Create namespaced resources on the right project
This patch ensures the resources created for the namespaces (i.e., network and subnet) belong to the right project Closes-Bug: 1780029 Change-Id: I655db76b4d3ab8d2500939e5ffc70e22fc6e1a59
This commit is contained in:
parent
bf3ce1ad47
commit
d1b9d03292
|
@ -113,7 +113,7 @@ class NamespacePodSubnetDriver(default_subnet.DefaultPodSubnetDriver):
|
|||
|
||||
self._del_kuryrnet_crd(net_crd_name)
|
||||
|
||||
def create_namespace_network(self, namespace):
|
||||
def create_namespace_network(self, namespace, project_id):
|
||||
neutron = clients.get_neutron_client()
|
||||
|
||||
router_id = oslo_cfg.CONF.namespace_subnet.pod_router
|
||||
|
@ -125,7 +125,10 @@ class NamespacePodSubnetDriver(default_subnet.DefaultPodSubnetDriver):
|
|||
try:
|
||||
neutron_net = neutron.create_network(
|
||||
{
|
||||
"network": {"name": network_name}
|
||||
"network": {
|
||||
"name": network_name,
|
||||
"project_id": project_id
|
||||
}
|
||||
}).get('network')
|
||||
|
||||
# create a subnet within that network
|
||||
|
@ -137,6 +140,7 @@ class NamespacePodSubnetDriver(default_subnet.DefaultPodSubnetDriver):
|
|||
"name": subnet_name,
|
||||
"enable_dhcp": False,
|
||||
"subnetpool_id": subnet_pool_id,
|
||||
"project_id": project_id
|
||||
}
|
||||
}).get('subnet')
|
||||
|
||||
|
|
|
@ -38,13 +38,15 @@ class NamespaceHandler(k8s_base.ResourceEventHandler):
|
|||
|
||||
def on_present(self, namespace):
|
||||
ns_name = namespace['metadata']['name']
|
||||
project_id = self._drv_project.get_project(namespace)
|
||||
net_crd = self._get_net_crd(namespace)
|
||||
if net_crd:
|
||||
LOG.debug("CRD existing at the new namespace")
|
||||
return
|
||||
|
||||
LOG.debug("Creating network resources for namespace: %s", ns_name)
|
||||
net_crd = self._drv_subnets.create_namespace_network(ns_name)
|
||||
net_crd = self._drv_subnets.create_namespace_network(ns_name,
|
||||
project_id)
|
||||
try:
|
||||
self._set_net_crd(namespace, net_crd)
|
||||
except exceptions.K8sClientException:
|
||||
|
|
|
@ -274,7 +274,7 @@ class TestNamespacePodSubnetDriver(test_base.TestCase):
|
|||
m_driver = mock.MagicMock(spec=cls)
|
||||
|
||||
namespace = 'test'
|
||||
|
||||
project_id = mock.sentinel.project_id
|
||||
neutron = self.useFixture(k_fix.MockNeutronClient()).client
|
||||
net = {'id': mock.sentinel.net}
|
||||
neutron.create_network.return_value = {'network': net}
|
||||
|
@ -283,7 +283,8 @@ class TestNamespacePodSubnetDriver(test_base.TestCase):
|
|||
net_crd = mock.sentinel.net_crd
|
||||
m_driver._add_kuryrnet_crd.return_value = net_crd
|
||||
|
||||
net_crd_resp = cls.create_namespace_network(m_driver, namespace)
|
||||
net_crd_resp = cls.create_namespace_network(m_driver, namespace,
|
||||
project_id)
|
||||
|
||||
self.assertEqual(net_crd_resp, net_crd)
|
||||
neutron.create_network.assert_called_once()
|
||||
|
@ -297,11 +298,13 @@ class TestNamespacePodSubnetDriver(test_base.TestCase):
|
|||
|
||||
namespace = 'test'
|
||||
|
||||
project_id = mock.sentinel.project_id
|
||||
neutron = self.useFixture(k_fix.MockNeutronClient()).client
|
||||
neutron.create_network.side_effect = n_exc.NeutronClientException
|
||||
|
||||
self.assertRaises(n_exc.NeutronClientException,
|
||||
cls.create_namespace_network, m_driver, namespace)
|
||||
cls.create_namespace_network, m_driver, namespace,
|
||||
project_id)
|
||||
|
||||
neutron.create_network.assert_called_once()
|
||||
neutron.create_subnet.assert_not_called()
|
||||
|
@ -313,14 +316,15 @@ class TestNamespacePodSubnetDriver(test_base.TestCase):
|
|||
m_driver = mock.MagicMock(spec=cls)
|
||||
|
||||
namespace = 'test'
|
||||
|
||||
project_id = mock.sentinel.project_id
|
||||
neutron = self.useFixture(k_fix.MockNeutronClient()).client
|
||||
net = {'id': mock.sentinel.net}
|
||||
neutron.create_network.return_value = {'network': net}
|
||||
neutron.create_subnet.side_effect = n_exc.NeutronClientException
|
||||
|
||||
self.assertRaises(n_exc.NeutronClientException,
|
||||
cls.create_namespace_network, m_driver, namespace)
|
||||
cls.create_namespace_network, m_driver, namespace,
|
||||
project_id)
|
||||
|
||||
neutron.create_network.assert_called_once()
|
||||
neutron.create_subnet.assert_called_once()
|
||||
|
@ -333,7 +337,7 @@ class TestNamespacePodSubnetDriver(test_base.TestCase):
|
|||
m_driver = mock.MagicMock(spec=cls)
|
||||
|
||||
namespace = 'test'
|
||||
|
||||
project_id = mock.sentinel.project_id
|
||||
neutron = self.useFixture(k_fix.MockNeutronClient()).client
|
||||
net = {'id': mock.sentinel.net}
|
||||
neutron.create_network.return_value = {'network': net}
|
||||
|
@ -343,7 +347,8 @@ class TestNamespacePodSubnetDriver(test_base.TestCase):
|
|||
n_exc.NeutronClientException)
|
||||
|
||||
self.assertRaises(n_exc.NeutronClientException,
|
||||
cls.create_namespace_network, m_driver, namespace)
|
||||
cls.create_namespace_network, m_driver, namespace,
|
||||
project_id)
|
||||
|
||||
neutron.create_network.assert_called_once()
|
||||
neutron.create_subnet.assert_called_once()
|
||||
|
@ -355,7 +360,7 @@ class TestNamespacePodSubnetDriver(test_base.TestCase):
|
|||
m_driver = mock.MagicMock(spec=cls)
|
||||
|
||||
namespace = 'test'
|
||||
|
||||
project_id = mock.sentinel.project_id
|
||||
neutron = self.useFixture(k_fix.MockNeutronClient()).client
|
||||
net = {'id': mock.sentinel.net}
|
||||
neutron.create_network.return_value = {'network': net}
|
||||
|
@ -364,7 +369,8 @@ class TestNamespacePodSubnetDriver(test_base.TestCase):
|
|||
m_driver._add_kuryrnet_crd.side_effect = k_exc.K8sClientException
|
||||
|
||||
self.assertRaises(k_exc.K8sClientException,
|
||||
cls.create_namespace_network, m_driver, namespace)
|
||||
cls.create_namespace_network, m_driver, namespace,
|
||||
project_id)
|
||||
|
||||
neutron.create_network.assert_called_once()
|
||||
neutron.create_subnet.assert_called_once()
|
||||
|
|
|
@ -119,7 +119,7 @@ class TestNamespaceHandler(test_base.TestCase):
|
|||
|
||||
self._get_net_crd.assert_called_once_with(self._namespace)
|
||||
self._create_namespace_network.assert_called_once_with(
|
||||
self._namespace_name)
|
||||
self._namespace_name, self._project_id)
|
||||
self._set_net_crd.assert_called_once_with(self._namespace, net_crd)
|
||||
self._rollback_network_resources.assert_not_called()
|
||||
|
||||
|
@ -145,7 +145,7 @@ class TestNamespaceHandler(test_base.TestCase):
|
|||
|
||||
self._get_net_crd.assert_called_once_with(self._namespace)
|
||||
self._create_namespace_network.assert_called_once_with(
|
||||
self._namespace_name)
|
||||
self._namespace_name, self._project_id)
|
||||
self._set_net_crd.assert_not_called()
|
||||
self._rollback_network_resources.assert_not_called()
|
||||
|
||||
|
@ -160,7 +160,7 @@ class TestNamespaceHandler(test_base.TestCase):
|
|||
|
||||
self._get_net_crd.assert_called_once_with(self._namespace)
|
||||
self._create_namespace_network.assert_called_once_with(
|
||||
self._namespace_name)
|
||||
self._namespace_name, self._project_id)
|
||||
self._set_net_crd.assert_called_once_with(self._namespace, net_crd)
|
||||
self._rollback_network_resources.assert_called_once()
|
||||
|
||||
|
@ -179,7 +179,7 @@ class TestNamespaceHandler(test_base.TestCase):
|
|||
|
||||
self._get_net_crd.assert_called_once_with(self._namespace)
|
||||
self._create_namespace_network.assert_called_once_with(
|
||||
self._namespace_name)
|
||||
self._namespace_name, self._project_id)
|
||||
self._set_net_crd.assert_called_once_with(self._namespace, net_crd)
|
||||
self._rollback_network_resources.assert_called_once()
|
||||
|
||||
|
|
Loading…
Reference in New Issue