yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1250763] Re: Users with admin role in Nova should not re-authenticate with Neutron

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Adam Gandelman <1250763@xxxxxxxxxxxxxxxxxx>
Date: Fri, 28 Mar 2014 21:06:04 -0000
Reply-to: Bug 1250763 <1250763@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: nova/havana
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1250763

Title:
  Users with admin role in Nova should not re-authenticate with Neutron

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Compute (nova) havana series:
  New

Bug description:
  A recent change to the way Nova creates a Neutron client https://review.openstack.org/#/c/52954/4
  changed the conditions under which it re-authenticates using the neutron admin credentials from
  “if admin” to “if admin or context.is_admin”.

  This means that any user with admin role in Nova now interacts with Neutron as a different tenant.
  Not only does this cause an unnecessary re-authentication (The user may/should also have an admin
  role in Neutron) it means that they can no longer  allocate and assign a floating IP to their instance
  via Nova (as the floating ip will now always be allocated in the context of neutron_admin_tenant).

  The context_is_admin part of this change should be reverted.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1250763/+subscriptions