On Thu, Oct 22, 2015 at 05:39:23PM +0000, Edgar Magana wrote: > Folks, > > We need to modify our CI/CD tempest execution to adjust some changes that we > are doing in neutron/policy.json file. Basically, we are limiting all the > POST operations for admin user. This makes some tempest tests to fail for > obvious reasons, any idea what would be the best way to make tempest aware of > our new policy.json configuration? We do not want to hack the code to run all > the tests as admin, this is why we are looking for suggestions.
So tempest by design doesn't make this exactly easy, it breaks some of the interop stuff that tempest is trying to enforce. But, that being said there are 2 ways I think you can do this today. You could use an accounts.yaml file that has admin users listed but doesn't list admin as a role in the yaml.[1] This should allow the credentials to be used for non-admin tests (which is normally blocked) The alternative is if you're using tenant isolation/dynamic creds you can add the admin role to the tempest_roles option to assign admin to every user tempest creates. [2] However, the caveat here is that I've not ever seen these configuration paths used before. So I can definitely see there being weird side effects from doing this. Mostly because admin has the ability to do more than regular users which will break some of the tests. Thanks, Matt Treinish [1] http://docs.openstack.org/developer/tempest/configuration.html#locking-test-accounts-aka-accounts-yaml-or-accounts-file [2] http://docs.openstack.org/developer/tempest/configuration.html#dynamic-credentials
signature.asc
Description: PGP signature
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
