Unable to set "scope" for dynamic credentials
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tempest |
Fix Released
|
Undecided
|
Ghanshyam Mann | ||
Bug Description
Tempest allows you to create credentials with a specific list of roles using the "credentials" list:
credentials = ['admin', 'primary',
Now with token scoping in keystone, we need to be able to set a custom scope for these credentials as well.
For example, the 'lb_admin' credential (service specific, cross-project admin) needs the "system" scope to see the cross-project objects.
Currently in tempest there is no way (official) to specify the scope on these credentials.
To be able to test the full matrix of RBAC personas, we need to enhance the "credentials" list to allow the specification of the token scope for the credential.
| Ghanshyam Mann (ghanshyammann) wrote | #1 |
| Changed in tempest: | |
| status: | New → Triaged |
| assignee: | nobody → Ghanshyam Mann (ghanshyammann) |
| Martin Kopec (mkopec) wrote | #2 |
| Michael Johnson (johnsom) wrote | #3 |
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/tempest 26.1.0 | #4 |
| Martin Kopec (mkopec) wrote | #5 |
| Changed in tempest: | |
| status: | Triaged → Fix Released |
this is left over from system scope support in Tempest. We need to add scope support in get_creds_by_roles also.