Merge "Add release note and fix some TODO from system scope support"
This commit is contained in:
commit
34743b278c
releasenotes/notes
tempest/lib/common
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
prelude: >
|
||||||
|
Support for RBAC new system scope is added in Tempest.
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Keystone provides the new scoped token called ``system`` which
|
||||||
|
can be used to query the system scoped API operation. Projects
|
||||||
|
are moving towards the policy with new scope types, Keystone, Nova
|
||||||
|
already provide the new policy for RBAC checks. Tempest has added
|
||||||
|
the support to query the system scoped token from keystone to test
|
||||||
|
the new policy.
|
||||||
|
As next step, we will be moving all the Tempest tests on the project's
|
||||||
|
new policy.
|
@ -59,6 +59,42 @@ class CredentialProvider(object):
|
|||||||
def get_alt_creds(self):
|
def get_alt_creds(self):
|
||||||
return
|
return
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def get_system_admin_creds(self):
|
||||||
|
return
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def get_system_member_creds(self):
|
||||||
|
return
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def get_system_reader_creds(self):
|
||||||
|
return
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def get_domain_admin_creds(self):
|
||||||
|
return
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def get_domain_member_creds(self):
|
||||||
|
return
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def get_domain_reader_creds(self):
|
||||||
|
return
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def get_project_admin_creds(self):
|
||||||
|
return
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def get_project_member_creds(self):
|
||||||
|
return
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def get_project_reader_creds(self):
|
||||||
|
return
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def clear_creds(self):
|
def clear_creds(self):
|
||||||
return
|
return
|
||||||
|
@ -405,12 +405,18 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
|
|||||||
" credentials: %s", credentials)
|
" credentials: %s", credentials)
|
||||||
return credentials
|
return credentials
|
||||||
|
|
||||||
|
# TODO(gmann): Remove this method in favor of get_project_member_creds()
|
||||||
|
# after the deprecation phase.
|
||||||
def get_primary_creds(self):
|
def get_primary_creds(self):
|
||||||
return self.get_credentials('primary')
|
return self.get_credentials('primary')
|
||||||
|
|
||||||
|
# TODO(gmann): Remove this method in favor of get_project_admin_creds()
|
||||||
|
# after the deprecation phase.
|
||||||
def get_admin_creds(self):
|
def get_admin_creds(self):
|
||||||
return self.get_credentials('admin')
|
return self.get_credentials('admin')
|
||||||
|
|
||||||
|
# TODO(gmann): Replace this method with more appropriate name.
|
||||||
|
# like get_project_alt_member_creds()
|
||||||
def get_alt_creds(self):
|
def get_alt_creds(self):
|
||||||
return self.get_credentials('alt')
|
return self.get_credentials('alt')
|
||||||
|
|
||||||
|
@ -308,6 +308,8 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
|
|||||||
self.remove_hash(_hash)
|
self.remove_hash(_hash)
|
||||||
LOG.info("%s returned allocated creds:\n%s", self.name, clean_creds)
|
LOG.info("%s returned allocated creds:\n%s", self.name, clean_creds)
|
||||||
|
|
||||||
|
# TODO(gmann): Remove this method in favor of get_project_member_creds()
|
||||||
|
# after the deprecation phase.
|
||||||
def get_primary_creds(self):
|
def get_primary_creds(self):
|
||||||
if self._creds.get('primary'):
|
if self._creds.get('primary'):
|
||||||
return self._creds.get('primary')
|
return self._creds.get('primary')
|
||||||
@ -315,6 +317,8 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
|
|||||||
self._creds['primary'] = net_creds
|
self._creds['primary'] = net_creds
|
||||||
return net_creds
|
return net_creds
|
||||||
|
|
||||||
|
# TODO(gmann): Replace this method with more appropriate name.
|
||||||
|
# like get_project_alt_member_creds()
|
||||||
def get_alt_creds(self):
|
def get_alt_creds(self):
|
||||||
if self._creds.get('alt'):
|
if self._creds.get('alt'):
|
||||||
return self._creds.get('alt')
|
return self._creds.get('alt')
|
||||||
@ -408,6 +412,8 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
|
|||||||
for creds in self._creds.values():
|
for creds in self._creds.values():
|
||||||
self.remove_credentials(creds)
|
self.remove_credentials(creds)
|
||||||
|
|
||||||
|
# TODO(gmann): Remove this method in favor of get_project_admin_creds()
|
||||||
|
# after the deprecation phase.
|
||||||
def get_admin_creds(self):
|
def get_admin_creds(self):
|
||||||
return self.get_creds_by_roles([self.admin_role])
|
return self.get_creds_by_roles([self.admin_role])
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user