From 0f8f73caf6a64932ac05ce433760aa1d77b1073c Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 6 Oct 2024 01:30:00 +0900 Subject: [PATCH] Replace deprecated is_advsvc This context property was deprecated in neutron-lib 3.8.0[1], in favor of the new is_service_role property. Also remove the redundant is_advsvc argument to build Context instances, and doc references to the removed interface of neutron.policy. [1] 8ccdecc7d1599119e3f020051449b547db89ee3e Change-Id: I7d1d435736dfeec2564c99899647a54a51cd9fc6 --- doc/source/contributor/internals/policy.rst | 6 ------ neutron/api/v2/base.py | 6 +++--- neutron/pecan_wsgi/hooks/ownership_validation.py | 2 +- neutron/tests/unit/db/quota/test_api.py | 4 ++-- neutron/tests/unit/quota/test_resource_registry.py | 6 +++--- 5 files changed, 9 insertions(+), 15 deletions(-) diff --git a/doc/source/contributor/internals/policy.rst b/doc/source/contributor/internals/policy.rst index dd969adc4f7..07a7c0c4632 100644 --- a/doc/source/contributor/internals/policy.rst +++ b/doc/source/contributor/internals/policy.rst @@ -159,12 +159,6 @@ The neutron.policy API exposes the following routines: * ``enforce`` Operates like the check routine but raises if the check in oslo_policy fails. -* ``check_is_admin`` - Enforce the predefined context_is_admin rule; used to determine the is_admin - property for a neutron context. -* ``check_is_advsvc`` - Enforce the predefined context_is_advsvc rule; used to determine the - is_advsvc property for a neutron context. Neutron specific policy rules ----------------------------- diff --git a/neutron/api/v2/base.py b/neutron/api/v2/base.py index 0660b177147..1684c02cdc9 100644 --- a/neutron/api/v2/base.py +++ b/neutron/api/v2/base.py @@ -784,7 +784,7 @@ class Controller(object): def _validate_network_tenant_ownership(self, request, resource_item): # TODO(salvatore-orlando): consider whether this check can be folded # in the policy engine - if (request.context.is_admin or request.context.is_advsvc or + if (request.context.is_admin or request.context.is_service_role or self._resource not in ('port', 'subnet')): return network = self._plugin.get_network( @@ -809,7 +809,7 @@ class Controller(object): # This will pass most create/update/delete cases if not is_get and (request.context.is_admin or - request.context.is_advsvc or + request.context.is_service_role or self.parent['member_name'] not in service_const.EXT_PARENT_RESOURCE_MAPPING or resource_item.get(self._parent_id_name)): @@ -820,7 +820,7 @@ class Controller(object): # _parent_id_name. We need to re-add the ex_parent prefix to policy. if is_get: if (not request.context.is_admin or - not request.context.is_advsvc and + not request.context.is_service_role and self.parent['member_name'] in service_const.EXT_PARENT_RESOURCE_MAPPING): resource_item.setdefault( diff --git a/neutron/pecan_wsgi/hooks/ownership_validation.py b/neutron/pecan_wsgi/hooks/ownership_validation.py index 4294d007d18..45e93d6354f 100644 --- a/neutron/pecan_wsgi/hooks/ownership_validation.py +++ b/neutron/pecan_wsgi/hooks/ownership_validation.py @@ -35,7 +35,7 @@ class OwnershipValidationHook(hooks.PecanHook): # in the policy engine neutron_context = state.request.context.get('neutron_context') resource = state.request.context.get('resource') - if (neutron_context.is_admin or neutron_context.is_advsvc or + if (neutron_context.is_admin or neutron_context.is_service_role or resource not in ('port', 'subnet')): return plugin = directory.get_plugin() diff --git a/neutron/tests/unit/db/quota/test_api.py b/neutron/tests/unit/db/quota/test_api.py index f0989814154..0e32776dda0 100644 --- a/neutron/tests/unit/db/quota/test_api.py +++ b/neutron/tests/unit/db/quota/test_api.py @@ -34,7 +34,7 @@ class TestQuotaDbApi(testlib_api.SqlTestCaseLight): def _set_context(self): self.project_id = 'Higuain' self.context = context.Context('Gonzalo', self.project_id, - is_admin=False, is_advsvc=False) + is_admin=False) def _create_reservation(self, resource_deltas, project_id=None, expiration=None): @@ -319,7 +319,7 @@ class TestQuotaDbApiAdminContext(TestQuotaDbApi): def _set_context(self): self.project_id = 'Higuain' self.context = context.Context('Gonzalo', self.project_id, - is_admin=True, is_advsvc=True) + is_admin=True) def test_get_quota_usage_by_resource(self): self._create_quota_usage('goals', 26) diff --git a/neutron/tests/unit/quota/test_resource_registry.py b/neutron/tests/unit/quota/test_resource_registry.py index d9e95b0d713..9a0c54ff2c5 100644 --- a/neutron/tests/unit/quota/test_resource_registry.py +++ b/neutron/tests/unit/quota/test_resource_registry.py @@ -127,7 +127,7 @@ class TestAuxiliaryFunctions(base.DietTestCase): def test_set_resources_dirty_no_dirty_resource(self): ctx = context.Context('user_id', 'project_id', - is_admin=False, is_advsvc=False) + is_admin=False) with mock.patch('neutron.quota.resource.' 'TrackedResource.mark_dirty') as mock_mark_dirty: self.registry.set_tracked_resource('meh', test_quota.MehModel) @@ -140,7 +140,7 @@ class TestAuxiliaryFunctions(base.DietTestCase): def test_set_resources_dirty_no_tracked_resource(self): ctx = context.Context('user_id', 'project_id', - is_admin=False, is_advsvc=False) + is_admin=False) with mock.patch('neutron.quota.resource.' 'TrackedResource.mark_dirty') as mock_mark_dirty: self.registry.register_resource_by_name('meh') @@ -149,7 +149,7 @@ class TestAuxiliaryFunctions(base.DietTestCase): def test_set_resources_dirty(self): ctx = context.Context('user_id', 'project_id', - is_admin=False, is_advsvc=False) + is_admin=False) with mock.patch('neutron.quota.resource.' 'TrackedResource.mark_dirty') as mock_mark_dirty: self.registry.set_tracked_resource('meh', test_quota.MehModel)