4398f14a9a
When a port is validated, we check for the user to be the owner of corresponding network, among other things. Sadly, this check requires a plugin call to fetch the network, which goes straight into the database. Now, if there are multiple ports to validate with current policy, and the user is not admin, we fetch the network for each port, f.e. making list operation on ports to scale badly. To avoid that, we should postpone OwnerCheck (tenant_id) based validations that rely on foreign keys, tenant_id:%(network:...)s, to as late as possible. It will make policy checks avoid hitting database in some cases, like when a port is owned by current user. Also, added some unit tests to avoid later regressions: DbOperationBoundMixin now passes user context into API calls. It allows us to trigger policy engine checks when executing listing operations. Change-Id: I99e0c4280b06d8ebab0aa8adc497662c995133ad Closes-Bug: #1513782 |
||
---|---|---|
.. | ||
neutron | ||
oslo-config-generator | ||
api-paste.ini | ||
policy.json | ||
README.txt | ||
rootwrap.conf |
To generate the sample neutron configuration files, run the following command from the top level of the neutron directory: tox -e genconfig If a 'tox' environment is unavailable, then you can run the following script instead to generate the configuration files: ./tools/generate_config_file_samples.sh