Comment 8 for bug 1255577

Reviewed: https://review.openstack.org/59243
Committed: http://github.com/openstack/nova/commit/652620d12f3afe6845e41d9762b52d23f44fd557
Submitter: Jenkins
Branch: master

commit 652620d12f3afe6845e41d9762b52d23f44fd557
Author: Phil Day <email address hidden>
Date: Fri Nov 29 23:24:51 2013 +0000

    Fix Neutron Authentication for Metadata Service

    A recent change to the way Nova creates a Neutron client
    51e5f52e4cb60e266ccde71f205c91eb8c97b48b changed the conditions
    under which it re-authenticates using the neutron admin credentials
    from "if admin" to "if admin or context.is_admin". However this
    meant that any user with admin role in Nova interacted with Neutron
    as a different tenant, preventing them from non-admin actions such
    as allocating floating IPS.

    This was then addressed by 1c1371c78b990447aeaa4377b512f8887e6ff3ce
    which only reauthenticated as admin on the explicit use of
    "admin=True" parameter to neutonv2.get_client().

    However the metadata service does not explicitly create the neutron
    client so it has to pass in a context created by
    context.get_admin_context() which has is_admin=True but no auth_token.

    This change therefore accepts this combination of context values
    as a valid reason to re-authenticate as admin, while still allowing
    users with the admin role to use their own token.

    As a tidy up two tests for getting an admin client are moved from
    TestNeutonClient to join the other admin client tests in
    TestNeutronClientForAdminScenarios

    Change-Id: Ic2a6f383a85f6bb606d8d65feaefa0d23329adb9
    Closes-Bug: 1255577