neutron

In admin context is_advsvc should be True

Bug #1450244 reported by Salvatore Orlando on 2015-04-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Low	Salvatore Orlando	neutron 7.0.0 "liberty"

Bug Description

Currently the is_advsvc setting on the Context object is always calculated with a policy check [1].
When is_admin is set to True the Context is being explicitly built to have admin rights.
This seems kind of reasonable. It will still be possible to define policies when a user with a "advsvc" role can perform operations not even an "admin" can do (if that makes any sense).
This just for those contexts which are built inside the business logic to gain access to the whole database.

I am not sure if this can be of any practical use - for instance it might serve a similar purpose of get_admin_context.
However, it will spare an unnecessary check in the policy engine.
Moreover, It is going to simplify quite a bit implementation of "light" unit tests with minimal harness. For instance unit tests which only cover DB operations.

[1] http://git.openstack.org/cgit/openstack/neutron/tree/neutron/context.py#n68

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-04-29: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/178877

Changed in neutron:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-01: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/178877
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=661dea6b5e1861e56bfccc8ebe1ae637a70b3cbd
Submitter: Jenkins
Branch: master

commit 661dea6b5e1861e56bfccc8ebe1ae637a70b3cbd
Author: Salvatore Orlando <email address hidden>
Date: Wed Apr 29 16:07:27 2015 -0700

Context: is_admin==True implies is_advsvc=True

    With this change is the is_admin parameter is set to True when
    creating a context, the is_advsvc property is set to True as well,
    without executing a pointless check with policy engine.

Closes-Bug: #1450244

Change-Id: I0a21a82692665599260d07c00c55df18fc926eb5

Changed in neutron:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-22: Fix proposed to neutron (neutron-pecan)

Fix proposed to branch: neutron-pecan
Review: https://review.openstack.org/185072

Thierry Carrez (ttx) on 2015-06-24

Changed in neutron:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-10-15

Changed in neutron:
milestone:	liberty-1 → 7.0.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.