yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1450244] Re: In admin context is_advsvc should be True

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 24 Jun 2015 20:23:08 -0000
Reply-to: Bug 1450244 <1450244@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1450244

Title:
  In admin context is_advsvc should be True

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  Currently the is_advsvc setting on the Context object is always calculated with a policy check [1].
  When is_admin is set to True the Context is being explicitly built to have admin rights. 
  This seems kind of reasonable. It will still be possible to define policies when a user with a "advsvc" role can perform operations not even an "admin" can do (if that makes any sense).
  This just for those contexts which are built inside the business logic to gain access to the whole database.

  I am not sure if this can be of any practical use - for instance it might serve a similar purpose of get_admin_context.
  However, it will spare an unnecessary check in the policy engine.
  Moreover, It is going to simplify quite a bit implementation of "light" unit tests with minimal harness. For instance unit tests which only cover DB operations.

  [1]
  http://git.openstack.org/cgit/openstack/neutron/tree/neutron/context.py#n68

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1450244/+subscriptions

References

[Bug 1450244] [NEW] In admin context is_advsvc should be True
From: Salvatore Orlando, 2015-04-29