review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

author	Salvatore Orlando <salv.orlando@gmail.com>
	Mon, 7 Apr 2014 21:26:00 +0000 (14:26 -0700)
committer	Salvatore Orlando <salv.orlando@gmail.com>
	Tue, 6 May 2014 10:52:29 +0000 (03:52 -0700)
commit	9b2b5e1482ebec818556946230066984bf647186
tree	9349223f363cdc5668f68f8f3efc52f1f1311aa8	tree \| snapshot
parent	ae3e92fe0c820dd851ada8fbac50ade068a07e7a	commit \| diff

Perform policy checks only once on list responses

The policy engine is currently being called for every attribute
of every resource to be returned by a list response. This is
harming the API performance; moreover such a high number of checks
is also unnecessary.

This patch therefore slightly changes the API logic so that list
response first determine the list of attributes which should be
returned querying the policy engine and then use this list for
all resource items to be returned.

To this aim a few methods in base.py needed to be refactored.
This patch also removes the routine check_if_exists from policy.py
and the related PolicyNotFound exception.

Finally, this patch also removes unnecessary admin_or_owner rules
when applied to attributes. This kind of rule indeed has no effect
anyway because of Neutron's ownership checks. The rules were removed
because this change won't allow anymore for having attribute-level
policies whose evaluation result depends on the resource value.

Implements blueprint faster-list-responses

Change-Id: I21b8273add5d5984f512ad94af5a99cf0b0a5d93

etc/policy.json		diff \| blob \| history
neutron/api/v2/base.py		diff \| blob \| history
neutron/common/exceptions.py		diff \| blob \| history
neutron/policy.py		diff \| blob \| history
neutron/tests/unit/test_policy.py		diff \| blob \| history