yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #32490
[Bug 1450244] [NEW] In admin context is_advsvc should be True
Public bug reported:
Currently the is_advsvc setting on the Context object is always calculated with a policy check [1].
When is_admin is set to True the Context is being explicitly built to have admin rights.
This seems kind of reasonable. It will still be possible to define policies when a user with a "advsvc" role can perform operations not even an "admin" can do (if that makes any sense).
This just for those contexts which are built inside the business logic to gain access to the whole database.
I am not sure if this can be of any practical use - for instance it might serve a similar purpose of get_admin_context.
However, it will spare an unnecessary check in the policy engine.
Moreover, It is going to simplify quite a bit implementation of "light" unit tests with minimal harness. For instance unit tests which only cover DB operations.
[1]
http://git.openstack.org/cgit/openstack/neutron/tree/neutron/context.py#n68
** Affects: neutron
Importance: Low
Assignee: Salvatore Orlando (salvatore-orlando)
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1450244
Title:
In admin context is_advsvc should be True
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Currently the is_advsvc setting on the Context object is always calculated with a policy check [1].
When is_admin is set to True the Context is being explicitly built to have admin rights.
This seems kind of reasonable. It will still be possible to define policies when a user with a "advsvc" role can perform operations not even an "admin" can do (if that makes any sense).
This just for those contexts which are built inside the business logic to gain access to the whole database.
I am not sure if this can be of any practical use - for instance it might serve a similar purpose of get_admin_context.
However, it will spare an unnecessary check in the policy engine.
Moreover, It is going to simplify quite a bit implementation of "light" unit tests with minimal harness. For instance unit tests which only cover DB operations.
[1]
http://git.openstack.org/cgit/openstack/neutron/tree/neutron/context.py#n68
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1450244/+subscriptions
Follow ups
References