From 73005a1452193b6fb8b629cacfd1930d135c0fb1 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Sat, 20 Jan 2024 11:56:45 +0900
Subject: [PATCH] Clean up [identity-feature-enable] options for old releases

Project tags API and application credentials API are default features
since Queens and we can now assume these features are available when
identity v3 API is available. Becuase queens and older releases are no
longer supported by tempest, we can drop the options to enable tests
for these features.

Also, access rules for application credentials has been a default
feature since train so we can also assume this feature is available,
because train and older releases are no longer supported.

Change-Id: I138ac02f61c5a0a22ce0d5ad2d600a09166a4764
---
 ...-opt-cleanup-caracal-7afd283855a07025.yaml | 21 +++++++++++++++++++
 .../identity/admin/v3/test_project_tags.py    |  4 ----
 tempest/api/identity/base.py                  |  7 -------
 tempest/config.py                             | 20 ++++--------------
 4 files changed, 25 insertions(+), 27 deletions(-)
 create mode 100644 releasenotes/notes/identity-feature-opt-cleanup-caracal-7afd283855a07025.yaml

diff --git a/releasenotes/notes/identity-feature-opt-cleanup-caracal-7afd283855a07025.yaml b/releasenotes/notes/identity-feature-opt-cleanup-caracal-7afd283855a07025.yaml
new file mode 100644
index 0000000000..67f6ede3cb
--- /dev/null
+++ b/releasenotes/notes/identity-feature-opt-cleanup-caracal-7afd283855a07025.yaml
@@ -0,0 +1,21 @@
+---
+upgrade:
+  - |
+    The following deprecated options in the ``[identity-feature-enabled]``
+    section have been removed. Project tags API and application credentials
+    API are now always tested if identity v3 API is available.
+
+    - ``project_tag``
+    - ``application_credentials``
+
+  - |
+    Default value of the ``[identity-feature-enabled] access_rule`` option has
+    been changed from ``False`` to ``True`` and now the access rule API is
+    always tested when identity API is available.
+
+deprecations:
+  - |
+    The Keystone access_rule is enabled by default since Train release and we
+    no longer need a separate config in Tempest to enable it. Therefore
+    the ``[identity-feature-enabled] access_rule`` option has been deprecated
+    and will be removed in a future release.
diff --git a/tempest/api/identity/admin/v3/test_project_tags.py b/tempest/api/identity/admin/v3/test_project_tags.py
index 2cc725747d..2004cbc3c5 100644
--- a/tempest/api/identity/admin/v3/test_project_tags.py
+++ b/tempest/api/identity/admin/v3/test_project_tags.py
@@ -13,8 +13,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import testtools
-
 from tempest.api.identity import base
 from tempest import config
 from tempest.lib.common.utils import data_utils
@@ -33,8 +31,6 @@ class IdentityV3ProjectTagsTest(base.BaseIdentityV3AdminTest):
     force_tenant_isolation = False
 
     @decorators.idempotent_id('7c123aac-999d-416a-a0fb-84b915ab10de')
-    @testtools.skipUnless(CONF.identity_feature_enabled.project_tags,
-                          'Project tags not available.')
     def test_list_update_delete_project_tags(self):
         """Test listing, updating and deleting of project tags"""
         project = self.setup_test_project()
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index c9e0e1c842..9cdd917d9a 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -321,13 +321,6 @@ class BaseIdentityV3AdminTest(BaseIdentityV3Test):
 
 class BaseApplicationCredentialsV3Test(BaseIdentityV3Test):
 
-    @classmethod
-    def skip_checks(cls):
-        super(BaseApplicationCredentialsV3Test, cls).skip_checks()
-        if not CONF.identity_feature_enabled.application_credentials:
-            raise cls.skipException("Application credentials are not available"
-                                    " in this environment")
-
     @classmethod
     def resource_setup(cls):
         super(BaseApplicationCredentialsV3Test, cls).resource_setup()
diff --git a/tempest/config.py b/tempest/config.py
index 893148bed5..093b0b6a58 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -263,23 +263,11 @@ IdentityFeatureGroup = [
                 default=False,
                 help='Does the environment have the security compliance '
                      'settings enabled?'),
-    cfg.BoolOpt('project_tags',
-                default=True,
-                help='Is the project tags identity v3 API available?',
-                deprecated_for_removal=True,
-                deprecated_reason='Project tags API is a default feature '
-                                  'since Queens'),
-    cfg.BoolOpt('application_credentials',
-                default=True,
-                help='Does the environment have application credentials '
-                     'enabled?',
-                deprecated_for_removal=True,
-                deprecated_reason='Application credentials is a default '
-                                  'feature since Queens'),
-    # Access rules for application credentials is a default feature in Train.
-    # This config option can removed once Stein is EOL.
     cfg.BoolOpt('access_rules',
-                default=False,
+                default=True,
+                deprecated_for_removal=True,
+                deprecated_reason='Access rules for application credentials '
+                                  'is a default feature since Train',
                 help='Does the environment have access rules enabled?'),
     cfg.BoolOpt('immutable_user_source',
                 default=False,