diff --git a/neutron/context.py b/neutron/context.py index 9a7bf777ab..f550220792 100644 --- a/neutron/context.py +++ b/neutron/context.py @@ -38,7 +38,7 @@ class ContextBase(common_context.RequestContext): """ def __init__(self, user_id, tenant_id, is_admin=None, read_deleted="no", - roles=None, timestamp=None, **kwargs): + roles=None, timestamp=None, load_admin_roles=True, **kwargs): """Object initialization. :param read_deleted: 'no' indicates deleted records are hidden, 'yes' @@ -58,11 +58,8 @@ class ContextBase(common_context.RequestContext): self.roles = roles or [] if self.is_admin is None: self.is_admin = policy.check_is_admin(self) - elif self.is_admin: + elif self.is_admin and load_admin_roles: # Ensure context is populated with admin roles - # TODO(salvatore-orlando): It should not be necessary - # to populate roles in artificially-generated contexts - # address in bp/make-authz-orthogonal admin_roles = policy.get_admin_roles() if admin_roles: self.roles = list(set(self.roles) | set(admin_roles)) @@ -137,11 +134,12 @@ class Context(ContextBase): return self._session -def get_admin_context(read_deleted="no"): +def get_admin_context(read_deleted="no", load_admin_roles=True): return Context(user_id=None, tenant_id=None, is_admin=True, - read_deleted=read_deleted) + read_deleted=read_deleted, + load_admin_roles=load_admin_roles) def get_admin_context_without_session(read_deleted="no"): diff --git a/neutron/tests/unit/test_neutron_context.py b/neutron/tests/unit/test_neutron_context.py index f68d4c9797..74c656f3fe 100644 --- a/neutron/tests/unit/test_neutron_context.py +++ b/neutron/tests/unit/test_neutron_context.py @@ -30,6 +30,8 @@ class TestNeutronContext(base.BaseTestCase): self.db_api_session = self._db_api_session_patcher.start() self.addCleanup(self._db_api_session_patcher.stop) + # TODO(salv-orlando): Remove camelcase for test names in this module + def testNeutronContextCreate(self): cxt = context.Context('user_id', 'tenant_id') self.assertEqual('user_id', cxt.user_id) @@ -62,3 +64,11 @@ class TestNeutronContext(base.BaseTestCase): else: self.assertFalse(True, 'without_session admin context' 'should has no session property!') + + def test_neutron_context_with_load_roles_true(self): + ctx = context.get_admin_context() + self.assertIn('admin', ctx.roles) + + def test_neutron_context_with_load_roles_false(self): + ctx = context.get_admin_context(load_admin_roles=False) + self.assertFalse(ctx.roles)