Add default RBAC personas to dynamic credentials
This change adds support to the dynamic credentials provider for nine
specific user personas that can be used to test service policies from
the point of view of the three scopes and three default roles that are
available out of the box in keystone. In addition to the os_admin,
os_primary, os_alt, and role-based credentials that were available
before, test classes can now access such credentials as os_system_admin
or os_domain_reader. An example of how this could be used is proposed
for keystone[1].
A subsequent patch addresses the pre-provisioned credentials provider.
In the future, the original tempest personas may redirect to the new
scope-aware personas in order to maintain compatibility between releases
once projects start enforcing scope. This is not addressed here.
[1] https://review.opendev.org/686305
Change-Id: I8bebb5b9b6d8da62e6a5268d827787da461cc0d6
4 files changed