Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / 33438a17352befd58cb692f6494b0294d025540e^! / .
commit33438a17352befd58cb692f6494b0294d025540e[log] [tgz]
authorHugh Saunders <hugh@wherenow.org>Thu Jan 15 14:26:57 2015 +0000
committerHugh Saunders <hugh@wherenow.org>Thu Jan 15 17:25:40 2015 +0000
tree4d1c78e5e626ecdb07878cf0a778b506bf18d846
parentcbaba256031fac04538819f6616490f41ddfcb86 [diff]
Add roles to all tempest created users

Adds configuration option identity.tempest_roles which is a list of
roles that are added to all tempest created users.

This is useful when tempest users require priviledges between default
and admin.

Change-Id: I545d8f595dad6e4fe3da57e936baf18bc16c0e78
Closes-Bug: #1411256

diff --git a/etc/tempest.conf.sample b/etc/tempest.conf.sample
index 2e1d6f3..234273b 100644
--- a/etc/tempest.conf.sample
+++ b/etc/tempest.conf.sample

@@ -582,6 +582,9 @@
 # applies to user and project (string value)
 #admin_domain_name = <None>
 
+# Roles to assign to all users created by tempest (list value)
+#tempest_roles =
+
 
 [identity-feature-enabled]
 

diff --git a/tempest/common/isolated_creds.py b/tempest/common/isolated_creds.py
index f478f95..e7590b7 100644
--- a/tempest/common/isolated_creds.py
+++ b/tempest/common/isolated_creds.py

@@ -124,6 +124,8 @@
             self._assign_user_role(tenant, user, swift_operator_role)
         if admin:
             self._assign_user_role(tenant, user, CONF.identity.admin_role)
+        for role in CONF.identity.tempest_roles:
+            self._assign_user_role(tenant, user, role)
         return self._get_credentials(user, tenant)
 
     def _get_credentials(self, user, tenant):

diff --git a/tempest/config.py b/tempest/config.py
index 1c0dabb..4858fda 100644
--- a/tempest/config.py
+++ b/tempest/config.py

@@ -131,6 +131,9 @@
     cfg.StrOpt('admin_domain_name',
                help="Admin domain name for authentication (Keystone V3)."
                     "The same domain applies to user and project"),
+    cfg.ListOpt('tempest_roles',
+                help="Roles to assign to all users created by tempest",
+                default=[])
 ]
 
 identity_feature_group = cfg.OptGroup(name='identity-feature-enabled',