Merge "Improve test_implied_domain_roles"
This commit is contained in:
commit
f4b538cf21
@ -15,11 +15,14 @@
|
||||
|
||||
from tempest.api.identity import base
|
||||
from tempest.common.utils import data_utils
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import test_utils
|
||||
from tempest.lib import decorators
|
||||
from tempest.lib import exceptions as lib_exc
|
||||
from tempest import test
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
|
||||
class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
|
||||
|
||||
@ -348,6 +351,15 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
|
||||
# domain role to a global one
|
||||
self._create_implied_role(domain_role1['id'], self.role['id'])
|
||||
|
||||
if CONF.identity_feature_enabled.forbid_global_implied_dsr:
|
||||
# The contrary is not true: we can't create an inference rule
|
||||
# from a global role to a domain role
|
||||
self.assertRaises(
|
||||
lib_exc.Forbidden,
|
||||
self.roles_client.create_role_inference_rule,
|
||||
self.role['id'],
|
||||
domain_role1['id'])
|
||||
|
||||
@decorators.idempotent_id('3859df7e-5b78-4e4d-b10e-214c8953842a')
|
||||
def test_assignments_for_domain_roles(self):
|
||||
domain_role = self.setup_test_role(domain_id=self.domain['id'])
|
||||
|
@ -225,6 +225,13 @@ IdentityFeatureGroup = [
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="All supported version of OpenStack now "
|
||||
"supports the 'reseller' feature"),
|
||||
# TODO(rodrigods): This is a feature flag for bug 1590578 which is fixed
|
||||
# in Newton and Ocata. This option can be removed after Mitaka is end of
|
||||
# life.
|
||||
cfg.BoolOpt('forbid_global_implied_dsr',
|
||||
default=False,
|
||||
help='Does the environment forbid global roles implying '
|
||||
'domain specific ones?'),
|
||||
cfg.BoolOpt('security_compliance',
|
||||
default=False,
|
||||
help='Does the environment have the security compliance '
|
||||
|
Loading…
Reference in New Issue
Block a user