← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #32490

[Bug 1450244] [NEW] In admin context is_advsvc should be True

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Currently the is_advsvc setting on the Context object is always calculated with a policy check [1].
When is_admin is set to True the Context is being explicitly built to have admin rights. 
This seems kind of reasonable. It will still be possible to define policies when a user with a "advsvc" role can perform operations not even an "admin" can do (if that makes any sense).
This just for those contexts which are built inside the business logic to gain access to the whole database.

I am not sure if this can be of any practical use - for instance it might serve a similar purpose of get_admin_context.
However, it will spare an unnecessary check in the policy engine.
Moreover, It is going to simplify quite a bit implementation of "light" unit tests with minimal harness. For instance unit tests which only cover DB operations.

[1]
http://git.openstack.org/cgit/openstack/neutron/tree/neutron/context.py#n68

** Affects: neutron
     Importance: Low
     Assignee: Salvatore Orlando (salvatore-orlando)
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1450244

Title:
  In admin context is_advsvc should be True

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Currently the is_advsvc setting on the Context object is always calculated with a policy check [1].
  When is_admin is set to True the Context is being explicitly built to have admin rights. 
  This seems kind of reasonable. It will still be possible to define policies when a user with a "advsvc" role can perform operations not even an "admin" can do (if that makes any sense).
  This just for those contexts which are built inside the business logic to gain access to the whole database.

  I am not sure if this can be of any practical use - for instance it might serve a similar purpose of get_admin_context.
  However, it will spare an unnecessary check in the policy engine.
  Moreover, It is going to simplify quite a bit implementation of "light" unit tests with minimal harness. For instance unit tests which only cover DB operations.

  [1]
  http://git.openstack.org/cgit/openstack/neutron/tree/neutron/context.py#n68

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1450244/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next