Comment 16 for bug 1863201

Reviewed: https://review.opendev.org/720137
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=1afe935de81bbfca6ea29c239c55f5768d74410d
Submitter: Zuul
Branch: stable/rocky

commit 1afe935de81bbfca6ea29c239c55f5768d74410d
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Feb 18 17:08:22 2020 +0000

    Filter by owner SGs when retrieving the SG rules

    Retrieving the SG rules now is used the admin context. This allows to
    get all possible rules, independently of the user calling. The filters
    passed and the RBAC policies filter those results, returning only:
    - The SG rules belonging to the user.
    - The SG rules belonging to a SG owned by the user.

    However, if the SG list is too long, the query can take a lot of time.
    Instead of this, the filtering is done in the DB query. If no filters
    are passed to "get_security_group_rules" and the context is not the
    admin context, only the rules specified in the first paragraph will
    be retrieved.

    Because overwriting the method "get_objects" is too complex, an
    intermediate query is done to retrieve the SG rule IDs. Those IDs
    will be used as a filter in the "get_objects" call.

    Conflicts:
          neutron/objects/securitygroup.py
          neutron/tests/unit/db/test_securitygroups_db.py
          neutron/tests/unit/objects/test_securitygroup.py

    Closes-Bug: #1863201

    Change-Id: I25d3da929f8d0b6ee15d7b90ec59b9d58a4ae6a5
    (cherry picked from commit d874c46bff7045ba25f5dd6e790f7ddb209cb224)
    (cherry picked from commit d3905264b7659b1d10a68e3629861d5f0ba13568)
    (cherry picked from commit 61dc621c1ba40efcedabdfb9f3a1854cea227d2c)