Switch to enabled version of identity clients
Patrole always uses (e.g.) v3 roles client to retrieve
list of roles which is bad if the v3 identity service is not enabled.
Cases like the following:
self.roles_client = test_obj.os_admin.roles_v3_client
Should be changed to:
self.roles_client = test_obj.os_admin.roles_v3_client \
if CONF.identity_feature_enabled.api_v3 \
else test_obj.os_admin.roles_client
This commit switches between the correct identity client
depending on the identity version that is enabled in tempest.conf.
The v3 client is prioritized as identity v3 is current.
This commit also corrects/improves upon some documentation errata.
Change-Id: I9a12196f11473ac4e045ae90c4321219beab7ca6
Closes-Bug: #1702980
diff --git a/patrole_tempest_plugin/rbac_policy_parser.py b/patrole_tempest_plugin/rbac_policy_parser.py
index 41871cf..254bb18 100644
--- a/patrole_tempest_plugin/rbac_policy_parser.py
+++ b/patrole_tempest_plugin/rbac_policy_parser.py
@@ -17,17 +17,17 @@
import json
import os
-from oslo_config import cfg
from oslo_log import log as logging
from oslo_policy import policy
import stevedore
from tempest.common import credentials_factory as credentials
+from tempest import config
from patrole_tempest_plugin import rbac_exceptions
from patrole_tempest_plugin.rbac_utils import RbacAuthority
-CONF = cfg.CONF
+CONF = config.CONF
LOG = logging.getLogger(__name__)
@@ -94,8 +94,10 @@
# doing an API call every time.
if not hasattr(cls, 'available_services'):
admin_mgr = credentials.AdminManager()
- services = admin_mgr.identity_services_v3_client.\
- list_services()['services']
+ services_client = (admin_mgr.identity_services_v3_client
+ if CONF.identity_feature_enabled.api_v3
+ else admin_mgr.identity_services_client)
+ services = services_client.list_services()['services']
cls.available_services = [s['name'] for s in services]
if not service or service not in cls.available_services: