Public bug reported: In neutron.context module there are get_admin_context() and get_admin_context_without_session() helper functions [1]. Both are creating instance of Context class with is_admin=True but when new policies are used, admin context is when it has role "admin" in roles [1].
This is causing issues in some cases as get_admin_context don't really returns something what new policies treats as admin context. [1] https://github.com/openstack/neutron- lib/blob/c5413d56b6db63a59280b528f66f1b343c684091/neutron_lib/context.py#L178 [2] https://github.com/openstack/neutron/blob/fe9c321fd880c3a2fd3c669ce017d0e625306325/neutron/conf/policies/base.py#L49 ** Affects: neutron Importance: Critical Assignee: Slawek Kaplonski (slaweq) Status: Confirmed ** Tags: api neutron-lib secure-rbac -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2015987 Title: neutron-lib's get_admin_context() function returns wrong context when new policies are used Status in neutron: Confirmed Bug description: In neutron.context module there are get_admin_context() and get_admin_context_without_session() helper functions [1]. Both are creating instance of Context class with is_admin=True but when new policies are used, admin context is when it has role "admin" in roles [1]. This is causing issues in some cases as get_admin_context don't really returns something what new policies treats as admin context. [1] https://github.com/openstack/neutron- lib/blob/c5413d56b6db63a59280b528f66f1b343c684091/neutron_lib/context.py#L178 [2] https://github.com/openstack/neutron/blob/fe9c321fd880c3a2fd3c669ce017d0e625306325/neutron/conf/policies/base.py#L49 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2015987/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
