Merge "[Secure RBAC] Add scope enforcement enabled job for master branch"
diff --git a/zuul.d/master_jobs.yaml b/zuul.d/master_jobs.yaml
index cedb13b..cf13f8c 100644
--- a/zuul.d/master_jobs.yaml
+++ b/zuul.d/master_jobs.yaml
@@ -405,6 +405,23 @@
- ^vagrant/.*$
- ^zuul.d/(?!(project)).*\.yaml
+- job:
+ name: neutron-tempest-plugin-openvswitch-enforce-scope-new-defaults
+ parent: neutron-tempest-plugin-openvswitch
+ vars:
+ devstack_localrc:
+ # Enabeling the scope and new defaults for services.
+ # NOTE: (gmann) We need to keep keystone scope check disable as
+ # services (except ironic) does not support the system scope and
+ # they need keystone to continue working with project scope. Until
+ # Keystone policies are changed to work for both system as well as
+ # for project scoped, we need to keep scope check disable for
+ # keystone.
+ NOVA_ENFORCE_SCOPE: true
+ GLANCE_ENFORCE_SCOPE: true
+ NEUTRON_ENFORCE_SCOPE: true
+
+
# TODO(slaweq): remove that job's definition as soon as new job
# "neutron-tempest-plugin-openvswitch-iptables_hybrid" will be used in the
# neutron repo as a parent for a
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 0048830..5ecb043 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -5,6 +5,7 @@
- neutron-tempest-plugin-linuxbridge
- neutron-tempest-plugin-openvswitch
- neutron-tempest-plugin-openvswitch-iptables_hybrid
+ - neutron-tempest-plugin-openvswitch-enforce-scope-new-defaults
- neutron-tempest-plugin-ovn
- neutron-tempest-plugin-designate-scenario
gate:
@@ -13,6 +14,7 @@
- neutron-tempest-plugin-openvswitch
- neutron-tempest-plugin-ovn
- neutron-tempest-plugin-openvswitch-iptables_hybrid
+ - neutron-tempest-plugin-openvswitch-enforce-scope-new-defaults
#TODO(slaweq): Move neutron-tempest-plugin-dvr-multinode-scenario out of
# the experimental queue when it will be more stable
experimental: