Merge "Add --combine option to tempest run"
diff --git a/README.rst b/README.rst
index 9d19c23..3d7c804 100644
--- a/README.rst
+++ b/README.rst
@@ -209,15 +209,9 @@
Python 3.x
----------
-Starting during the Liberty release development cycle work began on enabling
-Tempest to run under both Python 2.7 and Python 3.4. Tempest strives to fully
-support running with Python 3.4 and newer. A gating unit test job was added to
-also run Tempest's unit tests under Python 3. This means that the Tempest
-code at least imports under Python 3.4 and things that have unit test coverage
-will work on Python 3.4. However, because large parts of Tempest are
-self-verifying there might be uncaught issues running on Python 3. So until
-there is a gating job which does a full Tempest run using Python 3 there
-isn't any guarantee that running Tempest under Python 3 is bug free.
+Starting during the Pike cycle Tempest has a gating CI job that runs tempest
+with Python 3. Any tempest release after 15.0.0 should fully support running
+under Python 3 as well as Python 2.7.
Legacy run method
-----------------
diff --git a/tempest/api/identity/admin/v3/test_roles.py b/tempest/api/identity/admin/v3/test_roles.py
index b7b6596..9bee24a 100644
--- a/tempest/api/identity/admin/v3/test_roles.py
+++ b/tempest/api/identity/admin/v3/test_roles.py
@@ -15,11 +15,14 @@
from tempest.api.identity import base
from tempest.common.utils import data_utils
+from tempest import config
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc
from tempest import test
+CONF = config.CONF
+
class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
@@ -348,6 +351,15 @@
# domain role to a global one
self._create_implied_role(domain_role1['id'], self.role['id'])
+ if CONF.identity_feature_enabled.forbid_global_implied_dsr:
+ # The contrary is not true: we can't create an inference rule
+ # from a global role to a domain role
+ self.assertRaises(
+ lib_exc.Forbidden,
+ self.roles_client.create_role_inference_rule,
+ self.role['id'],
+ domain_role1['id'])
+
@decorators.idempotent_id('3859df7e-5b78-4e4d-b10e-214c8953842a')
def test_assignments_for_domain_roles(self):
domain_role = self.setup_test_role(domain_id=self.domain['id'])
diff --git a/tempest/config.py b/tempest/config.py
index 83c5c0e..651c32e 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -225,6 +225,13 @@
deprecated_for_removal=True,
deprecated_reason="All supported version of OpenStack now "
"supports the 'reseller' feature"),
+ # TODO(rodrigods): This is a feature flag for bug 1590578 which is fixed
+ # in Newton and Ocata. This option can be removed after Mitaka is end of
+ # life.
+ cfg.BoolOpt('forbid_global_implied_dsr',
+ default=False,
+ help='Does the environment forbid global roles implying '
+ 'domain specific ones?'),
cfg.BoolOpt('security_compliance',
default=False,
help='Does the environment have the security compliance '