Users with admin role in Nova should not re-authenticate with Neutron
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Phil Day | ||
Havana |
Fix Released
|
High
|
Matt Riedemann |
Bug Description
A recent change to the way Nova creates a Neutron client https:/
changed the conditions under which it re-authenticates using the neutron admin credentials from
“if admin” to “if admin or context.is_admin”.
This means that any user with admin role in Nova now interacts with Neutron as a different tenant.
Not only does this cause an unnecessary re-authentication (The user may/should also have an admin
role in Neutron) it means that they can no longer allocate and assign a floating IP to their instance
via Nova (as the floating ip will now always be allocated in the context of neutron_
The context_is_admin part of this change should be reverted.
Changed in nova: | |
importance: | Undecided → High |
Changed in nova: | |
status: | In Progress → Fix Committed |
status: | Fix Committed → In Progress |
Changed in nova: | |
milestone: | none → icehouse-1 |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | icehouse-1 → 2014.1 |
Patch is here: https:/ /review. openstack. org/#/c/ 56174/