openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/db
History
Kevin Benton 4595899f7f Neutron RBAC API and network support 
This adds the new API endpoint to create, update, and delete
role-based access control entries. These entries enable tenants
to grant access to other tenants to perform an action on an object
they do not own.

This was previously done using a single 'shared' flag; however, this
was too coarse because an object would either be private to a tenant
or it would be shared with every tenant.

In addition to introducing the API, this patch also adds support to
for the new entries in Neutron networks. This means tenants can now
share their networks with specific tenants as long as they know the
tenant ID.

This feature is backwards-compatible with the previous 'shared'
attribute in the API. So if a deployer doesn't want this new feature
enabled, all of the RBAC operations can be blocked in policy.json and
networks can still be globally shared in the legacy manner.

Even though this feature is referred to as role-based access control,
this first version only supports sharing networks with specific
tenant IDs because Neutron currently doesn't have integration with
Keystone to handle changes in a tenant's roles/groups/etc.

DocImpact
APIImpact

Change-Id: Ib90e2a931df068f417faf26e9c3780dc3c468867
Partially-Implements: blueprint rbac-networks
 		2015-08-20 20:00:17 -07:00
..
metering Python 3: do not index dict_values objects 2015-07-24 21:00:52 +02:00
migration Sync FK constraints in db models with migration scripts 2015-08-20 13:22:01 +00:00
qos Guarantee there is only one bandwidth limit rule per policy 2015-08-03 00:47:47 +02:00
quota Fix query in get_reservations_for_resources 2015-08-19 12:40:02 +00:00
__init__.py Update License Headers to replace Nicira with VMware 2014-02-27 08:11:15 +00:00
address_scope_db.py Support subnetpool association to an address scope 2015-08-04 12:09:15 +05:30
agents_db.py Add logging of agent heartbeats 2015-06-29 05:40:26 +04:00
agentschedulers_db.py Fix: Skip rescheduling networks if no DHCP agents available 2015-08-05 17:52:29 +03:00
allowedaddresspairs_db.py Fix duplicate entry catch for allowed address pairs 2015-07-10 18:55:58 +08:00
api.py Get rid of exception converter in db/api.py 2015-08-16 02:40:23 -07:00
common_db_mixin.py Neutron RBAC API and network support 2015-08-20 20:00:17 -07:00
db_base_plugin_common.py Merge remote-tracking branch 'origin/feature/qos' into merge-branch 2015-08-17 15:16:55 +02:00
db_base_plugin_v2.py Neutron RBAC API and network support 2015-08-20 20:00:17 -07:00
dvr_mac_db.py Merge "Fix gateway port could not retrieve for subnet" 2015-08-18 20:51:35 +00:00
external_net_db.py ml2: remove stale _filter_nets_l3 in get_networks 2015-01-20 15:13:20 -08:00
extradhcpopt_db.py Migrate to oslo.log 2015-03-12 11:22:56 +01:00
extraroute_db.py l3: not use L2 plugin _get_subnet unnecessarily 2015-08-13 18:37:49 -07:00
flavors_db.py Fix typos in neutron code 2015-08-04 09:28:02 -07:00
ipam_backend_mixin.py Fix _update_subnet_allocation_pools returning empty list 2015-08-11 17:38:24 +01:00
ipam_non_pluggable_backend.py DB, IPAM & RPC changes for IPv6 Prefix Delegation 2015-08-05 12:22:22 +01:00
ipam_pluggable_backend.py Validate updated allocation pool before using it 2015-08-07 09:22:39 -05:00
l3_agentschedulers_db.py DVR: do not reschedule router for down agents on compute nodes 2015-08-14 16:36:15 +03:00
l3_attrs_db.py Add L3 VRRP HA base classes 2014-09-10 12:06:13 +00:00
l3_db.py Merge "Replace internal calls of create_{network, subnet, port}" 2015-08-17 11:42:56 +00:00
l3_dvr_db.py Replace internal calls of create_{network, subnet, port} 2015-08-14 19:34:54 +08:00
l3_dvrscheduler_db.py Sync FK constraints in db models with migration scripts 2015-08-20 13:22:01 +00:00
l3_gwmode_db.py Allow to define enable_snat default value 2015-05-07 00:10:50 +02:00
l3_hamode_db.py Replace internal calls of create_{network, subnet, port} 2015-08-14 19:34:54 +08:00
l3_hascheduler_db.py Expose ha_state per router to agent binding via API 2015-03-23 17:56:36 -04:00
model_base.py Python 3: use next() instead of iterator.next() 2015-06-09 20:26:09 +02:00
models_v2.py Sync FK constraints in db models with migration scripts 2015-08-20 13:22:01 +00:00
netmtu_db.py Move network MTU from core REST API to extension API 2015-04-02 12:48:56 -04:00
portbindings_base.py Remove @author(s) from copyright statements 2014-09-15 21:40:09 +09:00
portbindings_db.py Remove unnecessary 'IN vs ==' sql query branches 2015-03-21 09:39:06 -07:00
portsecurity_db.py Merge "Add portsecurity extension support" 2015-03-18 16:48:40 +00:00
portsecurity_db_common.py portsecurity_db_common: Access db columns in a consistent way 2015-07-06 11:22:18 +09:00
quota_db.py Create packages for quota modules 2015-07-28 11:55:01 -07:00
rbac_db_mixin.py Neutron RBAC API and network support 2015-08-20 20:00:17 -07:00
rbac_db_models.py Network RBAC DB setup and legacy migration 2015-07-16 05:48:10 -07:00
securitygroups_db.py Fix _ensure_default_security_group logic 2015-08-20 12:26:31 +03:00
securitygroups_rpc_base.py Fix ipset can't be destroyed when last rule is deleted 2015-08-03 12:57:11 +08:00
servicetype_db.py Migrate to oslo.log 2015-03-12 11:22:56 +01:00
sqlalchemyutils.py Python 3: Use six.moves.range 2015-05-19 17:32:17 +02:00
vlantransparent_db.py Moving VLAN Transparency support from core to extension 2015-04-08 08:35:13 -07:00