Use get_service_clients framework with basic Secure RBAC
The ironic tempest plugin was an early plugin and manually
invoked override plugin clients and then attached them in
the setup_clients method. However, the newer format is to
use get_service_clients, which creates and attach client
classes using the prepared credentials supplied by the
credentials attribute on the test classes.
In order to support even the most basic testing handling
and testing of Scope Enforcement as part of Secure RBAC,
then the we need to leverage the newer (last 3-4 years)
model of instantiating and leveraging clients in tempest.
This is because we need to be able to get a system scoped
admin token to be able to test actions as a system scoped
admin user. Not to be confused with "admin", which is
project scoped.
This newer style of client support does necessitate some
legacy style or direct client invocations to be retooled
so they do not attempt to directly invoke without the
required context.
Additionally, to support even the most basic handling of
the Secure RBAC's effort, we need to be able to know
when to leverage *and* then leverage that client.
We do that through the enforce_scope parameter
in upstream tempest.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/798130
Change-Id: I5188fc756f1b524e9d1b32ef0474e29a9cf90b57
11 files changed