Merge "revert "Ensure that only cloud admins are neutron admins""

2019-09-19 06:11:19 +00:00 · 2019-09-19 06:11:19 +00:00 · 0ce27d3575
parent de05bd8b48 2ad425b1cd
commit 0ce27d3575
4 changed files with 8 additions and 10 deletions
--- a/hooks/neutron_api_hooks.py
+++ b/hooks/neutron_api_hooks.py
@ -14,6 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+import os
 import sys
 import uuid
 from subprocess import (
@ -65,6 +66,7 @@ from charmhelpers.contrib.openstack.utils import (

 from neutron_api_utils import (
    additional_install_locations,
+    ADMIN_POLICY,
    API_PASTE_INI,
    api_port,
    assess_status,
@ -298,6 +300,11 @@ def config_changed():
    configure_https()
    update_nrpe_config()
    infoblox_changed()
+    # This part can be removed for U.
+    if os.path.exists(ADMIN_POLICY):
+        # Clean 00-admin.json added for bug/1830536. At has been
+        # noticed that it creates regression.
+        os.remove(ADMIN_POLICY)
    CONFIGS.write_all()
    if packages_removed and not is_unit_paused_set():
        log("Package purge detected, restarting services", "INFO")
--- a/hooks/neutron_api_utils.py
+++ b/hooks/neutron_api_utils.py
@ -462,13 +462,6 @@ def resource_map(release=None):
    release = release or os_release('neutron-common')

    resource_map = deepcopy(BASE_RESOURCE_MAP)
-    if CompareOpenStackReleases(release) >= 'queens':
-        resource_map[ADMIN_POLICY] = {
-            'contexts': [
-                neutron_api_context.IdentityServiceContext(
-                    service='neutron',
-                    service_user='neutron')],
-            'services': ['neutron-server']}
    if CompareOpenStackReleases(release) >= 'liberty':
        resource_map.update(LIBERTY_RESOURCE_MAP)

--- a/templates/queens/00-admin.json
+++ b/templates/queens/00-admin.json
@ -1,2 +0,0 @@
-"is_service_project": "project_id:{{ service_project_id }} or domain_id:{{ service_domain_id }}"
-"context_is_admin": "role:admin and (is_admin_project:True or rule:is_service_project)"
--- a/unit_tests/test_neutron_api_utils.py
+++ b/unit_tests/test_neutron_api_utils.py
@ -187,7 +187,7 @@ class TestNeutronAPIUtils(CharmTestCase):
        _map = nutils.resource_map()
        confs = [nutils.NEUTRON_CONF, nutils.NEUTRON_DEFAULT,
                 nutils.APACHE_CONF, nutils.NEUTRON_LBAAS_CONF,
-                 nutils.NEUTRON_VPNAAS_CONF, nutils.ADMIN_POLICY]
+                 nutils.NEUTRON_VPNAAS_CONF]
        [self.assertIn(q_conf, _map.keys()) for q_conf in confs]
        self.assertTrue(nutils.APACHE_24_CONF not in _map.keys())