Unable to set "scope" for dynamic credentials
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tempest |
Fix Released
|
Undecided
|
Ghanshyam Mann |
Bug Description
Tempest allows you to create credentials with a specific list of roles using the "credentials" list:
credentials = ['admin', 'primary',
Now with token scoping in keystone, we need to be able to set a custom scope for these credentials as well.
For example, the 'lb_admin' credential (service specific, cross-project admin) needs the "system" scope to see the cross-project objects.
Currently in tempest there is no way (official) to specify the scope on these credentials.
To be able to test the full matrix of RBAC personas, we need to enhance the "credentials" list to allow the specification of the token scope for the credential.
this is left over from system scope support in Tempest. We need to add scope support in get_creds_by_roles also.