commit 1c1371c78b990447aeaa4377b512f8887e6ff3ce
Author: Phil Day <email address hidden>
Date: Wed Nov 13 09:39:47 2013 +0000
Users with admin role in Nova should not re-auth with Neutron
A recent change to the way Nova creates a Neutron clients https://review.openstack.org/#/c/52954/4 changed the conditions
under which it re-authenticates using the neutron admin credentials
from "if admin" to "if admin or context.is_admin".
This means that any user with admin role in Nova now interacts
with Neutron as a different tenant. Not only does this cause an
unnecessary re-authentication (The user may/should also have an admin
role in Neutron) it means that they can no longer allocate and assign
a floating IP to their instance via Nova (as the floating ip will now
always be allocated in the context of neutron_admin_tenant).
This change removes the context.is_admin check to revert to the
previous behaviour where the used of admin creds is determined just
on the explicit use of "admin=True" parameter to get_client().
Reviewed: https:/ /review. openstack. org/56174 github. com/openstack/ nova/commit/ 1c1371c78b99044 7aeaa4377b512f8 887e6ff3ce
Committed: http://
Submitter: Jenkins
Branch: master
commit 1c1371c78b99044 7aeaa4377b512f8 887e6ff3ce
Author: Phil Day <email address hidden>
Date: Wed Nov 13 09:39:47 2013 +0000
Users with admin role in Nova should not re-auth with Neutron
A recent change to the way Nova creates a Neutron clients /review. openstack. org/#/c/ 52954/4 changed the conditions
https:/
under which it re-authenticates using the neutron admin credentials
from "if admin" to "if admin or context.is_admin".
This means that any user with admin role in Nova now interacts admin_tenant) .
with Neutron as a different tenant. Not only does this cause an
unnecessary re-authentication (The user may/should also have an admin
role in Neutron) it means that they can no longer allocate and assign
a floating IP to their instance via Nova (as the floating ip will now
always be allocated in the context of neutron_
This change removes the context.is_admin check to revert to the
previous behaviour where the used of admin creds is determined just
on the explicit use of "admin=True" parameter to get_client().
Change-Id: Ib1720420c77896 0bc90c5b7d703de 936ebb7d6b5
Closes-Bug: 1250763