neutron

  1. Bug #1513782
  2. Comment #33

Comment 33 for bug 1513782

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/liberty)

Reviewed: https://review.openstack.org/277095
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=9cb659199786b95581553318cfdda93649c21c28
Submitter: Jenkins
Branch: stable/liberty

commit 9cb659199786b95581553318cfdda93649c21c28
Author: Ihar Hrachyshka <email address hidden>
Date: Tue Jan 19 23:10:25 2016 +0100

    Postpone heavy policy check for ports to later

    When a port is validated, we check for the user to be the owner of
    corresponding network, among other things. Sadly, this check requires a
    plugin call to fetch the network, which goes straight into the database.
    Now, if there are multiple ports to validate with current policy, and
    the user is not admin, we fetch the network for each port, f.e. making
    list operation on ports to scale badly.

    To avoid that, we should postpone OwnerCheck (tenant_id) based
    validations that rely on foreign keys, tenant_id:%(network:...)s, to as
    late as possible. It will make policy checks avoid hitting database in
    some cases, like when a port is owned by current user.

    Note: the patch excludes regression unit tests to avoid breaking
    external plugin repos that rely on base db test classes private methods
    like _create_network or _create_router.

    See Ic323e148f7d6d333194aa339774afa953b241aa7 for details about possible
    third party breakage.

    Change-Id: I99e0c4280b06d8ebab0aa8adc497662c995133ad
    Closes-Bug: #1513782