OpenStack Compute (nova)

  1. Bug #1250763
  2. Comment #2

Comment 2 for bug 1250763

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/56174
Committed: http://github.com/openstack/nova/commit/1c1371c78b990447aeaa4377b512f8887e6ff3ce
Submitter: Jenkins
Branch: master

commit 1c1371c78b990447aeaa4377b512f8887e6ff3ce
Author: Phil Day <email address hidden>
Date: Wed Nov 13 09:39:47 2013 +0000

    Users with admin role in Nova should not re-auth with Neutron

    A recent change to the way Nova creates a Neutron clients
    https://review.openstack.org/#/c/52954/4 changed the conditions
    under which it re-authenticates using the neutron admin credentials
    from "if admin" to "if admin or context.is_admin".

    This means that any user with admin role in Nova now interacts
    with Neutron as a different tenant. Not only does this cause an
    unnecessary re-authentication (The user may/should also have an admin
    role in Neutron) it means that they can no longer allocate and assign
    a floating IP to their instance via Nova (as the floating ip will now
    always be allocated in the context of neutron_admin_tenant).

    This change removes the context.is_admin check to revert to the
    previous behaviour where the used of admin creds is determined just
    on the explicit use of "admin=True" parameter to get_client().

    Change-Id: Ib1720420c778960bc90c5b7d703de936ebb7d6b5
    Closes-Bug: 1250763