Comment 3 for bug 1473396

andrea-frittoli:
Actually, if we want to non-admin tests pass against admin URL it requires to have too smart identity client.

Right now non-admin tests use non-admin identity client. It looks quite reasonable and it works for non-admin endpoint. But if we run same tests against admin endpoint we will get a failure (something like that - http://paste.openstack.org/show/361823/ ). It because non-admin identity client gets a token with primary credentials and tries to do some actions require admin rights. In public endpoint these actions don't require admin rights but in admin endpoint - they do.

So if we want to have non-admin tests passed against admin endpoint it leads us to have "smart" non_admin_but_admin_if_necessary identity client. It is not a good idea, I think.