yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #92360
[Bug 2019946] Re: [S-RBAC] context.elevated() method from neutron-lib should ensure all required roles are set in context object
** Also affects: nova
Importance: Undecided
Status: New
** No longer affects: nova
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2019946
Title:
[S-RBAC] context.elevated() method from neutron-lib should ensure all
required roles are set in context object
Status in neutron:
In Progress
Bug description:
Currently context.elevated() method just ensures that "admin" role is set in context.roles. But e.g. in case when noauth method pipeline is used in Neutron, context from environ will not have any role set and it may fail if e.g. some API policy is allowed for "role:reader" (see qos get_rule_types API policy).
We should make sure in the context.elevated() method that all roles which "admin" role implies are there.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2019946/+subscriptions
References