yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #93782
[Bug 2059236] [NEW] Add a RBAC action field in the query hooks
Public bug reported:
Any Neutron resource (that is not only a single database table but a
view, a combination of several tables), can register a set of hooks that
will be used during the DB query creation [1]. These hooks include a
query hook (to modify query depending on the database relationships), a
filter hook (to add extra filtering steps to the final query) and a
results filter hook (that could be used to join other tables with other
dependencies).
This bug proposes to add an extra field to this hooks to be able to
filter the RBAC actions. Some resources, like networks [2] and subnets
[3], need to add an extra RBAC action "ACCESS_EXTERNAL" to the query
filter. This is done now by adding again the same RBAC filter included
in the ``query_with_hooks`` [4] but with the "ACCESS_EXTERNAL" action.
If instead of this, the ``query_with_hooks`` can include a configurable
set of RBAC actions, the result query could be shorter, less complex and
faster.
[1]https://github.com/openstack/neutron-lib/blob/625ae19e29758da98c5dd8c9ce03962840a87949/neutron_lib/db/model_query.py#L86-L90
[2]https://github.com/openstack/neutron/blob/bcf1f707bc9169e8f701613214516e97f039d730/neutron/db/external_net_db.py#L75-L80
[3]https://review.opendev.org/c/openstack/neutron/+/907313/15/neutron/db/external_net_db.py
[4]https://github.com/openstack/neutron-lib/blob/625ae19e29758da98c5dd8c9ce03962840a87949/neutron_lib/db/model_query.py#L127-L132
** Affects: neutron
Importance: Low
Assignee: Rodolfo Alonso (rodolfo-alonso-hernandez)
Status: New
** Changed in: neutron
Importance: Undecided => Low
** Changed in: neutron
Assignee: (unassigned) => Rodolfo Alonso (rodolfo-alonso-hernandez)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2059236
Title:
Add a RBAC action field in the query hooks
Status in neutron:
New
Bug description:
Any Neutron resource (that is not only a single database table but a
view, a combination of several tables), can register a set of hooks
that will be used during the DB query creation [1]. These hooks
include a query hook (to modify query depending on the database
relationships), a filter hook (to add extra filtering steps to the
final query) and a results filter hook (that could be used to join
other tables with other dependencies).
This bug proposes to add an extra field to this hooks to be able to
filter the RBAC actions. Some resources, like networks [2] and subnets
[3], need to add an extra RBAC action "ACCESS_EXTERNAL" to the query
filter. This is done now by adding again the same RBAC filter included
in the ``query_with_hooks`` [4] but with the "ACCESS_EXTERNAL" action.
If instead of this, the ``query_with_hooks`` can include a
configurable set of RBAC actions, the result query could be shorter,
less complex and faster.
[1]https://github.com/openstack/neutron-lib/blob/625ae19e29758da98c5dd8c9ce03962840a87949/neutron_lib/db/model_query.py#L86-L90
[2]https://github.com/openstack/neutron/blob/bcf1f707bc9169e8f701613214516e97f039d730/neutron/db/external_net_db.py#L75-L80
[3]https://review.opendev.org/c/openstack/neutron/+/907313/15/neutron/db/external_net_db.py
[4]https://github.com/openstack/neutron-lib/blob/625ae19e29758da98c5dd8c9ce03962840a87949/neutron_lib/db/model_query.py#L127-L132
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2059236/+subscriptions
Follow ups
