Update Octavia tempest tests for no scoped tokens
There has been a direction change in the "secure-RBAC" goal and scoped tokens are no longer being implemented[1]. The Octavia tempest tests were updated for the new keystone roles and scoped tokens at the same time with an (bad) assumption that they would be turned on at the same time. This patch updates the Octavia tempest plugin to not assume that scoped tokens are in use when the RBAC type is set to keystone_default_roles. [1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#direction-change Depends-On: https://review.opendev.org/c/openstack/octavia/+/877433 Change-Id: Ia1c4ca0b675d39bd43640184d6d3deba823fd3f6
This commit is contained in:
parent
5b73479a4d
commit
6dac8ff58f
|
@ -244,7 +244,11 @@ OctaviaGroup = [
|
|||
help='Does the load-balancer service API policies enforce '
|
||||
'the new keystone default roles? This configuration '
|
||||
'value should be same as octavia.conf: '
|
||||
'[oslo_policy].enforce_new_defaults option.'),
|
||||
'[oslo_policy].enforce_new_defaults option.',
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason='Consolidated into the RBAC_test_type '
|
||||
'setting.',
|
||||
deprecated_since='bobcat'),
|
||||
]
|
||||
|
||||
lb_feature_enabled_group = cfg.OptGroup(name='loadbalancer-feature-enabled',
|
||||
|
|
|
@ -94,7 +94,7 @@ class AmphoraAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -182,7 +182,7 @@ class AmphoraAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -217,7 +217,7 @@ class AmphoraAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
|
|
@ -109,7 +109,7 @@ class AvailabilityZoneAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -232,7 +232,7 @@ class AvailabilityZoneAPITest(test_base.LoadBalancerBaseTest):
|
|||
'os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
|
@ -385,7 +385,7 @@ class AvailabilityZoneAPITest(test_base.LoadBalancerBaseTest):
|
|||
'os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
|
@ -458,7 +458,7 @@ class AvailabilityZoneAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -535,7 +535,7 @@ class AvailabilityZoneAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
|
|
@ -48,7 +48,7 @@ class AvailabilityZoneCapabilitiesAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
|
|
@ -80,7 +80,7 @@ class AvailabilityZoneProfileAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -235,7 +235,7 @@ class AvailabilityZoneProfileAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -396,7 +396,7 @@ class AvailabilityZoneProfileAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -498,7 +498,7 @@ class AvailabilityZoneProfileAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -580,7 +580,7 @@ class AvailabilityZoneProfileAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
|
|
@ -92,7 +92,7 @@ class FlavorAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -198,7 +198,7 @@ class FlavorAPITest(test_base.LoadBalancerBaseTest):
|
|||
'os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
|
@ -326,7 +326,7 @@ class FlavorAPITest(test_base.LoadBalancerBaseTest):
|
|||
'os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
|
@ -394,7 +394,7 @@ class FlavorAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -458,7 +458,7 @@ class FlavorAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
|
|
@ -46,7 +46,7 @@ class FlavorCapabilitiesAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
|
|
@ -64,7 +64,7 @@ class FlavorProfileAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -184,7 +184,7 @@ class FlavorProfileAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -313,7 +313,7 @@ class FlavorProfileAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -391,7 +391,7 @@ class FlavorProfileAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
@ -458,7 +458,7 @@ class FlavorProfileAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
|
|
@ -282,7 +282,8 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -724,8 +725,8 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_primary', 'os_roles_lb_member2']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary',
|
||||
'os_roles_lb_member2', 'os_roles_lb_observer',
|
||||
expected_allowed = ['os_primary', 'os_roles_lb_member2',
|
||||
'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_roles_lb_observer', 'os_roles_lb_member2']
|
||||
|
@ -739,8 +740,8 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin', 'os_roles_lb_member',
|
||||
|
@ -763,7 +764,7 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
|||
# a superscope of "project_reader". This means it can read
|
||||
# objects in the "admin" credential's project.
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
|
@ -1193,8 +1194,8 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin',
|
||||
|
@ -1475,7 +1476,8 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -1778,7 +1780,8 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
|
|
@ -139,7 +139,8 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -365,8 +366,8 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_primary', 'os_roles_lb_member2']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary',
|
||||
'os_roles_lb_member2', 'os_roles_lb_observer',
|
||||
expected_allowed = ['os_primary', 'os_roles_lb_member2',
|
||||
'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_roles_lb_observer', 'os_roles_lb_member2']
|
||||
|
@ -380,8 +381,8 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin', 'os_roles_lb_member',
|
||||
|
@ -406,7 +407,7 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
|||
# a superscope of "project_reader". This means it can read
|
||||
# objects in the "admin" credential's project.
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
|
@ -652,8 +653,8 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin',
|
||||
|
@ -761,7 +762,8 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -872,7 +874,8 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
|
|
@ -147,7 +147,8 @@ class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -357,8 +358,8 @@ class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin', 'os_roles_lb_member',
|
||||
|
@ -380,7 +381,7 @@ class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
|||
# a superscope of "project_reader". This means it can read
|
||||
# objects in the "admin" credential's project.
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
|
@ -566,8 +567,8 @@ class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin',
|
||||
|
@ -654,7 +655,8 @@ class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -756,7 +758,8 @@ class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
|
|
@ -165,7 +165,8 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -564,8 +565,8 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_primary', 'os_roles_lb_member2']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary',
|
||||
'os_roles_lb_member2', 'os_roles_lb_observer',
|
||||
expected_allowed = ['os_primary', 'os_roles_lb_member2',
|
||||
'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_roles_lb_observer', 'os_roles_lb_member2']
|
||||
|
@ -579,8 +580,8 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin', 'os_roles_lb_member',
|
||||
|
@ -604,7 +605,7 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||
# a superscope of "project_reader". This means it can read
|
||||
# objects in the "admin" credential's project.
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
|
@ -887,8 +888,8 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin',
|
||||
|
@ -1036,7 +1037,8 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -1215,7 +1217,8 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
|
|
@ -89,7 +89,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
|
@ -193,7 +193,8 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -242,7 +243,8 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -418,8 +420,8 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_primary', 'os_roles_lb_member2']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary',
|
||||
'os_roles_lb_member2', 'os_roles_lb_observer',
|
||||
expected_allowed = ['os_primary', 'os_roles_lb_member2',
|
||||
'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_roles_lb_observer', 'os_roles_lb_member2']
|
||||
|
@ -433,8 +435,8 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin', 'os_roles_lb_member',
|
||||
|
@ -457,7 +459,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
|||
# a superscope of "project_reader". This means it can read
|
||||
# objects in the "admin" credential's project.
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
|
@ -635,8 +637,8 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin',
|
||||
|
@ -739,7 +741,8 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -831,8 +834,8 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin',
|
||||
|
@ -902,8 +905,8 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin',
|
||||
|
@ -978,7 +981,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
|
|
|
@ -902,7 +902,8 @@ class MemberAPITest1(MemberAPITest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -1233,8 +1234,8 @@ class MemberAPITest1(MemberAPITest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin', 'os_roles_lb_member',
|
||||
|
@ -1255,7 +1256,7 @@ class MemberAPITest1(MemberAPITest):
|
|||
# a superscope of "project_reader". This means it can read
|
||||
# objects in the "admin" credential's project.
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
|
@ -1798,8 +1799,8 @@ class MemberAPITest2(MemberAPITest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin',
|
||||
|
@ -2255,7 +2256,8 @@ class MemberAPITest2(MemberAPITest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -2713,7 +2715,8 @@ class MemberAPITest2(MemberAPITest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -2958,7 +2961,8 @@ class MemberAPITest2(MemberAPITest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
|
|
@ -408,7 +408,8 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -752,8 +753,8 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_primary', 'os_roles_lb_member2']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary',
|
||||
'os_roles_lb_member2', 'os_roles_lb_observer',
|
||||
expected_allowed = ['os_primary', 'os_roles_lb_member2',
|
||||
'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_roles_lb_observer', 'os_roles_lb_member2']
|
||||
|
@ -767,8 +768,8 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
|||
if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin', 'os_roles_lb_member',
|
||||
|
@ -791,7 +792,7 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
|||
# a superscope of "project_reader". This means it can read
|
||||
# objects in the "admin" credential's project.
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
|
@ -1131,8 +1132,8 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_system_reader',
|
||||
'os_roles_lb_admin',
|
||||
|
@ -1371,7 +1372,8 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
@ -1673,7 +1675,8 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
|||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_member']
|
||||
expected_allowed = ['os_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member']
|
||||
|
|
|
@ -49,7 +49,7 @@ class ProviderAPITest(test_base.LoadBalancerBaseTest):
|
|||
'os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_system_admin',
|
||||
expected_allowed = ['os_admin', 'os_primary', 'os_roles_lb_admin',
|
||||
'os_system_reader', 'os_roles_lb_observer',
|
||||
'os_roles_lb_global_observer',
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
|
|
|
@ -56,9 +56,10 @@ class LoadBalancerBaseTest(validators.ValidatorsMixin,
|
|||
'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
|
||||
['lb_member', CONF.load_balancer.member_role],
|
||||
['lb_member2', CONF.load_balancer.member_role]]
|
||||
elif CONF.load_balancer.enforce_new_defaults:
|
||||
elif CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
|
||||
credentials = [
|
||||
'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
|
||||
'admin', 'primary',
|
||||
['lb_admin', CONF.load_balancer.admin_role, 'admin'],
|
||||
['lb_observer', CONF.load_balancer.observer_role, 'reader'],
|
||||
['lb_global_observer', CONF.load_balancer.global_observer_role,
|
||||
'reader'],
|
||||
|
|
|
@ -506,21 +506,23 @@
|
|||
- ^octavia_tempest_plugin/tests/(?!api/|\w+\.py).*
|
||||
|
||||
- job:
|
||||
name: octavia-v2-dsvm-noop-api-scoped-tokens
|
||||
name: octavia-v2-dsvm-noop-api-keystone-default-roles
|
||||
parent: octavia-v2-dsvm-noop-api
|
||||
vars:
|
||||
devstack_localrc:
|
||||
OCTAVIA_USE_KEYSTONE_DEFAULT_ROLES: True
|
||||
devstack_local_conf:
|
||||
post-config:
|
||||
$OCTAVIA_CONF:
|
||||
oslo_policy:
|
||||
enforce_scope: True
|
||||
enforce_scope: False
|
||||
enforce_new_defaults: True
|
||||
test-config:
|
||||
"$TEMPEST_CONFIG":
|
||||
enforce_scope:
|
||||
octavia: True
|
||||
octavia: False
|
||||
load_balancer:
|
||||
enforce_new_defaults: True
|
||||
RBAC_test_type: keystone_default_roles
|
||||
|
||||
- job:
|
||||
name: octavia-v2-dsvm-noop-py2-api
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
- octavia-v2-dsvm-noop-api-stable-yoga
|
||||
- octavia-v2-dsvm-noop-api-stable-xena
|
||||
- octavia-v2-dsvm-noop-api-stable-wallaby
|
||||
- octavia-v2-dsvm-noop-api-scoped-tokens
|
||||
- octavia-v2-dsvm-noop-api-keystone-default-roles
|
||||
- octavia-v2-dsvm-scenario
|
||||
- octavia-v2-dsvm-scenario-stable-yoga
|
||||
- octavia-v2-dsvm-scenario-stable-xena
|
||||
|
@ -54,7 +54,7 @@
|
|||
- octavia-v2-dsvm-noop-api-stable-yoga
|
||||
- octavia-v2-dsvm-noop-api-stable-xena
|
||||
- octavia-v2-dsvm-noop-api-stable-wallaby
|
||||
- octavia-v2-dsvm-noop-api-scoped-tokens
|
||||
- octavia-v2-dsvm-noop-api-keystone-default-roles
|
||||
- octavia-v2-dsvm-scenario
|
||||
- octavia-v2-dsvm-scenario-stable-yoga
|
||||
- octavia-v2-dsvm-scenario-stable-xena
|
||||
|
|
Loading…
Reference in New Issue