Query DB to get the tenant ID of the SG
There is a use case that as an admin user, people can just issue port-udpate command to set the SG even if that SG is from another tenant. In this use case, the tenant ID of the SG could be from any tenant so we have to do a DB query to get that. Change-Id: I8b52b049928f1a0b6db56749c02a13cab39a2f98
This commit is contained in:
parent
8cbadf3448
commit
7337427275
|
@ -15,6 +15,7 @@ from neutron.common import topics
|
|||
from neutron.db import api as db_api
|
||||
|
||||
from neutron.db import db_base_plugin_common
|
||||
from neutron.db.models import securitygroup as sg_models
|
||||
from neutron.objects import base as objects_base
|
||||
from neutron.objects import trunk as trunk_objects
|
||||
from neutron.plugins.ml2 import rpc as ml2_rpc
|
||||
|
@ -258,9 +259,14 @@ class AIMMappingRPCMixin(ha_ip_db.HAIPOwnerDbMixin):
|
|||
return
|
||||
details['security_group'] = []
|
||||
|
||||
tenant_aname = self.aim_mech_driver.name_mapper.project(
|
||||
context.session, port['tenant_id'])
|
||||
for sg_id in port['security_groups']:
|
||||
port_sgs = (context.session.query(sg_models.SecurityGroup.id,
|
||||
sg_models.SecurityGroup.tenant_id).
|
||||
filter(sg_models.SecurityGroup.id.
|
||||
in_(port['security_groups'])).
|
||||
all())
|
||||
for sg_id, tenant_id in port_sgs:
|
||||
tenant_aname = self.aim_mech_driver.name_mapper.project(
|
||||
context.session, tenant_id)
|
||||
details['security_group'].append(
|
||||
{'policy-space': tenant_aname,
|
||||
'name': sg_id})
|
||||
|
|
|
@ -27,10 +27,12 @@ from netaddr import IPSet
|
|||
from neutron.api.rpc.agentnotifiers import dhcp_rpc_agent_api
|
||||
from neutron.common import utils as n_utils
|
||||
from neutron.db import api as db_api
|
||||
from neutron.db.models import securitygroup as sg_models
|
||||
from neutron.extensions import dns
|
||||
from neutron.notifiers import nova
|
||||
from neutron.tests.unit.db import test_db_base_plugin_v2 as test_plugin
|
||||
from neutron.tests.unit.extensions import test_address_scope
|
||||
from neutron.tests.unit.extensions import test_securitygroup
|
||||
from neutron_lib.callbacks import registry
|
||||
from neutron_lib import constants as n_constants
|
||||
from neutron_lib import context as nctx
|
||||
|
@ -2600,7 +2602,8 @@ class TestPolicyTargetGroupRollback(AIMBaseTestCase):
|
|||
self.dummy.delete_l3_policy_precommit = orig_func
|
||||
|
||||
|
||||
class TestPolicyTarget(AIMBaseTestCase):
|
||||
class TestPolicyTarget(AIMBaseTestCase,
|
||||
test_securitygroup.SecurityGroupsTestCase):
|
||||
|
||||
def setUp(self, *args, **kwargs):
|
||||
super(TestPolicyTarget, self).setUp(*args, **kwargs)
|
||||
|
@ -3092,6 +3095,16 @@ class TestPolicyTarget(AIMBaseTestCase):
|
|||
policy_target_group_id=ptg['id'])['policy_target']
|
||||
self._bind_port_to_host(pt2['port_id'], 'h1')
|
||||
|
||||
# As admin, create a SG in a different tenant then associate
|
||||
# with the same port
|
||||
sg = self._make_security_group(
|
||||
self.fmt, 'sg_1', 'test',
|
||||
tenant_id='test-tenant-2')['security_group']
|
||||
port = self._plugin.get_port(self._context, pt2['port_id'])
|
||||
port['security_groups'].append(sg['id'])
|
||||
port = self._plugin.update_port(
|
||||
self._context, port['id'], {'port': port})
|
||||
|
||||
mapping = self.driver.get_gbp_details(
|
||||
self._neutron_admin_context, device='tap%s' % pt2['port_id'],
|
||||
host='h2')
|
||||
|
@ -3104,13 +3117,17 @@ class TestPolicyTarget(AIMBaseTestCase):
|
|||
'uni:tn-t1:out-l2:instP-n2', '200.200.0.3', '200.200.0.1/16')
|
||||
self.assertEqual(1000, mapping['interface_mtu'])
|
||||
self.assertEqual(100, mapping['dhcp_lease_time'])
|
||||
|
||||
port = self._plugin.get_port(self._context, pt2['port_id'])
|
||||
port_tenant = self.name_mapper.project(None, port['tenant_id'])
|
||||
sg_list = []
|
||||
for sg_id in port['security_groups']:
|
||||
ctx = nctx.get_admin_context()
|
||||
port_sgs = (ctx.session.query(sg_models.SecurityGroup.id,
|
||||
sg_models.SecurityGroup.tenant_id).
|
||||
filter(sg_models.SecurityGroup.id.
|
||||
in_(port['security_groups'])).
|
||||
all())
|
||||
for sg_id, tenant_id in port_sgs:
|
||||
sg_tenant = self.name_mapper.project(None, tenant_id)
|
||||
sg_list.append(
|
||||
{'policy-space': port_tenant,
|
||||
{'policy-space': sg_tenant,
|
||||
'name': sg_id})
|
||||
sg_list.append({'policy-space': 'common',
|
||||
'name': self.driver.aim_mech_driver.apic_system_id +
|
||||
|
|
Loading…
Reference in New Issue