Update tests for scoped tokens and default roles
This patch refactors the RBAC enforcement checks in the API tests.
It also updates those test for keystone scoped tokens and default roles.
Change-Id: I6fad03f5a89c213562918ca258884aac34ba7ce7
diff --git a/releasenotes/notes/Add-RBAC-scoped-tokens-tests-920aa35faf4a8c9d.yaml b/releasenotes/notes/Add-RBAC-scoped-tokens-tests-920aa35faf4a8c9d.yaml
new file mode 100644
index 0000000..d2d5d23
--- /dev/null
+++ b/releasenotes/notes/Add-RBAC-scoped-tokens-tests-920aa35faf4a8c9d.yaml
@@ -0,0 +1,17 @@
+---
+features:
+ - |
+ Added API test support for keystone default roles and scoped tokens.
+issues:
+ - |
+ Currently the API tests will not pass with the
+ keystone_default_roles-policy.yaml override file. This is due to the
+ tempest framework credentials do not yet support token scopes.
+ This issue is tracked in https://bugs.launchpad.net/tempest/+bug/1917168
+ Once that bug is fixed, octavia-tempest-plugin can be updated to use the
+ required scope in the test credentials.
+upgrade:
+ - |
+ Two new tempest.conf settings enable/disable keystone default roles and
+ scoped token testing, [enforce_scope] octavia = True/False and
+ [load_balancer] enforce_new_defaults = True/False.