[Openstack-operators] Tempest configuration for only admin api enforcement

Matthew Treinish mtreinish at kortar.org
Tue Oct 27 07:22:43 UTC 2015

On Thu, Oct 22, 2015 at 05:39:23PM +0000, Edgar Magana wrote:
> Folks,
> We need to modify our CI/CD tempest execution to adjust some changes that we are doing in neutron/policy.json file. Basically, we are limiting all the POST operations for admin user. This makes some tempest tests to fail for obvious reasons, any idea what would be the best way to make tempest aware of our new policy.json configuration? We do not want to hack the code to run all the tests as admin, this is why we are looking for suggestions.

So tempest by design doesn't make this exactly easy, it breaks some of the
interop stuff that tempest is trying to enforce. 

But, that being said there are 2 ways I think you can do this today. You could
use an accounts.yaml file that has admin users listed but doesn't list admin as
a role in the yaml.[1] This should allow the credentials to be used for non-admin
tests (which is normally blocked) The alternative is if you're using tenant
isolation/dynamic creds you can add the admin role to the tempest_roles option
to assign admin to every user tempest creates. [2] 

However, the caveat here is that I've not ever seen these configuration paths
used before. So I can definitely see there being weird side effects from doing
this. Mostly because admin has the ability to do more than regular users which
will break some of the tests.


Matt Treinish

[1] http://docs.openstack.org/developer/tempest/configuration.html#locking-test-accounts-aka-accounts-yaml-or-accounts-file
[2] http://docs.openstack.org/developer/tempest/configuration.html#dynamic-credentials
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151027/650b3ffb/attachment.pgp>

More information about the OpenStack-operators mailing list