Return properly elevated context by get_admin_context() helper
In neutron_lib.context module there are two simple helper functions: get_admin_context and get_admin_context_without_session. Both returned Context object with is_admin=True but without admin role set and due to that it wasn't proper admin context when new secure RBAC policies are used. With this patch both those helper functions returns properly elevated Context object with admin role set. Closes-Bug: #2015987 Change-Id: Ibde6acdb99555a6e43ca253523df7cbe4d150787
This commit is contained in:
parent
c5413d56b6
commit
09af59caa9
|
@ -176,13 +176,17 @@ class Context(ContextBaseWithSession):
|
|||
|
||||
|
||||
def get_admin_context():
|
||||
# NOTE(slaweq): elevated() method will set is_admin=True but setting it
|
||||
# explicity here will avoid checking in policy rules if is_admin should be
|
||||
# set to True or not
|
||||
return Context(user_id=None,
|
||||
tenant_id=None,
|
||||
is_admin=True,
|
||||
overwrite=False)
|
||||
overwrite=False).elevated()
|
||||
|
||||
|
||||
def get_admin_context_without_session():
|
||||
return ContextBase(user_id=None,
|
||||
tenant_id=None,
|
||||
is_admin=True)
|
||||
# NOTE(slaweq): elevated() method will set is_admin=True but setting it
|
||||
# explicity here will avoid checking in policy rules if is_admin should be
|
||||
# set to True or not
|
||||
return ContextBase(user_id=None, tenant_id=None, is_admin=True).elevated()
|
||||
|
|
|
@ -143,6 +143,7 @@ class TestNeutronContext(_base.BaseTestCase):
|
|||
self.assertIsNone(ctx_dict['tenant_id'])
|
||||
self.assertIsNone(ctx_dict['auth_token'])
|
||||
self.assertTrue(ctx_dict['is_admin'])
|
||||
self.assertIn('admin', ctx_dict['roles'])
|
||||
self.assertIsNotNone(ctx.session)
|
||||
self.assertNotIn('session', ctx_dict)
|
||||
|
||||
|
@ -152,6 +153,7 @@ class TestNeutronContext(_base.BaseTestCase):
|
|||
self.assertIsNone(ctx_dict['user_id'])
|
||||
self.assertIsNone(ctx_dict['tenant_id'])
|
||||
self.assertIsNone(ctx_dict['auth_token'])
|
||||
self.assertIn('admin', ctx_dict['roles'])
|
||||
self.assertFalse(hasattr(ctx, 'session'))
|
||||
|
||||
def test_neutron_context_elevated_retains_request_id(self):
|
||||
|
|
Loading…
Reference in New Issue