From 7bbd215da8ba8877d134c994c72dcfbdcd0a664a Mon Sep 17 00:00:00 2001
From: Salvatore Orlando <salv.orlando@gmail.com>
Date: Wed, 21 Aug 2013 02:47:19 -0700
Subject: [PATCH] Remove calls to policy.check and policy.enforce from plugin
 code

Completes blueprint make-authz-orthogonal

This patch removes a few explicit policy checks recently added to
the plumgrid and cisco plugins.
They are not necessary as the same checks are already performed
by the policy engine.

Change-Id: Ie99f5fa6ad4a9568b050827bc479a62dd40e18ac
---
 .../plugins/cisco/n1kv/n1kv_neutron_plugin.py   | 17 -----------------
 .../plumgrid/plumgrid_plugin/plumgrid_plugin.py | 13 ++++---------
 2 files changed, 4 insertions(+), 26 deletions(-)

diff --git a/neutron/plugins/cisco/n1kv/n1kv_neutron_plugin.py b/neutron/plugins/cisco/n1kv/n1kv_neutron_plugin.py
index 4f1f56c03..5af9b2ea5 100644
--- a/neutron/plugins/cisco/n1kv/n1kv_neutron_plugin.py
+++ b/neutron/plugins/cisco/n1kv/n1kv_neutron_plugin.py
@@ -49,7 +49,6 @@ from neutron.plugins.cisco.db import n1kv_db_v2
 from neutron.plugins.cisco.db import network_db_v2
 from neutron.plugins.cisco.extensions import n1kv_profile
 from neutron.plugins.cisco.n1kv import n1kv_client
-from neutron import policy
 
 
 LOG = logging.getLogger(__name__)
@@ -270,16 +269,6 @@ class N1kvNeutronPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
         if physical_network not in self.network_vlan_ranges:
             self.network_vlan_ranges[physical_network] = []
 
-    def _check_provider_view_auth(self, context, network):
-        return policy.check(context,
-                            "extension:provider_network:view",
-                            network)
-
-    def _enforce_provider_set_auth(self, context, network):
-        return policy.enforce(context,
-                              "extension:provider_network:set",
-                              network)
-
     def _extend_network_dict_provider(self, context, network):
         """Add extended network parameters."""
         binding = n1kv_db_v2.get_network_binding(context.session,
@@ -306,9 +295,6 @@ class N1kvNeutronPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
                 segmentation_id_set):
             return (None, None, None)
 
-        # Authorize before exposing plugin details to client
-        self._enforce_provider_set_auth(context, attrs)
-
         if not network_type_set:
             msg = _("provider:network_type required")
             raise q_exc.InvalidInput(error_message=msg)
@@ -366,9 +352,6 @@ class N1kvNeutronPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
                 segmentation_id_set):
             return
 
-        # Authorize before exposing plugin details to client
-        self._enforce_provider_set_auth(context, attrs)
-
         # TBD : Need to handle provider network updates
         msg = _("plugin does not support updating provider attributes")
         raise q_exc.InvalidInput(error_message=msg)
diff --git a/neutron/plugins/plumgrid/plumgrid_plugin/plumgrid_plugin.py b/neutron/plugins/plumgrid/plumgrid_plugin/plumgrid_plugin.py
index 14fff1c3d..cd33b707d 100644
--- a/neutron/plugins/plumgrid/plumgrid_plugin/plumgrid_plugin.py
+++ b/neutron/plugins/plumgrid/plumgrid_plugin/plumgrid_plugin.py
@@ -34,7 +34,6 @@ from neutron.openstack.common import importutils
 from neutron.openstack.common import log as logging
 from neutron.plugins.plumgrid.common import exceptions as plum_excep
 from neutron.plugins.plumgrid.plumgrid_plugin.plugin_ver import VERSION
-from neutron import policy
 
 LOG = logging.getLogger(__name__)
 PLUM_DRIVER = 'neutron.plugins.plumgrid.drivers.plumlib.Plumlib'
@@ -492,16 +491,12 @@ class NeutronPluginPLUMgridV2(db_base_plugin_v2.NeutronDbPluginV2,
         return VERSION
 
     def _port_viftype_binding(self, context, port):
-        if self._check_view_auth(context, port, self.binding_view):
-            port[portbindings.VIF_TYPE] = portbindings.VIF_TYPE_IOVISOR
-            port[portbindings.CAPABILITIES] = {
-                portbindings.CAP_PORT_FILTER:
-                'security-group' in self.supported_extension_aliases}
+        port[portbindings.VIF_TYPE] = portbindings.VIF_TYPE_IOVISOR
+        port[portbindings.CAPABILITIES] = {
+            portbindings.CAP_PORT_FILTER:
+            'security-group' in self.supported_extension_aliases}
         return port
 
-    def _check_view_auth(self, context, resource, action):
-        return policy.check(context, action, resource)
-
     def _network_admin_state(self, network):
         try:
             if network["network"].get("admin_state_up"):
-- 
2.45.2