commit b73e1088e01329684c0724081840af3870870f52
author Lingxian Kong <anlin.kong@gmail.com> Wed Jan 13 15:04:39 2021 +1300
committer Lingxian Kong <anlin.kong@gmail.com> Sat Jan 16 10:42:30 2021 +1300
tree dbb87e66a75c0f2bd43a886bc61c00e4c0b69c3c
parent f5699576d85bf29e9bc9f9160307db8d00ad5086

Restore test user's original roles during clean up

Depends-On: https://review.opendev.org/c/openstack/patrole/+/770867
Change-Id: I965d9e280ef0a85dfe6b2e4000eb47e1d06fed77

patrole_tempest_plugin/rbac_utils.py

diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index b11ae38..7a1c33f 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@@ -143,10 +143,21 @@
     _user_id = None
     _role_map = None
     _role_inferences_mapping = None
+    _orig_roles = []
 
     admin_roles_client = None
 
     @classmethod
+    def restore_roles(cls):
+        if cls._orig_roles:
+            LOG.info("Restoring original roles %s", cls._orig_roles)
+            roles_already_present = cls._list_and_clear_user_roles_on_project(
+                cls._orig_roles)
+
+            if not roles_already_present:
+                cls._create_user_role_on_project(cls._orig_roles)
+
+    @classmethod
     def setup_clients(cls):
         # Intialize the admin roles_client to perform role switching.
         admin_mgr = clients.Manager(
@@ -165,8 +176,15 @@
 
         cls._init_roles()
 
+        # Store the user's original roles and rollback after testing.
+        roles = cls.admin_roles_client.list_user_roles_on_project(
+            cls._project_id, cls._user_id)['roles']
+        cls._orig_roles = [role['id'] for role in roles]
+        cls.addClassResourceCleanup(cls.restore_roles)
+
         # Change default role to admin
         cls._override_role(False)
+
         super(RbacUtilsMixin, cls).setup_clients()
 
     @classmethod