From 6fb55c8fc3c64317f668440b8d394ad2f052ca73 Mon Sep 17 00:00:00 2001
From: Ghanshyam Mann <gmann@ghanshyammann.com>
Date: Tue, 2 Feb 2021 17:14:21 -0600
Subject: [PATCH] Add config option for enforce_scope

As servies are moving towards new RBAC defaults
and Tempest or plugins are writting the new
tests or moving the existing tests towards new defaults
policy, we need to add config option to enbale the
scoped token.

Adding it in Tempest configwill help to avoid any conflict
in same config name. This new config option will be used
in Tempest tests or in Tempest plugins side too.

Change-Id: I788e25c499410f452bcfaeab86611f597f2e50a7
---
 tempest/config.py | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/tempest/config.py b/tempest/config.py
index 956b593d4d..31d9b1bdbe 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -1207,6 +1207,39 @@ ServiceAvailableGroup = [
                 help="Whether or not horizon is expected to be available"),
 ]
 
+enforce_scope_group = cfg.OptGroup(name="enforce_scope",
+                                   title="OpenStack Services with "
+                                         "enforce scope")
+
+
+EnforceScopeGroup = [
+    cfg.BoolOpt('nova',
+                default=False,
+                help='Does the compute service API policies enforce scope? '
+                     'This configuration value should be same as '
+                     'nova.conf: [oslo_policy].enforce_scope option.'),
+    cfg.BoolOpt('neutron',
+                default=False,
+                help='Does the network service API policies enforce scope? '
+                     'This configuration value should be same as '
+                     'neutron.conf: [oslo_policy].enforce_scope option.'),
+    cfg.BoolOpt('glance',
+                default=False,
+                help='Does the Image service API policies enforce scope? '
+                     'This configuration value should be same as '
+                     'glance.conf: [oslo_policy].enforce_scope option.'),
+    cfg.BoolOpt('cinder',
+                default=False,
+                help='Does the Volume service API policies enforce scope? '
+                     'This configuration value should be same as '
+                     'cinder.conf: [oslo_policy].enforce_scope option.'),
+    cfg.BoolOpt('keystone',
+                default=False,
+                help='Does the Identity service API policies enforce scope? '
+                     'This configuration value should be same as '
+                     'keystone.conf: [oslo_policy].enforce_scope option.'),
+]
+
 debug_group = cfg.OptGroup(name="debug",
                            title="Debug System")
 
@@ -1276,6 +1309,7 @@ _opts = [
     (object_storage_feature_group, ObjectStoreFeaturesGroup),
     (scenario_group, ScenarioGroup),
     (service_available_group, ServiceAvailableGroup),
+    (enforce_scope_group, EnforceScopeGroup),
     (debug_group, DebugGroup),
     (placement_group, PlacementGroup),
     (profiler_group, ProfilerGroup),
@@ -1345,6 +1379,7 @@ class TempestConfigPrivate(object):
             'object-storage-feature-enabled']
         self.scenario = _CONF.scenario
         self.service_available = _CONF.service_available
+        self.enforce_scope = _CONF.enforce_scope
         self.debug = _CONF.debug
         logging.tempest_set_log_file('tempest.log')
         # Setting attributes for plugins