Global option for enforcing scope (ENFORCE_SCOPE)
This updates each devstack service library, to use it as the
default value for service-specific RBAC configuration.
Change-Id: I41061d042206c411ee3dd94ce91098e612af7ae7
diff --git a/lib/tempest b/lib/tempest
index 4504663..1fd4184 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -607,14 +607,19 @@
# If services enable the enforce_scope for their policy
# we need to enable the same on Tempest side so that
# test can be run with scoped token.
- if [[ "$KEYSTONE_ENFORCE_SCOPE" == True ]] ; then
+ if [[ "$KEYSTONE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $TEMPEST_CONFIG enforce_scope keystone true
iniset $TEMPEST_CONFIG auth admin_system 'all'
iniset $TEMPEST_CONFIG auth admin_project_name ''
fi
- iniset $TEMPEST_CONFIG enforce_scope glance "$GLANCE_ENFORCE_SCOPE"
- iniset $TEMPEST_CONFIG enforce_scope cinder "$CINDER_ENFORCE_SCOPE"
+ if [[ "$GLANCE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
+ iniset $TEMPEST_CONFIG enforce_scope glance true
+ fi
+
+ if [[ "$CINDER_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
+ iniset $TEMPEST_CONFIG enforce_scope cinder true
+ fi
if [ "$VIRT_DRIVER" = "libvirt" ] && [ "$LIBVIRT_TYPE" = "lxc" ]; then
# libvirt-lxc does not support boot from volume or attaching volumes