Add feature flag for Keystone policies removed in Stein
This patch set adds a new feature flag called ``removed_keystone_policies_stein`` under the configuration group ``[policy-feature-enabled]`` for skipping Keystone tests whose policies were removed in Stein. This feature flag is currently applied to credentials-related policies, e.g.: identity:[create|update|get|delete]_credential More info on removed Keystone policies: https://review.openstack.org/#/c/597187/16 Change-Id: Ibd16e658d0e1367b46a2d6730f2b6970a95ae221
This commit is contained in:
parent
f63a834531
commit
c38aca7587
|
@ -27,10 +27,10 @@ function install_patrole_tempest_plugin {
|
||||||
iniset $TEMPEST_CONFIG policy-feature-enabled volume_extension_volume_actions_reserve_policy False
|
iniset $TEMPEST_CONFIG policy-feature-enabled volume_extension_volume_actions_reserve_policy False
|
||||||
iniset $TEMPEST_CONFIG policy-feature-enabled volume_extension_volume_actions_unreserve_policy False
|
iniset $TEMPEST_CONFIG policy-feature-enabled volume_extension_volume_actions_unreserve_policy False
|
||||||
|
|
||||||
|
# TODO(cl566n): Remove these once stable/pike becomes EOL.
|
||||||
# These policies were removed in Stein but are available in Pike.
|
# These policies were removed in Stein but are available in Pike.
|
||||||
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_stein False
|
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_stein False
|
||||||
|
iniset $TEMPEST_CONFIG policy-feature-enabled removed_keystone_policies_stein False
|
||||||
# TODO(cl566n): Policies used by Patrole testing. Remove these once stable/pike becomes EOL.
|
|
||||||
iniset $TEMPEST_CONFIG policy-feature-enabled added_cinder_policies_stein False
|
iniset $TEMPEST_CONFIG policy-feature-enabled added_cinder_policies_stein False
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -39,16 +39,17 @@ function install_patrole_tempest_plugin {
|
||||||
RBAC_TEST_ROLE="Member"
|
RBAC_TEST_ROLE="Member"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# TODO(cl566n): Remove these once stable/queens becomes EOL.
|
||||||
# These policies were removed in Stein but are available in Queens.
|
# These policies were removed in Stein but are available in Queens.
|
||||||
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_stein False
|
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_stein False
|
||||||
|
iniset $TEMPEST_CONFIG policy-feature-enabled removed_keystone_policies_stein False
|
||||||
# TODO(cl566n): Policies used by Patrole testing. Remove these once stable/queens becomes EOL.
|
|
||||||
iniset $TEMPEST_CONFIG policy-feature-enabled added_cinder_policies_stein False
|
iniset $TEMPEST_CONFIG policy-feature-enabled added_cinder_policies_stein False
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ ${DEVSTACK_SERIES} == 'rocky' ]]; then
|
if [[ ${DEVSTACK_SERIES} == 'rocky' ]]; then
|
||||||
# TODO(cl566n): Policies used by Patrole testing. Remove these once stable/rocky becomes EOL.
|
# TODO(cl566n): Policies used by Patrole testing. Remove these once stable/rocky becomes EOL.
|
||||||
iniset $TEMPEST_CONFIG policy-feature-enabled added_cinder_policies_stein False
|
iniset $TEMPEST_CONFIG policy-feature-enabled added_cinder_policies_stein False
|
||||||
|
iniset $TEMPEST_CONFIG policy-feature-enabled removed_keystone_policies_stein False
|
||||||
fi
|
fi
|
||||||
|
|
||||||
iniset $TEMPEST_CONFIG patrole rbac_test_role $RBAC_TEST_ROLE
|
iniset $TEMPEST_CONFIG patrole rbac_test_role $RBAC_TEST_ROLE
|
||||||
|
|
|
@ -162,11 +162,16 @@ was changed in a backwards-incompatible way."""),
|
||||||
help="""Are the Nova API extension policies available in the
|
help="""Are the Nova API extension policies available in the
|
||||||
cloud (e.g. os_compute_api:os-extended-availability-zone)? These policies were
|
cloud (e.g. os_compute_api:os-extended-availability-zone)? These policies were
|
||||||
removed in Stein because Nova API extension concept was removed in Pike."""),
|
removed in Stein because Nova API extension concept was removed in Pike."""),
|
||||||
|
cfg.BoolOpt('removed_keystone_policies_stein',
|
||||||
|
default=True,
|
||||||
|
help="""Are the obsolete Keystone policies available in the
|
||||||
|
cloud (e.g. identity:[create|update|get|delete]_credential)? These policies
|
||||||
|
were removed in Stein."""),
|
||||||
cfg.BoolOpt('added_cinder_policies_stein',
|
cfg.BoolOpt('added_cinder_policies_stein',
|
||||||
default=True,
|
default=True,
|
||||||
help="""Are the Cinder API extension policies available in the
|
help="""Are the Cinder Stein policies available in the cloud
|
||||||
cloud (e.g. [create|update|get|delete]_encryption_policy)? These policies are
|
(e.g. [create|update|get|delete]_encryption_policy)? These policies are added
|
||||||
added in Stein.""")
|
in Stein.""")
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -13,13 +13,21 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
import testtools
|
||||||
|
|
||||||
|
from tempest import config
|
||||||
from tempest.lib.common.utils import data_utils
|
from tempest.lib.common.utils import data_utils
|
||||||
from tempest.lib import decorators
|
from tempest.lib import decorators
|
||||||
|
|
||||||
from patrole_tempest_plugin import rbac_rule_validation
|
from patrole_tempest_plugin import rbac_rule_validation
|
||||||
from patrole_tempest_plugin.tests.api.identity import rbac_base
|
from patrole_tempest_plugin.tests.api.identity import rbac_base
|
||||||
|
|
||||||
|
CONF = config.CONF
|
||||||
|
|
||||||
|
|
||||||
|
@testtools.skipIf(
|
||||||
|
CONF.policy_feature_enabled.removed_keystone_policies_stein,
|
||||||
|
"This policy is unavailable in Stein so cannot be tested.")
|
||||||
class IdentityCredentialsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
|
class IdentityCredentialsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
|
||||||
|
|
||||||
def _create_user_project_and_credential(self):
|
def _create_user_project_and_credential(self):
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added new feature flag called ``removed_keystone_policies_stein`` under
|
||||||
|
the configuration group ``[policy-feature-enabled]`` for skipping Keystone
|
||||||
|
tests whose policies were removed in Stein. This feature flag is currently
|
||||||
|
applied to credentials-related policies, e.g.:
|
||||||
|
identity:[create|update|get|delete]_credential
|
Loading…
Reference in New Issue