use EXT_PARENT_RESOURCE_MAPPING from neutron-lib
The neutron.common.constants.EXT_PARENT_RESOURCE_MAPPING constant lives in neutron-lib. This patch consumes it by removing it from neutron and switching all uses over to libs constant. NeutronLibImpact Change-Id: Ib7ea6dea58bf211a2da2b103cb526233df04ba49
This commit is contained in:
parent
5d99d2a6c4
commit
97376032b4
|
@ -23,6 +23,7 @@ from neutron_lib.callbacks import registry
|
|||
from neutron_lib.db import api as db_api
|
||||
from neutron_lib import exceptions
|
||||
from neutron_lib import rpc as n_rpc
|
||||
from neutron_lib.services import constants as service_const
|
||||
from oslo_log import log as logging
|
||||
from oslo_policy import policy as oslo_policy
|
||||
from oslo_utils import excutils
|
||||
|
@ -784,7 +785,7 @@ class Controller(object):
|
|||
if not is_get and (request.context.is_admin or
|
||||
request.context.is_advsvc or
|
||||
self.parent['member_name'] not in
|
||||
n_const.EXT_PARENT_RESOURCE_MAPPING or
|
||||
service_const.EXT_PARENT_RESOURCE_MAPPING or
|
||||
resource_item.get(self._parent_id_name)):
|
||||
return
|
||||
|
||||
|
@ -795,7 +796,7 @@ class Controller(object):
|
|||
if (not request.context.is_admin or
|
||||
not request.context.is_advsvc and
|
||||
self.parent['member_name'] in
|
||||
n_const.EXT_PARENT_RESOURCE_MAPPING):
|
||||
service_const.EXT_PARENT_RESOURCE_MAPPING):
|
||||
resource_item.setdefault(
|
||||
"%s_%s" % (n_const.EXT_PARENT_PREFIX,
|
||||
self._parent_id_name),
|
||||
|
|
|
@ -13,9 +13,7 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from neutron_lib.api.definitions import l3
|
||||
from neutron_lib import constants as lib_constants
|
||||
from neutron_lib.plugins import constants as plugin_consts
|
||||
|
||||
ROUTER_PORT_OWNERS = lib_constants.ROUTER_INTERFACE_OWNERS_SNAT + \
|
||||
(lib_constants.DEVICE_OWNER_ROUTER_GW,)
|
||||
|
@ -260,17 +258,6 @@ IEC_BASE = 1024
|
|||
# Port bindings handling
|
||||
NO_ACTIVE_BINDING = 'no_active_binding'
|
||||
|
||||
# Registered extension parent resource check mapping
|
||||
# If we want to register some service plugin resources into policy and check
|
||||
# the owner when operating their subresources. We can write here to use
|
||||
# existing policy engine for parent resource owner check.
|
||||
# Each entry here should be PARENT_RESOURCE_NAME: SERVICE_PLUGIN_NAME,
|
||||
# PARENT_RESOURCE_NAME is usually from api definition.
|
||||
# SERVICE_PLUGIN_NAME is the service plugin which introduced the resource and
|
||||
# registered the service plugin name in neutron-lib.
|
||||
EXT_PARENT_RESOURCE_MAPPING = {
|
||||
l3.FLOATINGIP: plugin_consts.L3
|
||||
}
|
||||
EXT_PARENT_PREFIX = 'ext_parent'
|
||||
|
||||
RP_BANDWIDTHS = 'resource_provider_bandwidths'
|
||||
|
|
|
@ -24,6 +24,7 @@ from neutron_lib import constants
|
|||
from neutron_lib import context
|
||||
from neutron_lib import exceptions
|
||||
from neutron_lib.plugins import directory
|
||||
from neutron_lib.services import constants as service_const
|
||||
from oslo_config import cfg
|
||||
from oslo_db import exception as db_exc
|
||||
from oslo_log import log as logging
|
||||
|
@ -239,9 +240,9 @@ class OwnerCheck(policy.Check):
|
|||
# having a way to map resources to plugins so to make this
|
||||
# check more general
|
||||
plugin = directory.get_plugin()
|
||||
if resource_type in const.EXT_PARENT_RESOURCE_MAPPING:
|
||||
if resource_type in service_const.EXT_PARENT_RESOURCE_MAPPING:
|
||||
plugin = directory.get_plugin(
|
||||
const.EXT_PARENT_RESOURCE_MAPPING[resource_type])
|
||||
service_const.EXT_PARENT_RESOURCE_MAPPING[resource_type])
|
||||
f = getattr(plugin, 'get_%s' % resource_type)
|
||||
# f *must* exist, if not found it is better to let neutron
|
||||
# explode. Check will be performed with admin context
|
||||
|
@ -291,7 +292,7 @@ class OwnerCheck(policy.Check):
|
|||
parent_foreign_key = _RESOURCE_FOREIGN_KEYS.get(
|
||||
"%ss" % parent_res, None)
|
||||
if parent_res == const.EXT_PARENT_PREFIX:
|
||||
for resource in const.EXT_PARENT_RESOURCE_MAPPING:
|
||||
for resource in service_const.EXT_PARENT_RESOURCE_MAPPING:
|
||||
key = "%s_%s_id" % (const.EXT_PARENT_PREFIX, resource)
|
||||
if key in target:
|
||||
parent_foreign_key = key
|
||||
|
|
|
@ -600,7 +600,7 @@ class NeutronPolicyTestCase(base.BaseTestCase):
|
|||
attr, resource, target, action)
|
||||
self.assertFalse(result)
|
||||
|
||||
@mock.patch("neutron.common.constants.EXT_PARENT_RESOURCE_MAPPING",
|
||||
@mock.patch("neutron_lib.services.constants.EXT_PARENT_RESOURCE_MAPPING",
|
||||
{'parentresource': 'registered_plugin_name'})
|
||||
@mock.patch("neutron_lib.plugins.directory.get_plugin")
|
||||
def test_enforce_tenant_id_check_parent_resource_owner(
|
||||
|
|
Loading…
Reference in New Issue