Duplicate testing for system scoped ACL testing

In order for us to understand if we're starting to break
compatability with scope changes, we need to at least have
some testing, someway, some place to provide insight.

Hopefully, this should provide that insight by running
the same API testing we run with by default.

Once we have fully defined the scoped authenticaiton
use requirements, we can begin to build the new test
matrix, but this gives us a start.

Change-Id: Ie12e2665c97326142b564b23603647ec9d97052c

1 files changed, 16 insertions, 0 deletions

diff --git a/ironic/tests/unit/api/test_acl.py b/ironic/tests/unit/api/test_acl.py
index adea1fe4e..e349da4cd 100644
--- a/ironic/tests/unit/api/test_acl.py
+++ b/ironic/tests/unit/api/test_acl.py
@@ -246,3 +246,19 @@ class TestRBACModelBeforeScopes(TestACLBase):
     def test_rbac_legacy(self, **kwargs):
         self._check_skip(**kwargs)
         self._test_request(**kwargs)
+
+
+@ddt.ddt
+class TestRBACScoped(TestRBACModelBeforeScopes):
+    """Test Scoped ACL access using our existing access policy."""
+
+    def setUp(self):
+        super(TestRBACScoped, self).setUp()
+
+        cfg.CONF.set_override('enforce_scope', True, group='oslo_policy')
+        cfg.CONF.set_override('enforce_new_defaults', True,
+                              group='oslo_policy')
+        # NOTE(TheJulia): The purpose of this class is to execute the legacy
+        # RBAC tests with the new configuration, which forces us to
+        # explicity mark each test as a deprecated test later on. That
+        # funcationality will be added in a later patch when needed,