commit 26928121dd76740c7e5832fe52d16917fab9c866
author Douglas Mendizábal <douglas@redrobot.io> Mon Feb 19 14:07:59 2024 -0600
committer Douglas Mendizábal <dmendiza@redhat.com> Thu Mar 07 10:41:47 2024 -0600
tree 08c15116196c4ebbaf2362141833bdde7635e11c
parent 3c70e93c06b873ef4f58fee689a7dc3e8984d6b1

Update roles required for testing

This patch removes the hard-coded 'key-manager:service-admin' role from
the base test class because the role is not available in deployments
with the new Secure RBAC policies enabled.

There is only one test that still requires this role in the API quotas
tests, so we generate a dynamic user there and only use it in this
class.  This test is skipped when SRBAC is enabled.

Change-Id: I6fbfe43f821d9315e01d3bdfd6f5d4edf4e552b7

barbican_tempest_plugin/tests/api/base.py

diff --git a/barbican_tempest_plugin/tests/api/base.py b/barbican_tempest_plugin/tests/api/base.py
index aa500f7..50ae662 100644
--- a/barbican_tempest_plugin/tests/api/base.py
+++ b/barbican_tempest_plugin/tests/api/base.py
@@ -61,8 +61,7 @@
                          api_version_utils.BaseMicroversionTest):
     """Base class for all api tests."""
 
-    # Why do I have to be an admin to create secrets? No idea...
-    credentials = ('admin', ['service_admin', 'key-manager:service-admin'])
+    credentials = ['project_admin']
     client_manager = clients.Clients
     created_objects = {}
 
@@ -88,8 +87,6 @@
         cls.secret_consumer_client = os.secret_v1_1.SecretConsumerClient()
         cls.secret_metadata_client = os.secret_v1.SecretMetadataClient()
         cls.version_client = os.secret_v1_1.VersionClient()
-
-        os = getattr(cls, 'os_roles_%s' % cls.credentials[1][0])
         cls.quota_client = os.secret_v1.QuotaClient()
 
     @classmethod