review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

author	Salvatore Orlando <salv.orlando@gmail.com>
	Mon, 22 Apr 2013 07:44:14 +0000 (09:44 +0200)
committer	Salvatore Orlando <salv.orlando@gmail.com>
	Mon, 22 Apr 2013 18:42:02 +0000 (20:42 +0200)
commit	35988f13931115658cf20d323da2f549073bcd52
tree	184f00742377c1c77c5ec19afd6abf86e95aa552	tree \| snapshot
parent	765baf8532473473ce6a022ca2d1120a60e44fe4	commit \| diff

Make the 'admin' role configurable

Bug 1158434

This patch adds a new policy named 'context_is_admin' which defines
an admin user as a collection of roles or else. The quantum context
has been updated to check for this policy when setting the is_admin
flag.
This patch also adds a method for gathering 'admin' roles from policy
rules as current logic requires the context to be always populate with
the correct roles for admin rules, even when the context is implicitly
generated with get_admin_context or context.elevated.
Backward compatibility is ensuring by preserving the old behavior if
the 'context_is_admin' policy is not found in policy.json

Change-Id: I9acea75cca0c47e083a9149e358328ea3ca12d68

etc/policy.json		diff \| blob \| history
quantum/context.py		diff \| blob \| history
quantum/policy.py		diff \| blob \| history
quantum/tests/unit/test_policy.py		diff \| blob \| history