Update Octavia tempest tests for no scoped tokens
There has been a direction change in the "secure-RBAC" goal and scoped
tokens are no longer being implemented[1].
The Octavia tempest tests were updated for the new keystone roles and
scoped tokens at the same time with an (bad) assumption that they would be
turned on at the same time.
This patch updates the Octavia tempest plugin to not assume that scoped
tokens are in use when the RBAC type is set to keystone_default_roles.
[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#direction-change
Depends-On: https://review.opendev.org/c/openstack/octavia/+/877433
Change-Id: Ia1c4ca0b675d39bd43640184d6d3deba823fd3f6
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index bd90bea..e217e72 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -506,21 +506,23 @@
- ^octavia_tempest_plugin/tests/(?!api/|\w+\.py).*
- job:
- name: octavia-v2-dsvm-noop-api-scoped-tokens
+ name: octavia-v2-dsvm-noop-api-keystone-default-roles
parent: octavia-v2-dsvm-noop-api
vars:
+ devstack_localrc:
+ OCTAVIA_USE_KEYSTONE_DEFAULT_ROLES: True
devstack_local_conf:
post-config:
$OCTAVIA_CONF:
oslo_policy:
- enforce_scope: True
+ enforce_scope: False
enforce_new_defaults: True
test-config:
"$TEMPEST_CONFIG":
enforce_scope:
- octavia: True
+ octavia: False
load_balancer:
- enforce_new_defaults: True
+ RBAC_test_type: keystone_default_roles
- job:
name: octavia-v2-dsvm-noop-py2-api