diff options
| author | Sachi King <sachi.king@anchor.com.au> | 2014-11-03 00:35:51 +1100 |
|---|---|---|
| committer | Assaf Muller <amuller@redhat.com> | 2014-11-11 15:34:06 +0200 |
| commit | 033e1413fa74a12fc4a0601c42e184317b0586c4 (patch) | |
| tree | 389d50a20a83bad88113fa92bcf7aa4fc481861e | |
| parent | 44fe2d924327b8c8de17e59ad1b925fd11cc017b (diff) | |
| download | neutron-033e1413fa74a12fc4a0601c42e184317b0586c4.tar.gz | |
Fix L3 HA network creation to allow user to create router
Update HA Network creation to use an admin context to allow Neutron
to create the tenant-less network required for the HA router when
it does not yet exist and is being created by a non-admin user.
Neutron creates these resources without a tenant so users cannot see
or modify the HA network, ports, etc. Port creation and association
already use elivated admin contexts to allow their function when
an user attempts to create a HA L3 router.
Conflicts:
neutron/tests/unit/db/test_l3_ha_db.py
Change-Id: I36166158a0970b8d08d6702054b11a43fb684281
Closes-Bug: #1388716
(cherry picked from commit cc9bc24229f1d79dc99303db1affc03c030c011e)
| -rw-r--r-- | neutron/db/l3_hamode_db.py | 2 | ||||
| -rw-r--r-- | neutron/tests/unit/db/test_l3_ha_db.py | 33 |
2 files changed, 30 insertions, 5 deletions
diff --git a/neutron/db/l3_hamode_db.py b/neutron/db/l3_hamode_db.py index a0ed580850..94897dbc83 100644 --- a/neutron/db/l3_hamode_db.py +++ b/neutron/db/l3_hamode_db.py @@ -224,7 +224,7 @@ class L3_HA_NAT_db_mixin(l3_dvr_db.L3_NAT_with_dvr_db_mixin): 'shared': False, 'admin_state_up': True, 'status': constants.NET_STATUS_ACTIVE}} - network = self._core_plugin.create_network(context, args) + network = self._core_plugin.create_network(admin_ctx, args) try: ha_network = self._create_ha_network_tenant_binding(admin_ctx, tenant_id, diff --git a/neutron/tests/unit/db/test_l3_ha_db.py b/neutron/tests/unit/db/test_l3_ha_db.py index 4616612bbd..ca2ce82e86 100644 --- a/neutron/tests/unit/db/test_l3_ha_db.py +++ b/neutron/tests/unit/db/test_l3_ha_db.py @@ -54,19 +54,25 @@ class L3HATestFramework(testlib_api.SqlTestCase, self.notif_m = notif_p.start() cfg.CONF.set_override('allow_overlapping_ips', True) - def _create_router(self, ha=True, tenant_id='tenant1', distributed=None): + def _create_router(self, ha=True, tenant_id='tenant1', distributed=None, + ctx=None): + if ctx is None: + ctx = self.admin_ctx + ctx.tenant_id = tenant_id router = {'name': 'router1', 'admin_state_up': True} if ha is not None: router['ha'] = ha if distributed is not None: router['distributed'] = distributed - return self.plugin._create_router_db(self.admin_ctx, router, tenant_id) + return self.plugin._create_router_db(ctx, router, tenant_id) - def _update_router(self, router_id, ha=True, distributed=None): + def _update_router(self, router_id, ha=True, distributed=None, ctx=None): + if ctx is None: + ctx = self.admin_ctx data = {'ha': ha} if ha is not None else {} if distributed is not None: data['distributed'] = distributed - return self.plugin._update_router_db(self.admin_ctx, router_id, + return self.plugin._update_router_db(ctx, router_id, data, None) @@ -388,3 +394,22 @@ class L3HATestCase(L3HATestFramework): routers_after = self.plugin.get_routers(self.admin_ctx) self.assertEqual(routers_before, routers_after) + + +class L3HAUserTestCase(L3HATestFramework): + + def setUp(self): + super(L3HAUserTestCase, self).setUp() + self.user_ctx = context.Context('', _uuid()) + self.plugin = FakeL3Plugin() + + def test_create_ha_router(self): + self._create_router(ctx=self.user_ctx) + + def test_update_router(self): + router = self._create_router(ctx=self.user_ctx) + self._update_router(router['id'], ha=False, ctx=self.user_ctx) + + def test_delete_router(self): + router = self._create_router(ctx=self.user_ctx) + self.plugin.delete_router(self.user_ctx, router['id']) |