamic_credentials = True
 default_credentials_domain_name = Default
 admin_domain_name = Default