Multi role RBAC validation
This patchset replaces ``CONF.patrole.rbac_test_role`` with
``CONF.patrole.rbac_test_roles``, where instead of single role
we can specify list of roles to be assigned to test user.
Change-Id: Ia68bcbdbb523dfe7c4abd6107fb4c426a566ae9d
diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index 502b68c..6b95182 100644
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -14,9 +14,14 @@
setup_package $PATROLE_DIR -e
if [[ ${DEVSTACK_SERIES} == 'pike' ]]; then
- if [[ "$RBAC_TEST_ROLE" == "member" ]]; then
- RBAC_TEST_ROLE="Member"
- fi
+ IFS=',' read -ra roles_array <<< "$RBAC_TEST_ROLES"
+ RBAC_TEST_ROLES=""
+ for i in "${roles_array[@]}"; do
+ if [[ $i == "member" ]]; then
+ i="Member"
+ fi
+ RBAC_TEST_ROLES="$i,$RBAC_TEST_ROLES"
+ done
# Policies used by Patrole testing that were changed in a backwards-incompatible way.
# TODO(felipemonteiro): Remove these once stable/pike becomes EOL.
@@ -35,9 +40,14 @@
fi
if [[ ${DEVSTACK_SERIES} == 'queens' ]]; then
- if [[ "$RBAC_TEST_ROLE" == "member" ]]; then
- RBAC_TEST_ROLE="Member"
- fi
+ IFS=',' read -ra roles_array <<< "$RBAC_TEST_ROLES"
+ RBAC_TEST_ROLES=""
+ for i in "${roles_array[@]}"; do
+ if [[ $i == "member" ]]; then
+ i="Member"
+ fi
+ RBAC_TEST_ROLES="$i,$RBAC_TEST_ROLES"
+ done
# TODO(cl566n): Remove these once stable/queens becomes EOL.
# These policies were removed in Stein but are available in Queens.
@@ -52,7 +62,7 @@
iniset $TEMPEST_CONFIG policy-feature-enabled removed_keystone_policies_stein False
fi
- iniset $TEMPEST_CONFIG patrole rbac_test_role $RBAC_TEST_ROLE
+ iniset $TEMPEST_CONFIG patrole rbac_test_roles $RBAC_TEST_ROLES
}
if is_service_enabled tempest; then