Roles for admin user can be defined in config Using the auth.tempest_admin_roles variable you can assign any extra roles for admin in tempest Fixes-Bug: PRODX-56646 Change-Id: I4f2392c8ab3d690d6bfd9bfa80769d67e60a1433

commit: 665283f15920ad2b17f67e4eda849abfa081edd4 [log] [tgz]
author: Anna Arhipova <harhipova@mirantis.com> Mon Jan 26 14:20:02 2026 +0100
committer: Anna Arhipova <harhipova@mirantis.com> Mon Jan 26 16:41:58 2026 +0100
tree: 6ac64a55c011a5eeef8cfb679e154ad5c97eca92
parent: 8033d1d0ef5fe94a16d7d2f9c595bfffb2af39de [diff]
diff --git a/tempest/common/credentials_factory.py b/tempest/common/credentials_factory.py
index 2e07c80..c81e2b5 100644
--- a/tempest/common/credentials_factory.py
+++ b/tempest/common/credentials_factory.py

@@ -80,6 +80,7 @@
         ('identity_admin_domain_scope', CONF.identity.admin_domain_scope),
         ('identity_admin_role', CONF.identity.admin_role),
         ('extra_roles', CONF.auth.tempest_roles),
+        ('extra_admin_roles', CONF.auth.tempest_admin_roles),
         ('neutron_available', CONF.service_available.neutron),
         ('project_network_cidr', CONF.network.project_network_cidr),
         ('project_network_mask_bits', CONF.network.project_network_mask_bits),

diff --git a/tempest/config.py b/tempest/config.py
index b73b191..cffc537 100644
--- a/tempest/config.py
+++ b/tempest/config.py

@@ -64,6 +64,9 @@
     cfg.ListOpt('tempest_roles',
                 help="Roles to assign to all users created by tempest",
                 default=[]),
+    cfg.ListOpt('tempest_admin_roles',
+                help="Additional roles to assign to admin created by Tempest",
+                default=[]),
     cfg.StrOpt('default_credentials_domain_name',
                default='Default',
                help="Default domain used when getting v3 credentials. "

diff --git a/tempest/lib/common/dynamic_creds.py b/tempest/lib/common/dynamic_creds.py
index 4e87f70..59680b7 100644
--- a/tempest/lib/common/dynamic_creds.py
+++ b/tempest/lib/common/dynamic_creds.py

@@ -73,6 +73,7 @@
                  credentials_domain=None, admin_role=None, admin_creds=None,
                  identity_admin_domain_scope=False,
                  identity_admin_role='admin', extra_roles=None,
+                 extra_admin_roles=None,
                  neutron_available=False, create_networks=True,
                  project_network_cidr=None, project_network_mask_bits=None,
                  public_network_id=None, resource_prefix=None,
@@ -97,6 +98,7 @@
         self.identity_admin_role = identity_admin_role or 'admin'
         self.identity_admin_endpoint_type = identity_admin_endpoint_type
         self.extra_roles = extra_roles or []
+        self.extra_admin_roles = extra_admin_roles or []
         (self.identity_admin_client,
          self.tenants_admin_client,
          self.users_admin_client,
@@ -244,6 +246,7 @@
         roles_to_assign = [r for r in roles]
         if admin:
             roles_to_assign.append(self.admin_role)
+            roles_to_assign.extend(self.extra_admin_roles)
             if scope == 'project':
                 self.creds_client.assign_user_role(
                     user, project, self.identity_admin_role)
commit	665283f15920ad2b17f67e4eda849abfa081edd4	[log] [tgz]
author	Anna Arhipova <harhipova@mirantis.com>	Mon Jan 26 14:20:02 2026 +0100
committer	Anna Arhipova <harhipova@mirantis.com>	Mon Jan 26 16:41:58 2026 +0100
tree	6ac64a55c011a5eeef8cfb679e154ad5c97eca92
parent	8033d1d0ef5fe94a16d7d2f9c595bfffb2af39de [diff]