In admin context is_advsvc should be True
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Low
|
Salvatore Orlando |
Bug Description
Currently the is_advsvc setting on the Context object is always calculated with a policy check [1].
When is_admin is set to True the Context is being explicitly built to have admin rights.
This seems kind of reasonable. It will still be possible to define policies when a user with a "advsvc" role can perform operations not even an "admin" can do (if that makes any sense).
This just for those contexts which are built inside the business logic to gain access to the whole database.
I am not sure if this can be of any practical use - for instance it might serve a similar purpose of get_admin_context.
However, it will spare an unnecessary check in the policy engine.
Moreover, It is going to simplify quite a bit implementation of "light" unit tests with minimal harness. For instance unit tests which only cover DB operations.
[1] http://
Changed in neutron: | |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | liberty-1 → 7.0.0 |
Fix proposed to branch: master /review. openstack. org/178877
Review: https:/