Allow node owners to administer associated ports

Expose a port's node's owner to policy, giving Ironic admins
the option of modifying the policy file to allow users
specified by a node's owner field to perform API actions on
that node's associated ports.

Change-Id: I47ecbad9729f18dacc703e2a625ef3e92bfb00ed
Story: #2006506
Task: #37539

1 files changed, 16 insertions, 8 deletions

diff --git a/ironic/objects/port.py b/ironic/objects/port.py
index 7bc829dfa..6c75c8c21 100644
--- a/ironic/objects/port.py
+++ b/ironic/objects/port.py
@@ -203,17 +203,18 @@ class Port(base.IronicObject, object_base.VersionedObjectDictCompat):
     # Implications of calling new remote procedures should be thought through.
     # @object_base.remotable_classmethod
     @classmethod
-    def get_by_address(cls, context, address):
+    def get_by_address(cls, context, address, owner=None):
         """Find a port based on address and return a :class:`Port` object.
 
         :param cls: the :class:`Port`
         :param context: Security context
         :param address: the address of a port.
+        :param owner: a node owner to match against
         :returns: a :class:`Port` object.
         :raises: PortNotFound
 
         """
-        db_port = cls.dbapi.get_port_by_address(address)
+        db_port = cls.dbapi.get_port_by_address(address, owner=owner)
         port = cls._from_db_object(context, cls(), db_port)
         return port
 
@@ -223,7 +224,7 @@ class Port(base.IronicObject, object_base.VersionedObjectDictCompat):
     # @object_base.remotable_classmethod
     @classmethod
     def list(cls, context, limit=None, marker=None,
-             sort_key=None, sort_dir=None):
+             sort_key=None, sort_dir=None, owner=None):
         """Return a list of Port objects.
 
         :param context: Security context.
@@ -231,6 +232,7 @@ class Port(base.IronicObject, object_base.VersionedObjectDictCompat):
         :param marker: pagination marker for large data sets.
         :param sort_key: column to sort results by.
         :param sort_dir: direction to sort. "asc" or "desc".
+        :param owner: a node owner to match against
         :returns: a list of :class:`Port` object.
         :raises: InvalidParameterValue
 
@@ -238,7 +240,8 @@ class Port(base.IronicObject, object_base.VersionedObjectDictCompat):
         db_ports = cls.dbapi.get_port_list(limit=limit,
                                            marker=marker,
                                            sort_key=sort_key,
-                                           sort_dir=sort_dir)
+                                           sort_dir=sort_dir,
+                                           owner=owner)
         return cls._from_db_object_list(context, db_ports)
 
     # NOTE(xek): We don't want to enable RPC on this call just yet. Remotable
@@ -247,7 +250,7 @@ class Port(base.IronicObject, object_base.VersionedObjectDictCompat):
     # @object_base.remotable_classmethod
     @classmethod
     def list_by_node_id(cls, context, node_id, limit=None, marker=None,
-                        sort_key=None, sort_dir=None):
+                        sort_key=None, sort_dir=None, owner=None):
         """Return a list of Port objects associated with a given node ID.
 
         :param context: Security context.
@@ -256,13 +259,15 @@ class Port(base.IronicObject, object_base.VersionedObjectDictCompat):
         :param marker: pagination marker for large data sets.
         :param sort_key: column to sort results by.
         :param sort_dir: direction to sort. "asc" or "desc".
+        :param owner: a node owner to match against
         :returns: a list of :class:`Port` object.
 
         """
         db_ports = cls.dbapi.get_ports_by_node_id(node_id, limit=limit,
                                                   marker=marker,
                                                   sort_key=sort_key,
-                                                  sort_dir=sort_dir)
+                                                  sort_dir=sort_dir,
+                                                  owner=owner)
         return cls._from_db_object_list(context, db_ports)
 
     # NOTE(xek): We don't want to enable RPC on this call just yet. Remotable
@@ -271,7 +276,8 @@ class Port(base.IronicObject, object_base.VersionedObjectDictCompat):
     # @object_base.remotable_classmethod
     @classmethod
     def list_by_portgroup_id(cls, context, portgroup_id, limit=None,
-                             marker=None, sort_key=None, sort_dir=None):
+                             marker=None, sort_key=None, sort_dir=None,
+                             owner=None):
         """Return a list of Port objects associated with a given portgroup ID.
 
         :param context: Security context.
@@ -280,6 +286,7 @@ class Port(base.IronicObject, object_base.VersionedObjectDictCompat):
         :param marker: pagination marker for large data sets.
         :param sort_key: column to sort results by.
         :param sort_dir: direction to sort. "asc" or "desc".
+        :param owner: a node owner to match against
         :returns: a list of :class:`Port` object.
 
         """
@@ -287,7 +294,8 @@ class Port(base.IronicObject, object_base.VersionedObjectDictCompat):
                                                        limit=limit,
                                                        marker=marker,
                                                        sort_key=sort_key,
-                                                       sort_dir=sort_dir)
+                                                       sort_dir=sort_dir,
+                                                       owner=owner)
         return cls._from_db_object_list(context, db_ports)
 
     # NOTE(xek): We don't want to enable RPC on this call just yet. Remotable