[openstack-dev] [neutron] Why does nova.network.neutronv2.get_client(context, admin=True) drop auth_token?

Morgan Fainberg m at metacloud.com
Thu Aug 29 02:33:36 UTC 2013


On Wed, Aug 28, 2013 at 5:22 PM, Yongsheng Gong <gongysh at unitedstack.com>wrote:

> For admin, we must use admin token.  In general, the token from API
> context is not of role admin.
>
>
If this functionality is supposed to be allowed to non-admin users,
wouldn't it be easier to provide access to it to non-admin users, instead
of escalating permissions (maybe RBAC)?  I'll admit not knowing why this
needs escalation, but it stands out as an odd approach in my mind.


> I think the BP can help
> https://blueprints.launchpad.net/keystone/+spec/reuse-token
>

This isn't likely what you are looking for.  It would still require lookups
to the backend for a number of reasons (not listed, as I don't think it is
relevant for this conversation).
--
Morgan Fainberg

IRC: morganfainberg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130828/b7d739f4/attachment.html>


More information about the OpenStack-dev mailing list