RBAC Utils Module

this page last updated: 2018-11-05 17:15:30

RBAC Utils Module

Overview

Patrole manipulates the os_primary Tempest credentials, which are the primary set of Tempest credentials. It is necessary to use the same credentials across the entire test setup/test execution/test teardown workflow because otherwise 400-level errors will be thrown by OpenStack services.

This is because many services check the request context’s project scope – and in very rare cases, user scope. However, each set of Tempest credentials (via dynamic credentials) is allocated its own distinct project. For example, the os_admin and os_primary credentials each have a distinct project, meaning that it is not always possible for the os_primary credentials to access resources created by the os_admin credentials.

The only foolproof solution is to manipulate the role for the same set of credentials, rather than using distinct credentials for setup/teardown and test execution, respectively. This is especially true when considering custom policy rule definitions, which can be arbitrarily complex.

Implementation

RBAC Utils Module

this page last updated: 2018-11-05 17:15:30
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

found an error? report a bug questions?