Comment 17 for bug 1830679

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/665566
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=a240c68022d96c8639652cbdf57e707e68fb2a88
Submitter: Zuul
Branch: master

commit a240c68022d96c8639652cbdf57e707e68fb2a88
Author: Miguel Lavalle <email address hidden>
Date: Sun Jun 16 19:59:03 2019 -0500

    Fix list security groups performance with RBAC

    After change [1], if the system has a high number of security groups
    with no associated RBAC entries, a non admin user owning only one
    security group will experience unacceptable response times when
    listing her security groups.

    Change [1] added methods get_object and get_objects to class
    RbacNeutronDbObjectMixin in neutron.objects.rbac_db, which retrieve with
    and admin context all the objects (networks, subnets or security groups)
    in the DB and then decide in memory whether the project that made the
    query has access to them or not, based on their associated RBAC
    policies. This change proposes to remove those methods and revert to
    their counterparts in NeutronDbObject (neutron.objects.base), which use
    a DB query scoped to the project to retrieve the objects based on their
    associated RBAC policies by calling [2]. In this way, the potential
    number of objects that are retrieved from the DB and that have to be
    converted to OVOs is greatly reduced, improving significantly the
    response time to the user.

    [1] https://review.opendev.org/#/c/635311
    [2] https://github.com/openstack/neutron-lib/blob/7a58374fde64fdc14e327940dde6bea4a8a39345/neutron_lib/db/model_query.py#L100

    Change-Id: Idd303778d83089da8fbeff40e3dda2bd19008d8e
    Closes-Bug: #1830679