Enable scope testing for SRBAC This patch updates the protection (Secure RBAC) job to enable scope checking. It also turns on scope checking in Keystone to ensure that integration is working correctly. This is the firs step in implementing Phase1 for Cinder [1] [1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-1 Change-Id: Id059ab97f099c88aa2a52a29a7de9c8e8676ee85

commit: c00cb0ad7d91e0fc06ffe0f7dbae88c73574faea [log] [tgz]
author: Douglas Mendizábal <dmendiza@redhat.com> Fri Jan 19 13:47:54 2024 -0500
committer: Douglas Mendizábal <dmendiza@redhat.com> Tue Jan 23 12:38:01 2024 -0500
tree: 49346226e60c3e8ea3625fb20f997a796dc0fdfb
parent: befec23ec1611cee073841b09087a205bd39bd0c [diff]
diff --git a/.zuul.yaml b/.zuul.yaml
index be6d789..a5d34c5 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml

@@ -51,10 +51,13 @@
     vars:
       tox_envlist: all
       tempest_test_regex: 'cinder_tempest_plugin.rbac'
+      devstack_localrc:
+        KEYSTONE_ENFORCE_SCOPE: True
       devstack_local_conf:
         test-config:
           $CINDER_CONF:
             oslo_policy:
+              enforce_scope: True
               enforce_new_defaults: True
           $TEMPEST_CONFIG:
             enforce_scope:
commit	c00cb0ad7d91e0fc06ffe0f7dbae88c73574faea	[log] [tgz]
author	Douglas Mendizábal <dmendiza@redhat.com>	Fri Jan 19 13:47:54 2024 -0500
committer	Douglas Mendizábal <dmendiza@redhat.com>	Tue Jan 23 12:38:01 2024 -0500
tree	49346226e60c3e8ea3625fb20f997a796dc0fdfb
parent	befec23ec1611cee073841b09087a205bd39bd0c [diff]