"""
def __init__(self, user_id, tenant_id, is_admin=None, read_deleted="no",
- roles=None, timestamp=None, **kwargs):
+ roles=None, timestamp=None, load_admin_roles=True, **kwargs):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
self.roles = roles or []
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
- elif self.is_admin:
+ elif self.is_admin and load_admin_roles:
# Ensure context is populated with admin roles
- # TODO(salvatore-orlando): It should not be necessary
- # to populate roles in artificially-generated contexts
- # address in bp/make-authz-orthogonal
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
return self._session
-def get_admin_context(read_deleted="no"):
+def get_admin_context(read_deleted="no", load_admin_roles=True):
return Context(user_id=None,
tenant_id=None,
is_admin=True,
- read_deleted=read_deleted)
+ read_deleted=read_deleted,
+ load_admin_roles=load_admin_roles)
def get_admin_context_without_session(read_deleted="no"):
self.db_api_session = self._db_api_session_patcher.start()
self.addCleanup(self._db_api_session_patcher.stop)
+ # TODO(salv-orlando): Remove camelcase for test names in this module
+
def testNeutronContextCreate(self):
cxt = context.Context('user_id', 'tenant_id')
self.assertEqual('user_id', cxt.user_id)
else:
self.assertFalse(True, 'without_session admin context'
'should has no session property!')
+
+ def test_neutron_context_with_load_roles_true(self):
+ ctx = context.get_admin_context()
+ self.assertIn('admin', ctx.roles)
+
+ def test_neutron_context_with_load_roles_false(self):
+ ctx = context.get_admin_context(load_admin_roles=False)
+ self.assertFalse(ctx.roles)