Initialize the policy enforcer for the "tagging" service plugin

The "tagging" service plugin API extension does use the policy enforcer
since [1]. If a tag API call is done just after the Neutron server has
been initialized and the policy enforcer, that is a global variable per
API worker, has not been initialized, the API call will fail.

This patch initializes the policy enforcer as is done in the
``PolicyHook``, that is called by many other API resources that inherit
from the ``APIExtensionDescriptor`` class.

[1]https://review.opendev.org/q/I9f3e032739824f268db74c5a1b4f04d353742dbd

Closes-Bug: #2073782
Change-Id: Ia35c51fb81cfc0a55c5a2436fc5c55f2b4c9bd01
(cherry picked from commit 776178e90763d004ccb595b131cdd4dd617cd34f)
This commit is contained in:
Rodolfo Alonso Hernandez 2024-07-20 00:46:04 +00:00 committed by Rodolfo Alonso
parent 28466f849c
commit 2526d0fdc7

@ -13,6 +13,7 @@
import abc
import copy
import functools
from neutron_lib.api.definitions import port
from neutron_lib.api import extensions as api_extensions
@ -60,6 +61,14 @@ TAG_ATTRIBUTE_MAP_PORTS[TAGS] = {
RESOURCES_AND_PARENTS = {'subnets': ('network', subnet.Subnet.get_network_id)}
def _policy_init(f):
@functools.wraps(f)
def func(self, *args, **kwargs):
policy.init()
return f(self, *args, **kwargs)
return func
class TagResourceNotFound(exceptions.NotFound):
message = _("Resource %(resource)s %(resource_id)s could not be found.")
@ -127,6 +136,7 @@ class TaggingController(object):
return resource, kwargs[key], parent, parent_id
return None, None, None, None
@_policy_init
def index(self, request, **kwargs):
# GET /v2.0/{parent_resource}/{parent_resource_id}/tags
ctx = request.context
@ -136,6 +146,7 @@ class TaggingController(object):
policy.enforce(ctx, 'get_%s_%s' % (res, TAGS), target)
return self.plugin.get_tags(ctx, res, res_id)
@_policy_init
def show(self, request, id, **kwargs):
# GET /v2.0/{parent_resource}/{parent_resource_id}/tags/{tag}
# id == tag
@ -152,6 +163,7 @@ class TaggingController(object):
# POST /v2.0/{parent_resource}/{parent_resource_id}/tags
raise webob.exc.HTTPNotFound("not supported")
@_policy_init
def update(self, request, id, **kwargs):
# PUT /v2.0/{parent_resource}/{parent_resource_id}/tags/{tag}
# id == tag
@ -166,6 +178,7 @@ class TaggingController(object):
notify_tag_action(ctx, 'create.end', res, res_id, [id])
return result
@_policy_init
def update_all(self, request, body, **kwargs):
# PUT /v2.0/{parent_resource}/{parent_resource_id}/tags
# body: {"tags": ["aaa", "bbb"]}
@ -181,6 +194,7 @@ class TaggingController(object):
body['tags'])
return result
@_policy_init
def delete(self, request, id, **kwargs):
# DELETE /v2.0/{parent_resource}/{parent_resource_id}/tags/{tag}
# id == tag
@ -195,6 +209,7 @@ class TaggingController(object):
notify_tag_action(ctx, 'delete.end', res, res_id, [id])
return result
@_policy_init
def delete_all(self, request, **kwargs):
# DELETE /v2.0/{parent_resource}/{parent_resource_id}/tags
ctx = request.context