Merge "Add release note and fix some TODO from system scope support"

This commit is contained in:
Zuul 2021-02-19 03:56:36 +00:00 committed by Gerrit Code Review
commit 34743b278c
4 changed files with 61 additions and 0 deletions

@ -0,0 +1,13 @@
---
prelude: >
Support for RBAC new system scope is added in Tempest.
features:
- |
Keystone provides the new scoped token called ``system`` which
can be used to query the system scoped API operation. Projects
are moving towards the policy with new scope types, Keystone, Nova
already provide the new policy for RBAC checks. Tempest has added
the support to query the system scoped token from keystone to test
the new policy.
As next step, we will be moving all the Tempest tests on the project's
new policy.

@ -59,6 +59,42 @@ class CredentialProvider(object):
def get_alt_creds(self): def get_alt_creds(self):
return return
@abc.abstractmethod
def get_system_admin_creds(self):
return
@abc.abstractmethod
def get_system_member_creds(self):
return
@abc.abstractmethod
def get_system_reader_creds(self):
return
@abc.abstractmethod
def get_domain_admin_creds(self):
return
@abc.abstractmethod
def get_domain_member_creds(self):
return
@abc.abstractmethod
def get_domain_reader_creds(self):
return
@abc.abstractmethod
def get_project_admin_creds(self):
return
@abc.abstractmethod
def get_project_member_creds(self):
return
@abc.abstractmethod
def get_project_reader_creds(self):
return
@abc.abstractmethod @abc.abstractmethod
def clear_creds(self): def clear_creds(self):
return return

@ -405,12 +405,18 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
" credentials: %s", credentials) " credentials: %s", credentials)
return credentials return credentials
# TODO(gmann): Remove this method in favor of get_project_member_creds()
# after the deprecation phase.
def get_primary_creds(self): def get_primary_creds(self):
return self.get_credentials('primary') return self.get_credentials('primary')
# TODO(gmann): Remove this method in favor of get_project_admin_creds()
# after the deprecation phase.
def get_admin_creds(self): def get_admin_creds(self):
return self.get_credentials('admin') return self.get_credentials('admin')
# TODO(gmann): Replace this method with more appropriate name.
# like get_project_alt_member_creds()
def get_alt_creds(self): def get_alt_creds(self):
return self.get_credentials('alt') return self.get_credentials('alt')

@ -308,6 +308,8 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
self.remove_hash(_hash) self.remove_hash(_hash)
LOG.info("%s returned allocated creds:\n%s", self.name, clean_creds) LOG.info("%s returned allocated creds:\n%s", self.name, clean_creds)
# TODO(gmann): Remove this method in favor of get_project_member_creds()
# after the deprecation phase.
def get_primary_creds(self): def get_primary_creds(self):
if self._creds.get('primary'): if self._creds.get('primary'):
return self._creds.get('primary') return self._creds.get('primary')
@ -315,6 +317,8 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
self._creds['primary'] = net_creds self._creds['primary'] = net_creds
return net_creds return net_creds
# TODO(gmann): Replace this method with more appropriate name.
# like get_project_alt_member_creds()
def get_alt_creds(self): def get_alt_creds(self):
if self._creds.get('alt'): if self._creds.get('alt'):
return self._creds.get('alt') return self._creds.get('alt')
@ -408,6 +412,8 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
for creds in self._creds.values(): for creds in self._creds.values():
self.remove_credentials(creds) self.remove_credentials(creds)
# TODO(gmann): Remove this method in favor of get_project_admin_creds()
# after the deprecation phase.
def get_admin_creds(self): def get_admin_creds(self):
return self.get_creds_by_roles([self.admin_role]) return self.get_creds_by_roles([self.admin_role])