restrict listing neutrons' resources to one tenant for admin
Change-Id: I587f208f9166b3b560331129d81c2a192891c3be
This commit is contained in:
Andrey Pavlov
parent
a5bbd826f4
commit
64fc208ecf
|
|
@ -385,11 +385,12 @@ class AddressEngineNeutron(object):
|
|||
|
||||
def get_os_floating_ips(self, context):
|
||||
neutron = clients.neutron(context)
|
||||
return neutron.list_floatingips()['floatingips']
|
||||
return neutron.list_floatingips(
|
||||
tenant_id=context.project_id)['floatingips']
|
||||
|
||||
def get_os_ports(self, context):
|
||||
neutron = clients.neutron(context)
|
||||
return neutron.list_ports()['ports']
|
||||
return neutron.list_ports(tenant_id=context.project_id)['ports']
|
||||
|
||||
|
||||
class AddressEngineNova(object):
|
||||
|
|
|
|||
|
|
@ -134,7 +134,7 @@ def associate_dhcp_options(context, dhcp_options_id, vpc_id):
|
|||
dhcp_options = ec2utils.get_db_item(context, dhcp_options_id)
|
||||
dhcp_options_id = dhcp_options['id']
|
||||
neutron = clients.neutron(context)
|
||||
os_ports = neutron.list_ports()['ports']
|
||||
os_ports = neutron.list_ports(tenant_id=context.project_id)['ports']
|
||||
network_interfaces = db_api.get_items(context, 'eni')
|
||||
rollback_dhcp_options_object = (
|
||||
db_api.get_item_by_id(context, rollback_dhcp_options_id)
|
||||
|
|
|
|||
|
|
@ -1059,12 +1059,12 @@ class InstanceEngineNeutron(object):
|
|||
for eni in db_api.get_items(context, 'subnet')]
|
||||
if os_subnet_ids:
|
||||
os_subnets = neutron.list_subnets(id=os_subnet_ids,
|
||||
fields=['network_id'])['subnets']
|
||||
fields=['network_id'], tenant_id=context.project_id)['subnets']
|
||||
vpc_os_network_ids = set(sn['network_id'] for sn in os_subnets)
|
||||
else:
|
||||
vpc_os_network_ids = []
|
||||
os_networks = neutron.list_networks(**{'router:external': False,
|
||||
'fields': ['id']})['networks']
|
||||
'fields': ['id'], 'tenant_id': context.project_id})['networks']
|
||||
ec2_classic_os_networks = [n for n in os_networks
|
||||
if n['id'] not in vpc_os_network_ids]
|
||||
if len(ec2_classic_os_networks) == 0:
|
||||
|
|
|
|||
|
|
@ -237,7 +237,7 @@ class NetworkInterfaceDescriber(common.TaggableItemsDescriber):
|
|||
self.security_groups = (
|
||||
security_group_api._format_security_groups_ids_names(self.context))
|
||||
neutron = clients.neutron(self.context)
|
||||
return neutron.list_ports()['ports']
|
||||
return neutron.list_ports(tenant_id=self.context.project_id)['ports']
|
||||
|
||||
def get_name(self, os_item):
|
||||
return ''
|
||||
|
|
@ -406,7 +406,7 @@ def attach_network_interface(context, network_interface_id,
|
|||
"device index '%(index)s'.") % {'id': instance_id,
|
||||
'index': device_index})
|
||||
neutron = clients.neutron(context)
|
||||
os_port = neutron.list_ports(id=network_interface['os_id'])['ports'][0]
|
||||
os_port = neutron.show_port(network_interface['os_id'])['port']
|
||||
nova = clients.nova(context)
|
||||
with common.OnCrashCleaner() as cleaner:
|
||||
# TODO(Alex) nova inserts compute:%availability_zone into device_owner
|
||||
|
|
@ -430,7 +430,7 @@ def detach_network_interface(context, attachment_id, force=None):
|
|||
raise exception.OperationNotPermitted(
|
||||
_('The network interface at device index 0 cannot be detached.'))
|
||||
neutron = clients.neutron(context)
|
||||
os_port = neutron.list_ports(id=network_interface['os_id'])['ports'][0]
|
||||
os_port = neutron.show_port(network_interface['os_id'])['port']
|
||||
with common.OnCrashCleaner() as cleaner:
|
||||
instance_id = network_interface['instance_id']
|
||||
device_index = network_interface['device_index']
|
||||
|
|
|
|||
|
|
@ -341,7 +341,8 @@ def _translate_group_name(context, os_group, db_groups):
|
|||
|
||||
def _format_security_groups_ids_names(context):
|
||||
neutron = clients.neutron(context)
|
||||
os_security_groups = neutron.list_security_groups()['security_groups']
|
||||
os_security_groups = neutron.list_security_groups(
|
||||
tenant_id=context.project_id)['security_groups']
|
||||
security_groups = db_api.get_items(context, 'sg')
|
||||
ec2_security_groups = {}
|
||||
for os_security_group in os_security_groups:
|
||||
|
|
@ -454,7 +455,8 @@ class SecurityGroupEngineNeutron(object):
|
|||
|
||||
def get_os_groups(self, context):
|
||||
neutron = clients.neutron(context)
|
||||
return neutron.list_security_groups()['security_groups']
|
||||
return neutron.list_security_groups(
|
||||
tenant_id=context.project_id)['security_groups']
|
||||
|
||||
def authorize_security_group(self, context, rule_body):
|
||||
neutron = clients.neutron(context)
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ def create_subnet(context, vpc_id, cidr_block,
|
|||
{'network': {'name': subnet['id']}})
|
||||
neutron.update_subnet(os_subnet['id'],
|
||||
{'subnet': {'name': subnet['id']}})
|
||||
os_ports = neutron.list_ports()['ports']
|
||||
os_ports = neutron.list_ports(tenant_id=context.project_id)['ports']
|
||||
return {'subnet': _format_subnet(context, subnet, os_subnet,
|
||||
os_network, os_ports)}
|
||||
|
||||
|
|
@ -155,9 +155,12 @@ class SubnetDescriber(common.TaggableItemsDescriber):
|
|||
|
||||
def get_os_items(self):
|
||||
neutron = clients.neutron(self.context)
|
||||
self.os_networks = neutron.list_networks()['networks']
|
||||
self.os_ports = neutron.list_ports()['ports']
|
||||
return neutron.list_subnets()['subnets']
|
||||
self.os_networks = neutron.list_networks(
|
||||
tenant_id=self.context.project_id)['networks']
|
||||
self.os_ports = neutron.list_ports(
|
||||
tenant_id=self.context.project_id)['ports']
|
||||
return neutron.list_subnets(
|
||||
tenant_id=self.context.project_id)['subnets']
|
||||
|
||||
|
||||
def describe_subnets(context, subnet_id=None, filter=None):
|
||||
|
|
|
|||
|
|
@ -496,8 +496,8 @@ class NetworkInterfaceTestCase(base.ApiTestCase):
|
|||
def test_attach_network_interface(self):
|
||||
self.set_mock_db_items(fakes.DB_NETWORK_INTERFACE_1,
|
||||
fakes.DB_INSTANCE_1)
|
||||
self.neutron.list_ports.return_value = (
|
||||
{'ports': [fakes.OS_PORT_1]})
|
||||
self.neutron.show_port.return_value = (
|
||||
{'port': fakes.OS_PORT_1})
|
||||
self.isotime.return_value = fakes.TIME_ATTACH_NETWORK_INTERFACE
|
||||
self.execute(
|
||||
'AttachNetworkInterface',
|
||||
|
|
@ -538,8 +538,8 @@ class NetworkInterfaceTestCase(base.ApiTestCase):
|
|||
def test_attach_network_interface_rollback(self):
|
||||
self.set_mock_db_items(fakes.DB_NETWORK_INTERFACE_1,
|
||||
fakes.DB_INSTANCE_1)
|
||||
self.neutron.list_ports.return_value = (
|
||||
{'ports': [fakes.OS_PORT_2]})
|
||||
self.neutron.show_port.return_value = (
|
||||
{'port': fakes.OS_PORT_2})
|
||||
self.isotime.return_value = fakes.TIME_ATTACH_NETWORK_INTERFACE
|
||||
self.nova.servers.interface_attach.side_effect = Exception()
|
||||
|
||||
|
|
@ -556,8 +556,8 @@ class NetworkInterfaceTestCase(base.ApiTestCase):
|
|||
network_interface = tools.update_dict(fakes.DB_NETWORK_INTERFACE_2,
|
||||
{'device_index': 1})
|
||||
self.set_mock_db_items(network_interface)
|
||||
self.neutron.list_ports.return_value = (
|
||||
{'ports': [fakes.OS_PORT_2]})
|
||||
self.neutron.show_port.return_value = (
|
||||
{'port': fakes.OS_PORT_2})
|
||||
self.execute(
|
||||
'DetachNetworkInterface',
|
||||
{'AttachmentId': ec2utils.change_ec2_id_kind(
|
||||
|
|
@ -595,8 +595,8 @@ class NetworkInterfaceTestCase(base.ApiTestCase):
|
|||
network_interface = tools.update_dict(fakes.DB_NETWORK_INTERFACE_2,
|
||||
{'device_index': 1})
|
||||
self.set_mock_db_items(network_interface)
|
||||
self.neutron.list_ports.return_value = (
|
||||
{'ports': [fakes.OS_PORT_2]})
|
||||
self.neutron.show_port.return_value = (
|
||||
{'port': fakes.OS_PORT_2})
|
||||
self.neutron.update_port.side_effect = Exception()
|
||||
|
||||
self.assert_execution_error(
|
||||
|
|
|
|||
|
|
@ -94,3 +94,43 @@ class EC2APIPlugin(base.Scenario):
|
|||
self.describe_addresses()
|
||||
self.describe_instances()
|
||||
self.describe_one_instance()
|
||||
|
||||
nova = self.clients("nova")
|
||||
with base.AtomicAction(self, 'servers_list'):
|
||||
data = nova.servers.list()
|
||||
id = data[0].id if len(data) else None
|
||||
if id:
|
||||
with base.AtomicAction(self, 'server_get'):
|
||||
data = nova.servers.get(id)
|
||||
with base.AtomicAction(self, 'flavors_list'):
|
||||
data = nova.flavors.list()
|
||||
id = data[0].id if len(data) else None
|
||||
if id:
|
||||
with base.AtomicAction(self, 'flavor_get'):
|
||||
data = nova.flavors.get(id)
|
||||
|
||||
neutron = self.clients("neutron")
|
||||
with base.AtomicAction(self, 'floatingip_list'):
|
||||
data = neutron.list_floatingips()["floatingips"]
|
||||
id = data[0]["id"] if len(data) else None
|
||||
if id:
|
||||
with base.AtomicAction(self, 'floatingip_get'):
|
||||
data = neutron.show_floatingip(id)
|
||||
with base.AtomicAction(self, 'ports_list'):
|
||||
data = neutron.list_ports()["ports"]
|
||||
id = data[0]["id"] if len(data) else None
|
||||
if id:
|
||||
with base.AtomicAction(self, 'port_get'):
|
||||
data = neutron.show_port(id)
|
||||
with base.AtomicAction(self, 'sg_list'):
|
||||
data = neutron.list_security_groups()["security_groups"]
|
||||
id = data[0]["id"] if len(data) else None
|
||||
if id:
|
||||
with base.AtomicAction(self, 'sg_get'):
|
||||
data = neutron.show_security_group(id)
|
||||
with base.AtomicAction(self, 'subnet_list'):
|
||||
data = neutron.list_subnets()["subnets"]
|
||||
id = data[0]["id"] if len(data) else None
|
||||
if id:
|
||||
with base.AtomicAction(self, 'subnet_get'):
|
||||
data = neutron.show_subnet(id)
|
||||
|
|
|
|||
Loading…
Reference in New Issue