[openstack-dev] [neutron] Why does nova.network.neutronv2.get_client(context, admin=True) drop auth_token?
dolph.mathews at gmail.com
Thu Aug 29 01:42:36 UTC 2013
On Wed, Aug 28, 2013 at 7:22 PM, Yongsheng Gong <gongysh at unitedstack.com>wrote:
> For admin, we must use admin token. In general, the token from API
> context is not of role admin.
So... because the authenticated user making the API request *may not* have
"admin" access, you're dropping that authorization in favor of using
CONF.neutron_admin_username, etc, to escalate the available privileges?
> I think the BP can help
I don't see how?
> On Thu, Aug 29, 2013 at 8:12 AM, Roman Verchikov <rverchikov at mirantis.com>wrote:
>> Hi stackers!
>> Sorry for the stupid question, but why does
>> nova.network.neutronv2.get_client()  drop auth_token for admin? Is it
>> really necessary to make another check for username/password when trying to
>> get a list of ports or floating IPs?..
>> When keystone is configured with LDAP backed this leads to a bunch of
>> LDAP requests which tend to be quite slow. Plus those LDAP requests could
>> have been simply skipped when keystone is configured with token cache
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev