cd0bbbdad3
Keystone is moving away from using either project-scope or domain-scope for the main cloud administrator user, and instead moving toward the admin user having a role assignment on the "system" scope[1]. This will mean that no particular project or domain is special, and instead the cloud administrator scopes to the system in order to make deployment-wide changes. Keystone has now migrated all of its policies to understand system scope[2], and if a deployment sets [oslo_policy]/enforce_scope=true in keystone.conf and uses the new policies, an admin user scoped to the admin project will not be able to create dynamic credentials for tempest. This patch adds a new parameter ``[auth]/admin_system`` to indicate that neither the ``admin_project`` or ``admin_domain`` parameters apply to the admin user and that the user should instead authenticate with the system scope. This also adds ``admin_user_domain_name`` so that the admin user can be found in its domain (namespace) without setting ``domain_name``, and for completeness also adds ``admin_project_domain_name`` so that ``domain_name`` could be omitted even if using project scope. [1] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/system-scope.html [2] https://bugs.launchpad.net/keystone/+bugs?field.status%3Alist=FIXRELEASED&field.tag=system-scope Depends-on: https://review.opendev.org/739262 Change-Id: I840b273c37ca7cc4592c43813abfb424337e2836 |
||
---|---|---|
doc | ||
etc | ||
playbooks | ||
releasenotes | ||
roles | ||
tempest | ||
tools | ||
zuul.d | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.mailmap | ||
.stestr.conf | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
README.rst | ||
REVIEWING.rst | ||
bindep.txt | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Team and repository tags
Tempest - The OpenStack Integration Test Suite
This is a set of integration tests to be run against a live OpenStack cluster. Tempest has batteries of tests for OpenStack API validation, scenarios, and other specific tests useful in validating an OpenStack deployment.
- Documentation: https://docs.openstack.org/tempest/latest/
- Features: https://specs.openstack.org/openstack/qa-specs/#tempest
- Bugs: https://bugs.launchpad.net/tempest/
- Release Notes: https://docs.openstack.org/releasenotes/tempest
Get in touch via email. Use [tempest] in your subject.