Add enforce_scope setting support for keystone
Keystone-tempest-plugin has implemented the secure RBAC
tests and enabling the enforce_scope via keystone devstack
plugin. Doing those setting in devstack will help to manage
easily and in central place also avoid restarting the api
service.
Change-Id: I30da189474476d3397152a0a15c2e30a62d712ad
diff --git a/lib/tempest b/lib/tempest
index 8a5b785..f210e40 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -601,6 +601,16 @@
fi
done
+ # ``enforce_scope``
+ # If services enable the enforce_scope for their policy
+ # we need to enable the same on Tempest side so that
+ # test can be run with scoped token.
+ if [[ "$KEYSTONE_ENFORCE_SCOPE" == True ]] ; then
+ iniset $TEMPEST_CONFIG enforce_scope keystone true
+ iniset $TEMPEST_CONFIG auth admin_system 'all'
+ iniset $TEMPEST_CONFIG auth admin_project_name ''
+ fi
+
if [ "$VIRT_DRIVER" = "libvirt" ] && [ "$LIBVIRT_TYPE" = "lxc" ]; then
# libvirt-lxc does not support boot from volume or attaching volumes
# so basically anything with cinder is out of the question.