commit f6b69e23b95d5348a19774ed14f14b53b52b1452
author Felipe Monteiro <felipe.monteiro@att.com> Thu May 04 21:55:04 2017 +0100
committer Felipe Monteiro <felipe.monteiro@att.com> Thu May 04 20:59:29 2017 +0000
tree 33874463560c02812dbff7396aa55b1cc7d5c00d
parent ae6d0ef3c15a2f5e86250e446031005f290a73d4

Change "admin" literal for admin role to CONF admin_role

Currently, the Patrole framework always assumes that the admin
role is "admin". But this might not necessarily be the case.
The word "admin" is just a convention, but is nonetheless an
arbitrary designation for administration privileges.

Instead, the Patrole framework should take advantage of the
already-existing Tempest configuration option:

    cfg.StrOpt('admin_role',
               default='admin',
               help="Role required to administrate keystone."),

This patch changes instances of 'admin' (for identifying the
admin role) with ``CONF.identity.admin_role``. This patch doesn't
make changes to 'admin' in unit tests, as that's not necessary,
but instead uses ``CONF.set_override`` to change the ``admin_role``
to "admin".

Closes-Bug: #1680294
Change-Id: Ia4431c2a16892a60fe10bb7e8495e7e384e552c1

patrole_tempest_plugin/rbac_utils.py

diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index 55a5599..4cddb8d 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@@ -160,7 +160,7 @@
         for role in available_roles['roles']:
             if role['name'] == CONF.rbac.rbac_test_role:
                 rbac_role_id = role['id']
-            if role['name'] == 'admin':
+            if role['name'] == CONF.identity.admin_role:
                 admin_role_id = role['id']
 
         if not admin_role_id or not rbac_role_id: