yahoo-eng-team team mailing list archive

[Slawek Kaplonski <2015987@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

In neutron.context module there are get_admin_context() and
get_admin_context_without_session() helper functions [1]. Both are
creating instance of Context class with is_admin=True but when new
policies are used, admin context is when it has role "admin" in roles
[1].

This is causing issues in some cases as get_admin_context don't really
returns something what new policies treats as admin context.

[1] https://github.com/openstack/neutron-
lib/blob/c5413d56b6db63a59280b528f66f1b343c684091/neutron_lib/context.py#L178

[2]
https://github.com/openstack/neutron/blob/fe9c321fd880c3a2fd3c669ce017d0e625306325/neutron/conf/policies/base.py#L49

** Affects: neutron
     Importance: Critical
     Assignee: Slawek Kaplonski (slaweq)
         Status: Confirmed


** Tags: api neutron-lib secure-rbac

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2015987

Title:
  neutron-lib's get_admin_context() function returns wrong context when
  new policies are used

Status in neutron:
  Confirmed

Bug description:
  In neutron.context module there are get_admin_context() and
  get_admin_context_without_session() helper functions [1]. Both are
  creating instance of Context class with is_admin=True but when new
  policies are used, admin context is when it has role "admin" in roles
  [1].

  This is causing issues in some cases as get_admin_context don't really
  returns something what new policies treats as admin context.

  [1] https://github.com/openstack/neutron-
  lib/blob/c5413d56b6db63a59280b528f66f1b343c684091/neutron_lib/context.py#L178

  [2]
  https://github.com/openstack/neutron/blob/fe9c321fd880c3a2fd3c669ce017d0e625306325/neutron/conf/policies/base.py#L49

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2015987/+subscriptions