tree 639618c1245c3865841cf2d95629837ba48c4c84
parent 5dbaaed88e4e034cca8d8ba80ecff585a376db5b
author Colleen Murphy <colleen.murphy@suse.de> 1570051702 -0700
committer Ghanshyam <gmann@ghanshyammann.com> 1610392346 +0000

Add default RBAC personas to dynamic credentials

This change adds support to the dynamic credentials provider for nine
specific user personas that can be used to test service policies from
the point of view of the three scopes and three default roles that are
available out of the box in keystone. In addition to the os_admin,
os_primary, os_alt, and role-based credentials that were available
before, test classes can now access such credentials as os_system_admin
or os_domain_reader. An example of how this could be used is proposed
for keystone[1].

A subsequent patch addresses the pre-provisioned credentials provider.

In the future, the original tempest personas may redirect to the new
scope-aware personas in order to maintain compatibility between releases
once projects start enforcing scope. This is not addressed here.

[1] https://review.opendev.org/686305

Change-Id: I8bebb5b9b6d8da62e6a5268d827787da461cc0d6