f91915d4cd
The original model used was to assert is_admin on the object context which was actually used in only one place in ironic's code. Redudnantly of course. This is an excess call of is_admin on all API invocations, and is simply not necessary as individual calls have API policy checking and is_admin was only being consulted in the glance service utils... However, the glance service utils also confirmed it should be able to access glance if there was an auth_token present on the request which should also always be the case. This was somewhat identified as redundant/possible bug during the Wallaby cycle and appears to be fine to remove This does *not* remove the deprecated rule. At present, it appears that rule may not be removed until after Xena. Change-Id: I5a176f51db93d2a2238496f6955c1c7d9a79c548
1.9 KiB
1.9 KiB