openstack
/
neutron
Code Issues Proposed changes
neutron/neutron
History
Rodolfo Alonso Hernandez 093b861bb4 Filter by owner SGs when retrieving the SG rules 
Retrieving the SG rules now is used the admin context. This allows to
get all possible rules, independently of the user calling. The filters
passed and the RBAC policies filter those results, returning only:
- The SG rules belonging to the user.
- The SG rules belonging to a SG owned by the user.

However, if the SG list is too long, the query can take a lot of time.
Instead of this, the filtering is done in the DB query. If no filters
are passed to "get_security_group_rules" and the context is not the
admin context, only the rules specified in the first paragraph will
be retrieved.

Because overwriting the method "get_objects" is too complex, an
intermediate query is done to retrieve the SG rule IDs. Those IDs
will be used as a filter in the "get_objects" call.

Conflicts:
      neutron/objects/securitygroup.py
      neutron/tests/unit/db/test_securitygroups_db.py
      neutron/tests/unit/objects/test_securitygroup.py

Closes-Bug: #1863201

Change-Id: I25d3da929f8d0b6ee15d7b90ec59b9d58a4ae6a5
(cherry picked from commit d874c46bff)
(cherry picked from commit d3905264b7)
(cherry picked from commit 61dc621c1b)
 		2020-04-17 11:05:53 +00:00
..
agent Merge "Check dnsmasq process is active when spawned" into stable/queens 2020-04-17 03:11:59 +00:00
api Optimize DVR related port DB query 2020-03-31 14:14:48 +00:00
cmd Secure dnsmasq process against external abuse 2019-01-25 13:58:19 +00:00
common Add trunk subports to be one of dvr serviced device owners 2020-04-06 11:38:08 +00:00
conf Add accepted egress direct flow 2020-02-25 07:32:29 +08:00
core_extensions use qos constants from neutron-lib 2017-10-26 19:57:19 +00:00
db Filter by owner SGs when retrieving the SG rules 2020-04-17 11:05:53 +00:00
debug Change ip_lib network namespace code to use pyroute2 2017-10-04 21:09:28 +00:00
extensions Improve invalid port ranges error message 2019-03-21 10:18:01 -04:00
hacking hacking: Remove dead code 2017-07-19 13:43:44 +02:00
ipam Add bulk IP address assignment to ipam driver 2020-03-26 12:31:05 +00:00
locale Imported Translations from Zanata 2018-03-14 06:20:49 +00:00
notifiers use callback payloads for REQUEST/RESPONSE events 2017-12-24 07:27:11 +00:00
objects Filter by owner SGs when retrieving the SG rules 2020-04-17 11:05:53 +00:00
pecan_wsgi Set DB retry for quota_enforcement pecan_wsgi hook 2019-12-16 11:16:23 +00:00
plugins Add accepted egress direct flow 2020-02-25 07:32:29 +08:00
privileged Check the namespace is ready in test_mtu_update tests 2019-09-16 09:31:34 +00:00
quota Set DB retry for quota_enforcement pecan_wsgi hook 2019-12-16 11:16:23 +00:00
scheduler Fetch specific columns rather than full ORM entities 2018-09-27 19:12:37 +02:00
server Re-use existing ProcessLauncher from wsgi in RPC workers 2020-02-20 09:39:20 +00:00
services Wait before deleting trunk bridges for DPDK vhu 2020-04-03 21:12:10 +00:00
tests Filter by owner SGs when retrieving the SG rules 2020-04-17 11:05:53 +00:00
__init__.py
_i18n.py Make code follow log translation guideline 2017-08-14 02:01:48 +00:00
auth.py Use oslo.context class method to construct context object 2017-03-23 09:02:46 +00:00
manager.py Do not load default service plugins if core plugin is not DB based 2017-11-09 20:34:52 +00:00
neutron_plugin_base_v2.py Do not load default service plugins if core plugin is not DB based 2017-11-09 20:34:52 +00:00
opts.py Merge "Remove deprecated cache_url" 2018-01-03 06:35:59 +00:00
policy.py Treat networks shared by RBAC in same way as shared with all tenants 2019-06-28 06:05:44 +00:00
service.py Re-use existing ProcessLauncher from wsgi in RPC workers 2020-02-20 09:39:20 +00:00
version.py
worker.py replace WorkerSupportServiceMixin with neutron-lib's WorkerBase 2017-06-14 06:56:48 -06:00
wsgi.py Re-use existing ProcessLauncher from wsgi in RPC workers 2020-02-20 09:39:20 +00:00