From 6fecfd4fff79620596db45c9d22f8ec63a0d5522 Mon Sep 17 00:00:00 2001
From: Ghanshyam Mann <gmann@ghanshyammann.com>
Date: Wed, 11 Aug 2021 10:32:42 -0500
Subject: [PATCH] Add devstack-enforce-scope job to enable the rbac scope
 checks

keystone has system scope feature implemented since
queens release. Now Devstack also started moving towards the new RBAC.

This commit adds a new job 'devstack-enforce-scope' which enable the
scope checks on service side and see if devstack setting are fine or not.

This job will be expanded to enable the scope checks for the other service
also once they start supporting the system scope.

This will help us to test the scope check setting.

Change-Id: Ie9cd9c7e7cd8fdf8c8930e59ae9d297f86eb9a95
---
 .zuul.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.zuul.yaml b/.zuul.yaml
index 8c275d84dc..517e12bc1c 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -580,6 +580,17 @@
         SERVICE_IP_VERSION: 6
         SERVICE_HOST: ""
 
+- job:
+    name: devstack-enforce-scope
+    parent: devstack
+    description: |
+      This job runs the devstack with scope checks enabled.
+    vars:
+      devstack_localrc:
+        # Keep enabeling the services here to run with system scope
+        CINDER_ENFORCE_SCOPE: true
+        GLANCE_ENFORCE_SCOPE: true
+
 - job:
     name: devstack-multinode
     parent: devstack
@@ -711,6 +722,7 @@
       jobs:
         - devstack
         - devstack-ipv6
+        - devstack-enforce-scope
         - devstack-platform-fedora-latest
         - devstack-platform-centos-8-stream
         - devstack-async
@@ -765,6 +777,7 @@
       jobs:
         - devstack
         - devstack-ipv6
+        - devstack-enforce-scope
         - devstack-multinode
         - devstack-unit-tests
         - openstack-tox-bashate