yahoo-eng-team team mailing list archive

[Slawek Kaplonski <2019946@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Currently context.elevated() method just ensures that "admin" role is set in context.roles. But e.g. in case when noauth method pipeline is used in Neutron, context from environ will not have any role set and it may fail if e.g. some API policy is allowed for "role:reader" (see qos get_rule_types API policy).
We should make sure in the context.elevated() method that all roles which "admin" role implies are there.

** Affects: neutron
     Importance: High
     Assignee: Slawek Kaplonski (slaweq)
         Status: Confirmed


** Tags: api

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2019946

Title:
  [S-RBAC] context.elevated() method from neutron-lib should ensure all
  required roles are set in context object

Status in neutron:
  Confirmed

Bug description:
  Currently context.elevated() method just ensures that "admin" role is set in context.roles. But e.g. in case when noauth method pipeline is used in Neutron, context from environ will not have any role set and it may fail if e.g. some API policy is allowed for "role:reader" (see qos get_rule_types API policy).
  We should make sure in the context.elevated() method that all roles which "admin" role implies are there.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2019946/+subscriptions