Neutron NeutronKeystoneContext object doesn't retrieve user_domain attribute

Bug #1621073 reported by SFilatov
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Akihiro Motoki

Bug Description

Neutron object does not retrieve keystone domain attribute from request headers.
Neutron policies use context to check rules so we are not able to use domains.

Context is formed from headers in __call__ of NeutronKeystoneContext object, which initializes Context object.

Tags: api
John Schwarz (jschwarz)
tags: added: api
Revision history for this message
Akihiro Motoki (amotoki) wrote :

oslo_context provides a convenient way to create a context from environment [1].
neutron.auth has its own logic to extract environments and create a context [2].

neutron.auth needs to be updated to use the standard way from oslo.context.

[1] http://git.openstack.org/cgit/openstack/oslo.context/tree/oslo_context/context.py
[2] http://git.openstack.org/cgit/openstack/neutron/tree/neutron/auth.py#n27

Changed in neutron:
status: New → Triaged
importance: Undecided → Medium
Akihiro Motoki (amotoki)
Changed in neutron:
assignee: nobody → Akihiro Motoki (amotoki)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/448538

Changed in neutron:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/448538
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=75c34838ef7132352a34b0c224c2536a5283b1d5
Submitter: Jenkins
Branch: master

commit 75c34838ef7132352a34b0c224c2536a5283b1d5
Author: Akihiro Motoki <email address hidden>
Date: Wed Mar 22 11:55:31 2017 +0000

    Use oslo.context class method to construct context object

    oslo_context.Context.from_environ provides a more generic way
    to contruct a context object from request environment.
    We can support more new attributes supported in keystonemiddleware
    without changing our code.

    Partial-Bug: #1674349
    Closes-Bug: #1621073

    In the unit test, context.tenant_name is replaced to context.project_name
    as it will be the recommended way to access project name now.
    Note that equivalency of project_name and tenant_name will be ensured
    by a depending neutron-lib patch [1], so this change affects nobody.

    [1] https://review.openstack.org/#/c/448537/

    Depends-On: Ieec57d9ea8d95e55499a17e2c04da5e3e78a1557
    Change-Id: Ie48aa843ca8c852b1e93e760d2e3e8aaa38aed56

Changed in neutron:
status: In Progress → Fix Released
Akihiro Motoki (amotoki)
Changed in neutron:
milestone: none → pike-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 11.0.0.0b1

This issue was fixed in the openstack/neutron 11.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.