Merge "Remove deprecated plugin argument from policy calls"

neutron/api/v2/base.py

@@ -326,7 +326,7 @@ class Controller:
                     request, obj, parent_id, is_get=True)
                 if policy.check(
                         request.context, self._plugin_handlers[self.SHOW],
-                        obj, plugin=self._plugin, pluralized=self._collection):
+                        obj, pluralized=self._collection):
                     tmp_list.append(obj)
             obj_list = tmp_list
         # Use the first element in the list for discriminating which attributes

neutron/extensions/quotasv2.py

@@ -51,8 +51,7 @@ LOG = logging.getLogger(__name__)
 def validate_policy(context, policy_name):
     policy.enforce(context,
                    policy_name,
-                   target={'project_id': context.project_id},
+                   target={'project_id': context.project_id})
-                   plugin=None)
 
 
 class QuotaSetsController(wsgi.Controller):

neutron/pecan_wsgi/hooks/policy_enforcement.py

@@ -174,14 +174,12 @@ class PolicyHook(hooks.PecanHook):
         # in the single case, we enforce which raises on violation
         # in the plural case, we just check so violating items are hidden
         policy_method = policy.enforce if is_single else policy.check
-        plugin = manager.NeutronManager.get_plugin_for_resource(collection)
         try:
             resp = [self._get_filtered_item(state.request, controller,
                                             resource, collection, item)
                     for item in to_process
                     if (state.request.method != 'GET' or
                         policy_method(neutron_context, action, item,
-                                      plugin=plugin,
                                       pluralized=collection))]
         except (oslo_policy.PolicyNotAuthorized, oslo_policy.InvalidScope):
             # This exception must be explicitly caught as the exception

neutron/policy.py

@@ -464,8 +464,7 @@ def log_rule_list(match_rule):
         LOG.debug("Enforcing rules: %s", rules)
 
 
-def check(context, action, target, plugin=None, might_not_exist=False,
+def check(context, action, target, might_not_exist=False, pluralized=None):
-          pluralized=None):
     """Verifies that the action is valid on the target in this context.
 
     :param context: neutron context
@@ -474,8 +473,6 @@ def check(context, action, target, plugin=None, might_not_exist=False,
     :param target: dictionary representing the object of the action
         for object creation this should be a dictionary representing the
         location of the object e.g. ``{'project_id': context.project_id}``
-    :param plugin: currently unused and deprecated.
-        Kept for backward compatibility.
     :param might_not_exist: If True the policy check is skipped (and the
         function returns True) if the specified policy does not exist.
         Defaults to false.
@@ -504,7 +501,7 @@ def check(context, action, target, plugin=None, might_not_exist=False,
                              pluralized=pluralized)
 
 
-def enforce(context, action, target, plugin=None, pluralized=None):
+def enforce(context, action, target, pluralized=None):
     """Verifies that the action is valid on the target in this context.
 
     :param context: neutron context
@@ -513,8 +510,6 @@ def enforce(context, action, target, plugin=None, pluralized=None):
     :param target: dictionary representing the object of the action
         for object creation this should be a dictionary representing the
         location of the object e.g. ``{'project_id': context.project_id}``
-    :param plugin: currently unused and deprecated.
-        Kept for backward compatibility.
     :param pluralized: pluralized case of resource
         e.g. firewall_policy -> pluralized = "firewall_policies"