openstack
/
neutron
Code Issues Proposed changes
neutron/neutron
History
Slawek Kaplonski 062336e59b Set system_scope='all' in elevated context 
In case when enforce_new_defaults is set to True and new policy rules
are used, context.is_admin flag isn't really working as it was with old
rules.
But in case when elevated context is needed, it means that we need
context which has full rights to the system. So we should also set
"system_scope" parameter to "all" to be sure that system scope queries
can be done with such elevated context always.

It is needed e.g. when elevated context is used to get some data from
db. In such case we need to have db query which will not be scoped to
the single project_id and with new defaults to achieve that system_scope
has to be set to "all".

Proper fix for that should be done in neutron-lib and it is proposed
in [1] already but as we are have frozen neutron-lib version for
stable/wallaby already this patch for neutron is temporary fix for that
issue.
We can revert that patch as soon as we will be in Xena development cycle
and [1] will be merged and released.

[1] https://review.opendev.org/c/openstack/neutron-lib/+/781625

Related-Bug: #1920001
Change-Id: I0068c1de09f5c6fae5bb5cd0d6f26f451e701939
 		2021-03-19 12:05:56 +01:00
..
agent Replace "ip route" command in "dvr_local_router" 2021-03-15 16:05:28 +00:00
api Set system_scope='all' in elevated context 2021-03-19 12:05:56 +01:00
cmd [SR-IOV] Do not fail if ip-link vf "min_tx_rate" is not supported 2021-03-11 09:46:03 +00:00
common Set system_scope='all' in elevated context 2021-03-19 12:05:56 +01:00
conf Merge "Implement secure RBAC for the l3 conntrack helper API" 2021-03-13 22:53:03 +00:00
core_extensions Set system_scope='all' in elevated context 2021-03-19 12:05:56 +01:00
db Set system_scope='all' in elevated context 2021-03-19 12:05:56 +01:00
debug Remove rootwrap execution (2) 2021-02-06 16:23:03 +00:00
extensions Config option to disable the DHCP functions 2021-03-05 14:35:29 +08:00
hacking Remove "six" library 2020-07-28 16:55:52 +00:00
ipam Allow to manually define the gateway IP when using subnet pools 2021-02-27 10:06:35 +00:00
locale Imported Translations from Zanata 2020-10-11 07:22:44 +00:00
notifiers [OVS] Fix live-migration connection disruption 2021-01-13 11:13:41 +00:00
objects Set system_scope='all' in elevated context 2021-03-19 12:05:56 +01:00
pecan_wsgi Log exception generated in Controller.prepare_request_body 2020-08-18 16:18:34 -03:00
plugins Set system_scope='all' in elevated context 2021-03-19 12:05:56 +01:00
privileged Replace "ip route" command in "dvr_local_router" 2021-03-15 16:05:28 +00:00
profiling Remove "six" library 2020-07-28 16:55:52 +00:00
quota Remove "six" library 2020-07-28 16:55:52 +00:00
scheduler Set system_scope='all' in elevated context 2021-03-19 12:05:56 +01:00
server Re-use existing ProcessLauncher from wsgi in RPC workers 2020-02-07 14:51:06 +01:00
services Set system_scope='all' in elevated context 2021-03-19 12:05:56 +01:00
tests Set system_scope='all' in elevated context 2021-03-19 12:05:56 +01:00
__init__.py Remove usage of six.PY2 2020-05-22 12:59:01 -04:00
_i18n.py
auth.py
manager.py Remove usage of six.add_metaclass 2020-05-21 14:41:18 -04:00
neutron_plugin_base_v2.py Remove usage of six.add_metaclass 2020-05-21 14:41:18 -04:00
opts.py Ensure XenAPI options are loaded 2021-01-03 20:53:01 +09:00
policy.py Pass context objects directly to policy enforcement 2021-03-10 21:06:47 +00:00
service.py Re-use existing ProcessLauncher from wsgi in RPC workers 2020-02-07 14:51:06 +01:00
version.py
worker.py Change process name of neutron-server to match worker role 2019-03-01 14:18:09 -05:00
wsgi.py neutron-server api worker process should be named to their role 2021-01-11 08:28:32 +08:00