093b861bb4
Retrieving the SG rules now is used the admin context. This allows to get all possible rules, independently of the user calling. The filters passed and the RBAC policies filter those results, returning only: - The SG rules belonging to the user. - The SG rules belonging to a SG owned by the user. However, if the SG list is too long, the query can take a lot of time. Instead of this, the filtering is done in the DB query. If no filters are passed to "get_security_group_rules" and the context is not the admin context, only the rules specified in the first paragraph will be retrieved. Because overwriting the method "get_objects" is too complex, an intermediate query is done to retrieve the SG rule IDs. Those IDs will be used as a filter in the "get_objects" call. Conflicts: neutron/objects/securitygroup.py neutron/tests/unit/db/test_securitygroups_db.py neutron/tests/unit/objects/test_securitygroup.py Closes-Bug: #1863201 Change-Id: I25d3da929f8d0b6ee15d7b90ec59b9d58a4ae6a5 (cherry picked from commit |
||
---|---|---|
.. | ||
db | ||
extensions | ||
logapi | ||
plugins | ||
port | ||
qos | ||
README.rst | ||
__init__.py | ||
address_scope.py | ||
agent.py | ||
auto_allocate.py | ||
base.py | ||
common_types.py | ||
flavor.py | ||
floatingip.py | ||
ipam.py | ||
l3_hamode.py | ||
l3agent.py | ||
metering.py | ||
network.py | ||
ports.py | ||
provisioning_blocks.py | ||
quota.py | ||
rbac_db.py | ||
router.py | ||
securitygroup.py | ||
servicetype.py | ||
stdattrs.py | ||
subnet.py | ||
subnetpool.py | ||
tag.py | ||
trunk.py | ||
utils.py |
README.rst
Neutron Objects
Directory
This directory is designed to contain all modules which have objects definitions shipped with core Neutron. The files and directories located inside of this directory should follow the guidelines below.
Structure
The Neutron objects tree should have the following structure:
- The expected directory structure is flat, except for the ML2 plugins. All ML2 plugin objects should fall under the plugins subdirectory (i.e. plugins/ml2/gre_allocation).
- Module names should use singular forms for nouns (network.py, not networks.py).