Merge "Add release note and fix some TODO from system scope support"
diff --git a/releasenotes/notes/support-for-rbac-new-scope-6ec8164ce1e7288c.yaml b/releasenotes/notes/support-for-rbac-new-scope-6ec8164ce1e7288c.yaml
new file mode 100644
index 0000000..af7df93
--- /dev/null
+++ b/releasenotes/notes/support-for-rbac-new-scope-6ec8164ce1e7288c.yaml
@@ -0,0 +1,13 @@
+---
+prelude: >
+ Support for RBAC new system scope is added in Tempest.
+features:
+ - |
+ Keystone provides the new scoped token called ``system`` which
+ can be used to query the system scoped API operation. Projects
+ are moving towards the policy with new scope types, Keystone, Nova
+ already provide the new policy for RBAC checks. Tempest has added
+ the support to query the system scoped token from keystone to test
+ the new policy.
+ As next step, we will be moving all the Tempest tests on the project's
+ new policy.
diff --git a/tempest/lib/common/cred_provider.py b/tempest/lib/common/cred_provider.py
index 42ed41b..d0fccbc 100644
--- a/tempest/lib/common/cred_provider.py
+++ b/tempest/lib/common/cred_provider.py
@@ -60,6 +60,42 @@
return
@abc.abstractmethod
+ def get_system_admin_creds(self):
+ return
+
+ @abc.abstractmethod
+ def get_system_member_creds(self):
+ return
+
+ @abc.abstractmethod
+ def get_system_reader_creds(self):
+ return
+
+ @abc.abstractmethod
+ def get_domain_admin_creds(self):
+ return
+
+ @abc.abstractmethod
+ def get_domain_member_creds(self):
+ return
+
+ @abc.abstractmethod
+ def get_domain_reader_creds(self):
+ return
+
+ @abc.abstractmethod
+ def get_project_admin_creds(self):
+ return
+
+ @abc.abstractmethod
+ def get_project_member_creds(self):
+ return
+
+ @abc.abstractmethod
+ def get_project_reader_creds(self):
+ return
+
+ @abc.abstractmethod
def clear_creds(self):
return
diff --git a/tempest/lib/common/dynamic_creds.py b/tempest/lib/common/dynamic_creds.py
index ecbbe8f..983afc8 100644
--- a/tempest/lib/common/dynamic_creds.py
+++ b/tempest/lib/common/dynamic_creds.py
@@ -405,12 +405,18 @@
" credentials: %s", credentials)
return credentials
+ # TODO(gmann): Remove this method in favor of get_project_member_creds()
+ # after the deprecation phase.
def get_primary_creds(self):
return self.get_credentials('primary')
+ # TODO(gmann): Remove this method in favor of get_project_admin_creds()
+ # after the deprecation phase.
def get_admin_creds(self):
return self.get_credentials('admin')
+ # TODO(gmann): Replace this method with more appropriate name.
+ # like get_project_alt_member_creds()
def get_alt_creds(self):
return self.get_credentials('alt')
diff --git a/tempest/lib/common/preprov_creds.py b/tempest/lib/common/preprov_creds.py
index 8325f44..9784a1f 100644
--- a/tempest/lib/common/preprov_creds.py
+++ b/tempest/lib/common/preprov_creds.py
@@ -308,6 +308,8 @@
self.remove_hash(_hash)
LOG.info("%s returned allocated creds:\n%s", self.name, clean_creds)
+ # TODO(gmann): Remove this method in favor of get_project_member_creds()
+ # after the deprecation phase.
def get_primary_creds(self):
if self._creds.get('primary'):
return self._creds.get('primary')
@@ -315,6 +317,8 @@
self._creds['primary'] = net_creds
return net_creds
+ # TODO(gmann): Replace this method with more appropriate name.
+ # like get_project_alt_member_creds()
def get_alt_creds(self):
if self._creds.get('alt'):
return self._creds.get('alt')
@@ -408,6 +412,8 @@
for creds in self._creds.values():
self.remove_credentials(creds)
+ # TODO(gmann): Remove this method in favor of get_project_admin_creds()
+ # after the deprecation phase.
def get_admin_creds(self):
return self.get_creds_by_roles([self.admin_role])