Merge "Clean up [identity-feature-enable] options for old releases"

releasenotes/notes/identity-feature-opt-cleanup-caracal-7afd283855a07025.yaml

@@ -0,0 +1,21 @@
+---
+upgrade:
+  - |
+    The following deprecated options in the ``[identity-feature-enabled]``
+    section have been removed. Project tags API and application credentials
+    API are now always tested if identity v3 API is available.
+
+    - ``project_tag``
+    - ``application_credentials``
+
+  - |
+    Default value of the ``[identity-feature-enabled] access_rule`` option has
+    been changed from ``False`` to ``True`` and now the access rule API is
+    always tested when identity API is available.
+
+deprecations:
+  - |
+    The Keystone access_rule is enabled by default since Train release and we
+    no longer need a separate config in Tempest to enable it. Therefore
+    the ``[identity-feature-enabled] access_rule`` option has been deprecated
+    and will be removed in a future release.

tempest/api/identity/admin/v3/test_project_tags.py

@@ -13,8 +13,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import testtools
-
 from tempest.api.identity import base
 from tempest import config
 from tempest.lib.common.utils import data_utils
@@ -33,8 +31,6 @@ class IdentityV3ProjectTagsTest(base.BaseIdentityV3AdminTest):
     force_tenant_isolation = False
 
     @decorators.idempotent_id('7c123aac-999d-416a-a0fb-84b915ab10de')
-    @testtools.skipUnless(CONF.identity_feature_enabled.project_tags,
-                          'Project tags not available.')
     def test_list_update_delete_project_tags(self):
         """Test listing, updating and deleting of project tags"""
         project = self.setup_test_project()

tempest/api/identity/base.py

@@ -321,13 +321,6 @@ class BaseIdentityV3AdminTest(BaseIdentityV3Test):
 
 class BaseApplicationCredentialsV3Test(BaseIdentityV3Test):
 
-    @classmethod
-    def skip_checks(cls):
-        super(BaseApplicationCredentialsV3Test, cls).skip_checks()
-        if not CONF.identity_feature_enabled.application_credentials:
-            raise cls.skipException("Application credentials are not available"
-                                    " in this environment")
-
     @classmethod
     def resource_setup(cls):
         super(BaseApplicationCredentialsV3Test, cls).resource_setup()

tempest/config.py

@@ -263,23 +263,11 @@ IdentityFeatureGroup = [
                 default=False,
                 help='Does the environment have the security compliance '
                      'settings enabled?'),
-    cfg.BoolOpt('project_tags',
-                default=True,
-                help='Is the project tags identity v3 API available?',
-                deprecated_for_removal=True,
-                deprecated_reason='Project tags API is a default feature '
-                                  'since Queens'),
-    cfg.BoolOpt('application_credentials',
-                default=True,
-                help='Does the environment have application credentials '
-                     'enabled?',
-                deprecated_for_removal=True,
-                deprecated_reason='Application credentials is a default '
-                                  'feature since Queens'),
-    # Access rules for application credentials is a default feature in Train.
-    # This config option can removed once Stein is EOL.
     cfg.BoolOpt('access_rules',
-                default=False,
+                default=True,
+                deprecated_for_removal=True,
+                deprecated_reason='Access rules for application credentials '
+                                  'is a default feature since Train',
                 help='Does the environment have access rules enabled?'),
     cfg.BoolOpt('immutable_user_source',
                 default=False,