Merge "Change "admin" literal for admin role to CONF admin_role"
diff --git a/patrole_tempest_plugin/rbac_policy_parser.py b/patrole_tempest_plugin/rbac_policy_parser.py
index e68921f..8256889 100644
--- a/patrole_tempest_plugin/rbac_policy_parser.py
+++ b/patrole_tempest_plugin/rbac_policy_parser.py
@@ -168,7 +168,7 @@
return self._allowed(
access=self._get_access_token(role),
apply_rule='context_is_admin')
- return role == 'admin'
+ return role == CONF.identity.admin_role
def _get_access_token(self, role):
access_token = {
diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index 4382259..8de3d97 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py
@@ -77,7 +77,7 @@
LOG.info("As admin_only is True, only admin role should be "
"allowed to perform the API. Skipping oslo.policy "
"check for policy action {0}.".format(rule))
- allowed = CONF.rbac.rbac_test_role == 'admin'
+ allowed = CONF.rbac.rbac_test_role == CONF.identity.admin_role
else:
allowed = _is_authorized(test_obj, service, rule,
extra_target_data)
diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index 55a5599..4cddb8d 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@@ -160,7 +160,7 @@
for role in available_roles['roles']:
if role['name'] == CONF.rbac.rbac_test_role:
rbac_role_id = role['id']
- if role['name'] == 'admin':
+ if role['name'] == CONF.identity.admin_role:
admin_role_id = role['id']
if not admin_role_id or not rbac_role_id:
diff --git a/patrole_tempest_plugin/tests/unit/test_rbac_utils.py b/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
index 057ce20..a2917cf 100644
--- a/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
+++ b/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
@@ -51,12 +51,15 @@
self.mock_test_obj.os_admin = mock.Mock(
**{'roles_v3_client.list_roles.return_value': available_roles})
- CONF.set_override('rbac_test_role', 'Member', group='rbac',
+ CONF.set_override('admin_role', 'admin', group='identity',
enforce_type=True)
CONF.set_override('auth_version', 'v3', group='identity',
enforce_type=True)
+ CONF.set_override('rbac_test_role', 'Member', group='rbac',
+ enforce_type=True)
self.addCleanup(CONF.clear_override, 'rbac_test_role', group='rbac')
+ self.addCleanup(CONF.clear_override, 'admin_role', group='identity')
self.addCleanup(CONF.clear_override, 'auth_version', group='identity')
self.addCleanup(mock.patch.stopall)