[openstack-dev] [neutron] Why does nova.network.neutronv2.get_client(context, admin=True) drop auth_token?
Morgan Fainberg
m at metacloud.com
Thu Aug 29 02:33:36 UTC 2013
On Wed, Aug 28, 2013 at 5:22 PM, Yongsheng Gong <gongysh at unitedstack.com>wrote:
> For admin, we must use admin token. In general, the token from API
> context is not of role admin.
>
>
If this functionality is supposed to be allowed to non-admin users,
wouldn't it be easier to provide access to it to non-admin users, instead
of escalating permissions (maybe RBAC)? I'll admit not knowing why this
needs escalation, but it stands out as an odd approach in my mind.
> I think the BP can help
> https://blueprints.launchpad.net/keystone/+spec/reuse-token
>
This isn't likely what you are looking for. It would still require lookups
to the backend for a number of reasons (not listed, as I don't think it is
relevant for this conversation).
--
Morgan Fainberg
IRC: morganfainberg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130828/b7d739f4/attachment.html>
More information about the OpenStack-dev
mailing list