Comment 2 for bug 1663204

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to blazar (master)

Submitter: Jenkins
Branch: master

commit 3de6f73e920a16079b8bead3b94353ae0daf7a6d
Author: Pierre Riteau <email address hidden>
Date: Sun Mar 26 20:34:08 2017 -0500

    Fix physical host reservation for non-admin users

    Originally, Blazar was using its service user to manage objects for
    physical host reservation, e.g. host aggregates, which by default
    requires admin rights. Commit 16d5f67ba7020701edbbf09a747f5683b0840c21
    started using a dedicated account configured with values
    climate_username, climate_password, and climate_tenant_name. Commit
    c9b7307cf3c97d3b48878aca6eda5b7fbc4dcfa7 removed this dedicated account
    and started using trusts instead, so that operations were performed on
    behalf of the user creating the lease (with the trustee being the blazar
    service user).

    While this works well if users creating leases are admins, non-admin
    users will get errors because the default Nova policy prevents them from
    running required operations associated with aggregates and hypervisors.

    Since it is not clear why a dedicated account for admin operations was
    required, this patch brings back the approach used before commit
    16d5f67ba7020701edbbf09a747f5683b0840c21, which was to use the service
    account for admin operations. This allows non-admin users to create
    Blazar leases.

    The nova client setup is updated to authenticate against Keystone v3.

    Change-Id: Iad86bb549aec13edd662965d2f91b68c856ae06c
    Closes-Bug: #1663204