neutron/neutron/objects
Rodolfo Alonso Hernandez 1afe935de8 Filter by owner SGs when retrieving the SG rules
Retrieving the SG rules now is used the admin context. This allows to
get all possible rules, independently of the user calling. The filters
passed and the RBAC policies filter those results, returning only:
- The SG rules belonging to the user.
- The SG rules belonging to a SG owned by the user.

However, if the SG list is too long, the query can take a lot of time.
Instead of this, the filtering is done in the DB query. If no filters
are passed to "get_security_group_rules" and the context is not the
admin context, only the rules specified in the first paragraph will
be retrieved.

Because overwriting the method "get_objects" is too complex, an
intermediate query is done to retrieve the SG rule IDs. Those IDs
will be used as a filter in the "get_objects" call.

Conflicts:
      neutron/objects/securitygroup.py
      neutron/tests/unit/db/test_securitygroups_db.py
      neutron/tests/unit/objects/test_securitygroup.py

Closes-Bug: #1863201

Change-Id: I25d3da929f8d0b6ee15d7b90ec59b9d58a4ae6a5
(cherry picked from commit d874c46bff)
(cherry picked from commit d3905264b7)
(cherry picked from commit 61dc621c1b)
2020-04-15 07:34:18 +00:00
..
db use object utils from neutron-lib 2018-06-11 11:10:53 -06:00
extensions Tag mechanism supports resources with standard attribute 2017-07-25 08:14:04 +09:00
logapi [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
plugins [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
port [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
qos Update neutron files for new over-indentation hacking rule (E117) 2019-01-30 20:05:18 +03:00
README.rst Objects: Add README for neutron/objects directory tree 2016-10-07 15:12:20 +00:00
__init__.py Use dirname in object recursive import 2017-04-20 04:35:10 -07:00
address_scope.py [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
agent.py use object utils from neutron-lib 2018-06-11 11:10:53 -06:00
auto_allocate.py [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
base.py Use dynamic lazy mode for fetching security group rules 2019-04-29 21:46:55 -06:00
common_types.py Use dynamic lazy mode for fetching security group rules 2019-04-29 21:46:55 -06:00
flavor.py [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
floatingip.py Integration of Floating IP OVO 2017-12-04 19:30:02 +09:00
ipam.py [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
l3_hamode.py [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
l3agent.py [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
metering.py [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
network.py Allow objects to opt in new engine facade 2018-02-09 04:07:34 +00:00
port_forwarding.py [server side] Floating IP port forwarding OVO and db script 2018-07-16 11:17:45 +08:00
ports.py Handle ports assigned to routers without routerports 2019-10-15 10:44:54 +00:00
provisioning_blocks.py [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
quota.py Allow objects to opt in new engine facade 2018-02-09 04:07:34 +00:00
rbac_db.py Merge "Use RBAC_POLICY callback constant from neutron-lib" 2018-02-20 18:19:17 +00:00
router.py Use Router OVO in external_net_db 2018-02-08 14:42:29 +00:00
securitygroup.py Filter by owner SGs when retrieving the SG rules 2020-04-15 07:34:18 +00:00
servicetype.py [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
stdattrs.py Allow objects to opt in new engine facade 2018-02-09 04:07:34 +00:00
subnet.py Switch to new engine facade for Route objects 2019-06-06 16:12:39 +00:00
subnetpool.py Allow objects to opt in new engine facade 2018-02-09 04:07:34 +00:00
tag.py [OVO] Switch to use own registry 2017-11-22 17:44:22 +01:00
trunk.py Allow objects to opt in new engine facade 2018-02-09 04:07:34 +00:00

README.rst

Neutron Objects

Directory

This directory is designed to contain all modules which have objects definitions shipped with core Neutron. The files and directories located inside of this directory should follow the guidelines below.

Structure

The Neutron objects tree should have the following structure:

  • The expected directory structure is flat, except for the ML2 plugins. All ML2 plugin objects should fall under the plugins subdirectory (i.e. plugins/ml2/gre_allocation).
  • Module names should use singular forms for nouns (network.py, not networks.py).