Make the API tests compatible with scoped tokens
This patch makes the API tests compatible with keystone scoped
tokens and the new RBAC defaults.
For example, admin system scoped tokens do not have a project_id associated
with them requiring some tests to be updated to not assume the admin
credential always has a project_id.
This patch also makes some sections consistently ordered across files.
Change-Id: Ie2c7402967f40bb90e0d97dad1c3d59f82cb6d80
diff --git a/designate_tempest_plugin/config.py b/designate_tempest_plugin/config.py
index 3aadb96..99c9a04 100644
--- a/designate_tempest_plugin/config.py
+++ b/designate_tempest_plugin/config.py
@@ -79,4 +79,24 @@
default=True,
help="Is https://bugs.launchpad.net/designate/+bug/1573141 "
"fixed"),
+ # Note: Also see the enforce_scope section (from tempest) for Designate API
+ # scope checking setting.
+ cfg.BoolOpt('enforce_new_defaults',
+ default=False,
+ help='Does the dns service API policies enforce '
+ 'the new keystone default roles? This configuration '
+ 'value should be same as designate.conf: '
+ '[oslo_policy].enforce_new_defaults option.'),
+]
+
+# Extending this enforce_scope group defined in tempest
+enforce_scope_group = cfg.OptGroup(name="enforce_scope",
+ title="OpenStack Services with "
+ "enforce scope")
+EnforceScopeGroup = [
+ cfg.BoolOpt('designate',
+ default=False,
+ help='Does the dns service API policies enforce '
+ 'scope? This configuration value should be same as '
+ 'designate.conf: [oslo_policy].enforce_scope option.'),
]