<div dir="ltr">For admin, we must use admin token. In general, the token from API context is not of role admin.<div><br></div><div>I think the BP can help <a href="https://blueprints.launchpad.net/keystone/+spec/reuse-token">https://blueprints.launchpad.net/keystone/+spec/reuse-token</a></div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Aug 29, 2013 at 8:12 AM, Roman Verchikov <span dir="ltr"><<a href="mailto:rverchikov@mirantis.com" target="_blank">rverchikov@mirantis.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi stackers!<br>
<br>
Sorry for the stupid question, but why does nova.network.neutronv2.get_client() [1] drop auth_token for admin? Is it really necessary to make another check for username/password when trying to get a list of ports or floating IPs?..<br>
<br>
When keystone is configured with LDAP backed this leads to a bunch of LDAP requests which tend to be quite slow. Plus those LDAP requests could have been simply skipped when keystone is configured with token cache enabled.<br>
<br>
Thanks,<br>
Roman<br>
<br>
[1] <a href="https://github.com/openstack/nova/blob/master/nova/network/neutronv2/__init__.py#L68" target="_blank">https://github.com/openstack/nova/blob/master/nova/network/neutronv2/__init__.py#L68</a><br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</blockquote></div><br></div>