3e82af7f6c
Adding the ability to select the scope of the authentication. When using identity v3, this makes it possible to use either project scope or domain scope regardless of whether a project is included or not in the Credentials object. The interface to auth for most tests is the AuthProvider. The scope is defined in the constructor of the AuthProvider, and it can also be changed at a later time via 'set_scope'. In most cases a set of credentials will use the same scope. Test credentials will use project scope. Admin test credentials may use domain scope on identity API alls, or project scope on other APIs. Since clients are initialised with an auth provider by the client manager, we extend the client manager interface to include the scope. Tests and Tempest parts that require a domain scoped token will instanciate the relevant client manager with scope == 'domain', or set the scope to domain on the 'auth_provider'. The default scope in the v3 auth provider is 'projet;, which me must do for backward compatibility reasons (besides it's what most tests expects. We also filter the list of attributes based on scope, so that tests or service clients may request a different scope. The original behaviour of the token client is unchanged: all fields passed to it towards the API server. This maintains backward compatibility, and leaves full control for test that want to define what is sent in the token request. Closes-bug: #1475359 Change-Id: I6fad6dd48a4d306f69da27c6793de687bbf72add
169 B
169 B
Authentication Framework Usage
The auth module
tempest.lib.auth