neutron/etc
Ihar Hrachyshka 4398f14a9a Postpone heavy policy check for ports to later
When a port is validated, we check for the user to be the owner of
corresponding network, among other things. Sadly, this check requires a
plugin call to fetch the network, which goes straight into the database.
Now, if there are multiple ports to validate with current policy, and
the user is not admin, we fetch the network for each port, f.e. making
list operation on ports to scale badly.

To avoid that, we should postpone OwnerCheck (tenant_id) based
validations that rely on foreign keys, tenant_id:%(network:...)s, to as
late as possible. It will make policy checks avoid hitting database in
some cases, like when a port is owned by current user.

Also, added some unit tests to avoid later regressions:

DbOperationBoundMixin now passes user context into API calls. It allows
us to trigger policy engine checks when executing listing operations.

Change-Id: I99e0c4280b06d8ebab0aa8adc497662c995133ad
Closes-Bug: #1513782
2016-02-05 10:07:03 +01:00
..
neutron Remove obsolete plugin stuff 2016-01-21 23:16:20 +00:00
oslo-config-generator Added CORS support to Neutron 2015-12-09 05:53:59 -08:00
api-paste.ini Added Keystone and RequestID headers to CORS middleware 2016-01-14 09:32:48 -08:00
policy.json Postpone heavy policy check for ports to later 2016-02-05 10:07:03 +01:00
README.txt Automatically generate neutron core configuration files 2015-11-27 15:22:59 +00:00
rootwrap.conf Update rootwrap.conf to add /usr/local/sbin 2015-08-21 19:23:18 +01:00

To generate the sample neutron configuration files, run the following
command from the top level of the neutron directory:

tox -e genconfig

If a 'tox' environment is unavailable, then you can run the following script
instead to generate the configuration files:

./tools/generate_config_file_samples.sh