[queues] admin_mode should be a CLI opt

Bug #1244228 reported by Allele Dev
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
zaqar
Fix Released
Medium
Flavio Percoco

Bug Description

The param should be moved into a separate list of params and register_cli_opts should be called instead of register_opts.

Kurt Griffiths (kgriffs)
Changed in marconi:
importance: Undecided → Medium
milestone: none → icehouse-2
status: New → Triaged
Changed in marconi:
assignee: nobody → Flavio Percoco (flaper87)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to marconi (master)

Fix proposed to branch: master
Review: https://review.openstack.org/65078

Changed in marconi:
status: Triaged → In Progress
Revision history for this message
Flavio Percoco (flaper87) wrote :

I think this should be re-targeted. Unfortunately, oslo config makes it really difficult to use a non global config instance and register CLI arguments at runtime.

I'll do some work on this area but I'm not sure it'll make it for i-2

Changed in marconi:
milestone: icehouse-2 → icehouse-3
Revision history for this message
Kurt Griffiths (kgriffs) wrote :

I think we should make admin mode go away and rely on Keystone roles instead for RBAC.

Revision history for this message
Kurt Griffiths (kgriffs) wrote :

Let's do this for Juno

no longer affects: marconi/icehouse
Changed in marconi:
milestone: icehouse-3 → none
Revision history for this message
Kurt Griffiths (kgriffs) wrote :

Flavio, what should we do with this?

Changed in marconi:
status: In Progress → Triaged
Revision history for this message
Flavio Percoco (flaper87) wrote :

I agree we need a RBAC admin endpoints. However, doing so is quite a change and I think we should discuss it a bit further to make sure we'll get it right. The way other projects do this is by adding a context middleware and passing a context object around in the wsgi request object. This seems to work in most cases but I think we need to decide what's going to happen when a user w/o permissions try to access a protected resource, how granular we want this to be and how much we want to push this down the stack.

I'd prefer us to start discussing RBAC first and then talk about what will happen with the admin endpoints. With regards to this bug, I think we can close it. I don't want us to add a new cli-param if we know we'll remove it later.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/112781

Changed in marconi:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to marconi (master)

Reviewed: https://review.openstack.org/112781
Committed: https://git.openstack.org/cgit/openstack/marconi/commit/?id=da0f51a930b8eedf82687868e72d0d8ca0a6e6de
Submitter: Jenkins
Branch: master

commit da0f51a930b8eedf82687868e72d0d8ca0a6e6de
Author: Flavio Percoco <email address hidden>
Date: Fri Aug 8 09:44:12 2014 +0200

    Make `admin_mode` a cli option

    Change-Id: Ibb3d0a847a74e2c1fb54a82a2673632002b23421
    Closes-bug: #1244228

Changed in marconi:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in zaqar:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in zaqar:
milestone: juno-3 → 2014.2
no longer affects: zaqar/juno
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.