openstack
/
neutron
Code Issues Proposed changes

Set system_scope='all' in elevated context 

In case when enforce_new_defaults is set to True and new policy rules
are used, context.is_admin flag isn't really working as it was with old
rules.
But in case when elevated context is needed, it means that we need
context which has full rights to the system. So we should also set
"system_scope" parameter to "all" to be sure that system scope queries
can be done with such elevated context always.

It is needed e.g. when elevated context is used to get some data from
db. In such case we need to have db query which will not be scoped to
the single project_id and with new defaults to achieve that system_scope
has to be set to "all".

Proper fix for that should be done in neutron-lib and it is proposed
in [1] already but as we are have frozen neutron-lib version for
stable/wallaby already this patch for neutron is temporary fix for that
issue.
We can revert that patch as soon as we will be in Xena development cycle
and [1] will be merged and released.

[1] https://review.opendev.org/c/openstack/neutron-lib/+/781625

Related-Bug: #1920001
Change-Id: I0068c1de09f5c6fae5bb5cd0d6f26f451e701939
This commit is contained in:
Slawek Kaplonski 2021-03-19 12:05:56 +01:00
parent 80dfbb0371
commit 062336e59b
29 changed files with 154 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
neutron/api/rpc/agentnotifiers/dhcp_rpc_agent_api.py
View File

@ -28,6 +28,7 @@ from oslo_config import cfg
from oslo_log import log as logging from oslo_log import log as logging
import oslo_messaging import oslo_messaging
from neutron.common import utils as common_utils
# Priorities - lower value is higher priority # Priorities - lower value is higher priority
PRIORITY_NETWORK_CREATE = 0 PRIORITY_NETWORK_CREATE = 0
@ -194,7 +195,8 @@ class DhcpAgentNotifyAPI(object):
if fanout_required: if fanout_required:
self._fanout_message(context, method, payload) self._fanout_message(context, method, payload)
elif cast_required: elif cast_required:
admin_ctx = (context if context.is_admin else context.elevated()) admin_ctx = (context if context.is_admin else
common_utils.get_elevated_context(context))
network = self.plugin.get_network(admin_ctx, network_id) network = self.plugin.get_network(admin_ctx, network_id)
if 'subnet' in payload and payload['subnet'].get('segment_id'): if 'subnet' in payload and payload['subnet'].get('segment_id'):
# if segment_id exists then the segment service plugin # if segment_id exists then the segment service plugin

10
neutron/api/rpc/agentnotifiers/l3_rpc_agent_api.py
View File

@ -25,6 +25,7 @@ from oslo_log import log as logging
import oslo_messaging import oslo_messaging
from neutron.api.rpc.agentnotifiers import utils as ag_utils from neutron.api.rpc.agentnotifiers import utils as ag_utils
from neutron.common import utils as common_utils
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -55,7 +56,9 @@ class L3AgentNotifyAPI(object):
def _agent_notification(self, context, method, router_ids, operation, def _agent_notification(self, context, method, router_ids, operation,
shuffle_agents): shuffle_agents):
"""Notify changed routers to hosting l3 agents.""" """Notify changed routers to hosting l3 agents."""
adminContext = context if context.is_admin else context.elevated() adminContext = (
context if context.is_admin else
common_utils.get_elevated_context(context))
plugin = directory.get_plugin(plugin_constants.L3) plugin = directory.get_plugin(plugin_constants.L3)
for router_id in router_ids: for router_id in router_ids:
hosts = plugin.get_hosts_to_notify(adminContext, router_id) hosts = plugin.get_hosts_to_notify(adminContext, router_id)
@ -92,8 +95,9 @@ class L3AgentNotifyAPI(object):
return return
if extensions.is_extension_supported( if extensions.is_extension_supported(
plugin, constants.L3_AGENT_SCHEDULER_EXT_ALIAS): plugin, constants.L3_AGENT_SCHEDULER_EXT_ALIAS):
adminContext = (context.is_admin and adminContext = (
context or context.elevated()) context.is_admin and
context or common_utils.get_elevated_context(context))
if schedule_routers: if schedule_routers:
plugin.schedule_routers(adminContext, router_ids) plugin.schedule_routers(adminContext, router_ids)
self._agent_notification( self._agent_notification(

5
neutron/api/rpc/agentnotifiers/metering_rpc_agent_api.py
View File

@ -21,6 +21,7 @@ from neutron_lib import rpc as n_rpc
from oslo_log import log as logging from oslo_log import log as logging
import oslo_messaging import oslo_messaging
from neutron.common import utils as common_utils
from neutron.db import agentschedulers_db from neutron.db import agentschedulers_db
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -36,7 +37,9 @@ class MeteringAgentNotifyAPI(object):
def _agent_notification(self, context, method, routers): def _agent_notification(self, context, method, routers):
"""Notify l3 metering agents hosted by l3 agent hosts.""" """Notify l3 metering agents hosted by l3 agent hosts."""
adminContext = context if context.is_admin else context.elevated() adminContext = (
context if context.is_admin else
common_utils.get_elevated_context(context))
plugin = directory.get_plugin(plugin_constants.L3) plugin = directory.get_plugin(plugin_constants.L3)
l3_routers = {} l3_routers = {}

10
neutron/common/utils.py
View File

@ -1037,3 +1037,13 @@ def with_metaclass(meta, *bases):
return meta(name, bases, d) return meta(name, bases, d)
return metaclass('temporary_class', None, {}) return metaclass('temporary_class', None, {})
def get_elevated_context(context):
admin_context = context.elevated()
# NOTE(slaweq): system_scope='all' is needed if new policies are
# enforced. This should be set in context.elevated() method in the
# neutron-lib but as a temporary workaround it is done here
if cfg.CONF.oslo_policy.enforce_new_defaults:
admin_context.system_scope = 'all'
return admin_context

5
neutron/core_extensions/qos.py
View File

@ -19,6 +19,7 @@ from neutron_lib.plugins import constants as plugin_constants
from neutron_lib.plugins import directory from neutron_lib.plugins import directory
from neutron_lib.services.qos import constants as qos_consts from neutron_lib.services.qos import constants as qos_consts
from neutron.common import utils as common_utils
from neutron.core_extensions import base from neutron.core_extensions import base
from neutron.objects.qos import policy as policy_object from neutron.objects.qos import policy as policy_object
@ -47,7 +48,7 @@ class QosCoreResourceExtension(base.CoreResourceExtension):
def _update_port_policy(self, context, port, port_changes): def _update_port_policy(self, context, port, port_changes):
old_policy = policy_object.QosPolicy.get_port_policy( old_policy = policy_object.QosPolicy.get_port_policy(
context.elevated(), port['id']) common_utils.get_elevated_context(context), port['id'])
if old_policy: if old_policy:
self._check_policy_change_permission(context, old_policy) self._check_policy_change_permission(context, old_policy)
old_policy.detach_port(port['id']) old_policy.detach_port(port['id'])
@ -75,7 +76,7 @@ class QosCoreResourceExtension(base.CoreResourceExtension):
def _update_network_policy(self, context, network, network_changes): def _update_network_policy(self, context, network, network_changes):
old_policy = policy_object.QosPolicy.get_network_policy( old_policy = policy_object.QosPolicy.get_network_policy(
context.elevated(), network['id']) common_utils.get_elevated_context(context), network['id'])
if old_policy: if old_policy:
self._check_policy_change_permission(context, old_policy) self._check_policy_change_permission(context, old_policy)
old_policy.detach_network(network['id']) old_policy.detach_network(network['id'])

4
neutron/db/address_group_db.py
View File

@ -21,6 +21,7 @@ from neutron_lib.exceptions import address_group as ag_exc
from oslo_utils import uuidutils from oslo_utils import uuidutils
from neutron._i18n import _ from neutron._i18n import _
from neutron.common import utils as common_utils
from neutron.extensions import address_group as ag_ext from neutron.extensions import address_group as ag_ext
from neutron.objects import address_group as ag_obj from neutron.objects import address_group as ag_obj
from neutron.objects import base as base_obj from neutron.objects import base as base_obj
@ -196,7 +197,8 @@ class AddressGroupDbMixin(ag_ext.AddressGroupPluginBase):
] ]
def delete_address_group(self, context, id): def delete_address_group(self, context, id):
if sg_obj.SecurityGroupRule.get_objects(context.elevated(), if sg_obj.SecurityGroupRule.get_objects(
common_utils.get_elevated_context(context),
remote_address_group_id=id): remote_address_group_id=id):
# TODO(hangyang): use exception from neutron_lib # TODO(hangyang): use exception from neutron_lib
raise AddressGroupInUse(address_group_id=id) raise AddressGroupInUse(address_group_id=id)

8
neutron/db/db_base_plugin_v2.py
View File

@ -485,7 +485,7 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
_constants.AUTO_DELETE_PORT_OWNERS))] _constants.AUTO_DELETE_PORT_OWNERS))]
for port_id in auto_delete_port_ids: for port_id in auto_delete_port_ids:
try: try:
self.delete_port(context.elevated(), port_id) self.delete_port(utils.get_elevated_context(context), port_id)
except exc.PortNotFound: except exc.PortNotFound:
# Don't raise if something else concurrently deleted the port # Don't raise if something else concurrently deleted the port
LOG.debug("Ignoring PortNotFound when deleting port '%s'. " LOG.debug("Ignoring PortNotFound when deleting port '%s'. "
@ -710,7 +710,7 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
def _update_router_gw_port(self, context, router_id, network, subnet): def _update_router_gw_port(self, context, router_id, network, subnet):
l3plugin = directory.get_plugin(plugin_constants.L3) l3plugin = directory.get_plugin(plugin_constants.L3)
ctx_admin = context.elevated() ctx_admin = utils.get_elevated_context(context)
ext_subnets_dict = {s['id']: s for s in network['subnets']} ext_subnets_dict = {s['id']: s for s in network['subnets']}
router = l3plugin.get_router(ctx_admin, router_id) router = l3plugin.get_router(ctx_admin, router_id)
external_gateway_info = router['external_gateway_info'] external_gateway_info = router['external_gateway_info']
@ -1586,7 +1586,7 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
if device_id: if device_id:
if hasattr(self, 'get_router'): if hasattr(self, 'get_router'):
try: try:
ctx_admin = context.elevated() ctx_admin = utils.get_elevated_context(context)
router = self.get_router(ctx_admin, device_id) router = self.get_router(ctx_admin, device_id)
except l3_exc.RouterNotFound: except l3_exc.RouterNotFound:
return return
@ -1594,7 +1594,7 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
l3plugin = directory.get_plugin(plugin_constants.L3) l3plugin = directory.get_plugin(plugin_constants.L3)
if l3plugin: if l3plugin:
try: try:
ctx_admin = context.elevated() ctx_admin = utils.get_elevated_context(context)
router = l3plugin.get_router(ctx_admin, router = l3plugin.get_router(ctx_admin,
device_id) device_id)
except l3_exc.RouterNotFound: except l3_exc.RouterNotFound:

3
neutron/db/extraroute_db.py
View File

@ -29,6 +29,7 @@ from oslo_config import cfg
from oslo_log import log as logging from oslo_log import log as logging
from neutron._i18n import _ from neutron._i18n import _
from neutron.common import utils as common_utils
from neutron.conf.db import extraroute_db from neutron.conf.db import extraroute_db
from neutron.db import l3_db from neutron.db import l3_db
from neutron.objects import router as l3_obj from neutron.objects import router as l3_obj
@ -92,7 +93,7 @@ class ExtraRoute_dbonly_mixin(l3_db.L3_NAT_dbonly_mixin):
router_id=router_id, router_id=router_id,
quota=cfg.CONF.max_routes) quota=cfg.CONF.max_routes)
context = context.elevated() context = common_utils.get_elevated_context(context)
filters = {'device_id': [router_id]} filters = {'device_id': [router_id]}
ports = self._core_plugin.get_ports(context, filters) ports = self._core_plugin.get_ports(context, filters)
cidrs = [] cidrs = []

34
neutron/db/l3_db.py
View File

@ -320,17 +320,19 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
# the current transaction. # the current transaction.
context.GUARD_TRANSACTION = False context.GUARD_TRANSACTION = False
gw_port = plugin_utils.create_port( gw_port = plugin_utils.create_port(
self._core_plugin, context.elevated(), {'port': port_data}) self._core_plugin, utils.get_elevated_context(context),
{'port': port_data})
if not gw_port['fixed_ips']: if not gw_port['fixed_ips']:
LOG.debug('No IPs available for external network %s', LOG.debug('No IPs available for external network %s',
network_id) network_id)
with plugin_utils.delete_port_on_error( with plugin_utils.delete_port_on_error(
self._core_plugin, context.elevated(), gw_port['id']): self._core_plugin, utils.get_elevated_context(context),
gw_port['id']):
with db_api.CONTEXT_WRITER.using(context): with db_api.CONTEXT_WRITER.using(context):
router = self._get_router(context, router['id']) router = self._get_router(context, router['id'])
router.gw_port = self._core_plugin._get_port( router.gw_port = self._core_plugin._get_port(
context.elevated(), gw_port['id']) utils.get_elevated_context(context), gw_port['id'])
router_port = l3_obj.RouterPort( router_port = l3_obj.RouterPort(
context, context,
router_id=router.id, router_id=router.id,
@ -373,7 +375,7 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
router.gw_port and router.gw_port['network_id'] != new_network_id) router.gw_port and router.gw_port['network_id'] != new_network_id)
if not port_requires_deletion: if not port_requires_deletion:
return return
admin_ctx = context.elevated() admin_ctx = utils.get_elevated_context(context)
old_network_id = router.gw_port['network_id'] old_network_id = router.gw_port['network_id']
if self.router_gw_port_has_floating_ips(admin_ctx, router_id): if self.router_gw_port_has_floating_ips(admin_ctx, router_id):
@ -462,7 +464,8 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
resource_id=router_id)) resource_id=router_id))
def _update_current_gw_port(self, context, router_id, router, ext_ips): def _update_current_gw_port(self, context, router_id, router, ext_ips):
self._core_plugin.update_port(context.elevated(), router.gw_port['id'], self._core_plugin.update_port(
utils.get_elevated_context(context), router.gw_port['id'],
{'port': {'fixed_ips': ext_ips}}) {'port': {'fixed_ips': ext_ips}})
def _update_router_gw_info(self, context, router_id, info, router=None): def _update_router_gw_info(self, context, router_id, info, router=None):
@ -532,7 +535,8 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
if context.session.is_active: if context.session.is_active:
context.GUARD_TRANSACTION = False context.GUARD_TRANSACTION = False
for rp_id in router_ports_ids: for rp_id in router_ports_ids:
self._core_plugin.delete_port(context.elevated(), rp_id, self._core_plugin.delete_port(
utils.get_elevated_context(context), rp_id,
l3_port_check=False) l3_port_check=False)
router = self._get_router(context, id) router = self._get_router(context, id)
@ -586,7 +590,7 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
raise n_exc.BadRequest(resource='router', msg=msg) raise n_exc.BadRequest(resource='router', msg=msg)
if p.get('device_owner') == DEVICE_OWNER_ROUTER_GW: if p.get('device_owner') == DEVICE_OWNER_ROUTER_GW:
ext_subts = self._core_plugin.get_subnets( ext_subts = self._core_plugin.get_subnets(
context.elevated(), utils.get_elevated_context(context),
filters={'network_id': [p['network_id']]}) filters={'network_id': [p['network_id']]})
for sub in ext_subts: for sub in ext_subts:
router_subnets.append(sub['id']) router_subnets.append(sub['id'])
@ -597,8 +601,8 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
new_subnets = [s for s in new_subnets new_subnets = [s for s in new_subnets
if s['cidr'] != constants.PROVISIONAL_IPV6_PD_PREFIX] if s['cidr'] != constants.PROVISIONAL_IPV6_PD_PREFIX]
id_filter = {'id': router_subnets} id_filter = {'id': router_subnets}
subnets = self._core_plugin.get_subnets(context.elevated(), subnets = self._core_plugin.get_subnets(
filters=id_filter) utils.get_elevated_context(context), filters=id_filter)
for sub in subnets: for sub in subnets:
cidr = sub['cidr'] cidr = sub['cidr']
ipnet = netaddr.IPNetwork(cidr) ipnet = netaddr.IPNetwork(cidr)
@ -1340,11 +1344,11 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
# 'status' in port dict could not be updated by default, use # 'status' in port dict could not be updated by default, use
# check_allow_post to stop the verification of system # check_allow_post to stop the verification of system
external_port = plugin_utils.create_port( external_port = plugin_utils.create_port(
self._core_plugin, context.elevated(), self._core_plugin, utils.get_elevated_context(context),
{'port': port}, check_allow_post=False) {'port': port}, check_allow_post=False)
with plugin_utils.delete_port_on_error( with plugin_utils.delete_port_on_error(
self._core_plugin, context.elevated(), self._core_plugin, utils.get_elevated_context(context),
external_port['id']),\ external_port['id']),\
db_api.CONTEXT_WRITER.using(context): db_api.CONTEXT_WRITER.using(context):
# Ensure IPv4 addresses are allocated on external port # Ensure IPv4 addresses are allocated on external port
@ -1381,7 +1385,7 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
floatingip_db=floatingip_obj.db_obj) floatingip_db=floatingip_obj.db_obj)
self._core_plugin.update_port( self._core_plugin.update_port(
context.elevated(), external_port['id'], utils.get_elevated_context(context), external_port['id'],
{'port': {'device_id': fip_id, {'port': {'device_id': fip_id,
'project_id': fip['tenant_id']}}) 'project_id': fip['tenant_id']}})
registry.notify(resources.FLOATING_IP, registry.notify(resources.FLOATING_IP,
@ -1505,7 +1509,7 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
# floating IP record once the port is deleted. We can't start # floating IP record once the port is deleted. We can't start
# a transaction first to remove it ourselves because the delete_port # a transaction first to remove it ourselves because the delete_port
# method will yield in its post-commit activities. # method will yield in its post-commit activities.
self._core_plugin.delete_port(context.elevated(), self._core_plugin.delete_port(utils.get_elevated_context(context),
floatingip.floating_port_id, floatingip.floating_port_id,
l3_port_check=False) l3_port_check=False)
registry.notify(resources.FLOATING_IP, events.AFTER_DELETE, registry.notify(resources.FLOATING_IP, events.AFTER_DELETE,
@ -1595,8 +1599,8 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
"%(port_id)s no longer exists, allowing deletion.", "%(port_id)s no longer exists, allowing deletion.",
{'f_id': port['device_id'], 'port_id': port['id']}) {'f_id': port['device_id'], 'port_id': port['id']})
return return
elif not l3_obj.Router.objects_exist(context.elevated(), elif not l3_obj.Router.objects_exist(
id=port['device_id']): utils.get_elevated_context(context), id=port['device_id']):
LOG.debug("Router %(router_id)s corresponding to port " LOG.debug("Router %(router_id)s corresponding to port "
"%(port_id)s no longer exists, allowing deletion.", "%(port_id)s no longer exists, allowing deletion.",
{'router_id': port['device_id'], {'router_id': port['device_id'],

45
neutron/db/l3_dvr_db.py
View File

@ -211,7 +211,7 @@ class DVRResourceOperationHandler(object):
if (old_router and old_router['distributed'] and not if (old_router and old_router['distributed'] and not
router['distributed']): router['distributed']):
self._core_plugin.delete_distributed_port_bindings_by_router_id( self._core_plugin.delete_distributed_port_bindings_by_router_id(
context.elevated(), router_db['id']) n_utils.get_elevated_context(context), router_db['id'])
@registry.receives(resources.ROUTER, [events.AFTER_UPDATE], @registry.receives(resources.ROUTER, [events.AFTER_UPDATE],
priority_group.PRIORITY_ROUTER_EXTENDED_ATTRIBUTE) priority_group.PRIORITY_ROUTER_EXTENDED_ATTRIBUTE)
@ -224,7 +224,7 @@ class DVRResourceOperationHandler(object):
old_router = kwargs['old_router'] old_router = kwargs['old_router']
if old_router and old_router['distributed']: if old_router and old_router['distributed']:
self.delete_csnat_router_interface_ports( self.delete_csnat_router_interface_ports(
context.elevated(), router_db) n_utils.get_elevated_context(context), router_db)
@registry.receives(resources.ROUTER, @registry.receives(resources.ROUTER,
[events.AFTER_CREATE, events.AFTER_UPDATE], [events.AFTER_CREATE, events.AFTER_UPDATE],
@ -246,8 +246,8 @@ class DVRResourceOperationHandler(object):
not old_router.get(l3_apidef.EXTERNAL_GW_INFO)) not old_router.get(l3_apidef.EXTERNAL_GW_INFO))
if not do_create: if not do_create:
return return
if not self._create_snat_intf_ports_if_not_exists(context.elevated(), if not self._create_snat_intf_ports_if_not_exists(
router_db): n_utils.get_elevated_context(context), router_db):
LOG.debug("SNAT interface ports not created: %s", LOG.debug("SNAT interface ports not created: %s",
router_db['id']) router_db['id'])
return router_db return router_db
@ -280,8 +280,9 @@ class DVRResourceOperationHandler(object):
msg = _("Unable to create the SNAT Interface Port") msg = _("Unable to create the SNAT Interface Port")
raise n_exc.BadRequest(resource='router', msg=msg) raise n_exc.BadRequest(resource='router', msg=msg)
with plugin_utils.delete_port_on_error(self.l3plugin._core_plugin, with plugin_utils.delete_port_on_error(
context.elevated(), self.l3plugin._core_plugin,
n_utils.get_elevated_context(context),
snat_port['id']): snat_port['id']):
l3_obj.RouterPort( l3_obj.RouterPort(
context, context,
@ -357,7 +358,8 @@ class DVRResourceOperationHandler(object):
return return
if not payload.metadata.get('new_network_id'): if not payload.metadata.get('new_network_id'):
self.delete_csnat_router_interface_ports( self.delete_csnat_router_interface_ports(
payload.context.elevated(), payload.latest_state) n_utils.get_elevated_context(payload.context),
payload.latest_state)
network_id = payload.metadata.get('network_id') network_id = payload.metadata.get('network_id')
# NOTE(Swami): Delete the Floatingip agent gateway port # NOTE(Swami): Delete the Floatingip agent gateway port
@ -366,10 +368,11 @@ class DVRResourceOperationHandler(object):
filters = {'network_id': [network_id], filters = {'network_id': [network_id],
'device_owner': [const.DEVICE_OWNER_ROUTER_GW]} 'device_owner': [const.DEVICE_OWNER_ROUTER_GW]}
ext_net_gw_ports = self._core_plugin.get_ports( ext_net_gw_ports = self._core_plugin.get_ports(
payload.context.elevated(), filters) n_utils.get_elevated_context(payload.context), filters)
if not ext_net_gw_ports: if not ext_net_gw_ports:
self.delete_floatingip_agent_gateway_port( self.delete_floatingip_agent_gateway_port(
payload.context.elevated(), None, network_id) n_utils.get_elevated_context(payload.context),
None, network_id)
# Send the information to all the L3 Agent hosts # Send the information to all the L3 Agent hosts
# to clean up the fip namespace as it is no longer required. # to clean up the fip namespace as it is no longer required.
self.l3plugin.l3_rpc_notifier.delete_fipnamespace_for_ext_net( self.l3plugin.l3_rpc_notifier.delete_fipnamespace_for_ext_net(
@ -443,7 +446,7 @@ class DVRResourceOperationHandler(object):
floatingIP association happens. floatingIP association happens.
""" """
if association_event and router_id: if association_event and router_id:
admin_ctx = context.elevated() admin_ctx = n_utils.get_elevated_context(context)
router_dict = self.get_router(admin_ctx, router_id) router_dict = self.get_router(admin_ctx, router_id)
# Check if distributed router and then create the # Check if distributed router and then create the
# FloatingIP agent gateway port # FloatingIP agent gateway port
@ -500,7 +503,7 @@ class DVRResourceOperationHandler(object):
"""Event handler to for csnat port creation on interface creation.""" """Event handler to for csnat port creation on interface creation."""
if not router_db.extra_attributes.distributed or not router_db.gw_port: if not router_db.extra_attributes.distributed or not router_db.gw_port:
return return
admin_context = context.elevated() admin_context = n_utils.get_elevated_context(context)
self._add_csnat_router_interface_port( self._add_csnat_router_interface_port(
admin_context, router_db, port['network_id'], admin_context, router_db, port['network_id'],
[{'subnet_id': port['fixed_ips'][-1]['subnet_id']}]) [{'subnet_id': port['fixed_ips'][-1]['subnet_id']}])
@ -524,7 +527,7 @@ class DVRResourceOperationHandler(object):
# IPv6 subnet # IPv6 subnet
# Add new prefix to an existing ipv6 csnat port with the # Add new prefix to an existing ipv6 csnat port with the
# same network id if one exists # same network id if one exists
admin_ctx = context.elevated() admin_ctx = n_utils.get_elevated_context(context)
router = self.l3plugin._get_router(admin_ctx, router_id) router = self.l3plugin._get_router(admin_ctx, router_id)
cs_port = self._find_v6_router_port_by_network_and_device_owner( cs_port = self._find_v6_router_port_by_network_and_device_owner(
router, subnet['network_id'], const.DEVICE_OWNER_ROUTER_SNAT) router, subnet['network_id'], const.DEVICE_OWNER_ROUTER_SNAT)
@ -603,7 +606,7 @@ class DVRResourceOperationHandler(object):
if fixed_ips: if fixed_ips:
# multiple prefix port - delete prefix from port # multiple prefix port - delete prefix from port
self.l3plugin._core_plugin.update_port( self.l3plugin._core_plugin.update_port(
context.elevated(), n_utils.get_elevated_context(context),
cs_port['id'], {'port': {'fixed_ips': fixed_ips}}) cs_port['id'], {'port': {'fixed_ips': fixed_ips}})
return True return True
return False return False
@ -693,7 +696,8 @@ class DVRResourceOperationHandler(object):
if not is_multiple_prefix_csport: if not is_multiple_prefix_csport:
# Single prefix port - go ahead and delete the port # Single prefix port - go ahead and delete the port
self.delete_csnat_router_interface_ports( self.delete_csnat_router_interface_ports(
context.elevated(), router, subnet_id=sub_id) n_utils.get_elevated_context(context),
router, subnet_id=sub_id)
def _cleanup_related_hosts_after_interface_removal( def _cleanup_related_hosts_after_interface_removal(
self, context, router_id, subnet_id): self, context, router_id, subnet_id):
@ -895,7 +899,8 @@ class _DVRAgentInterfaceMixin(object):
return [] return []
filters = {'device_id': [fip_agent_id], filters = {'device_id': [fip_agent_id],
'device_owner': [const.DEVICE_OWNER_AGENT_GW]} 'device_owner': [const.DEVICE_OWNER_AGENT_GW]}
ports = self._core_plugin.get_ports(context.elevated(), filters) ports = self._core_plugin.get_ports(
n_utils.get_elevated_context(context), filters)
LOG.debug("Return the FIP ports: %s ", ports) LOG.debug("Return the FIP ports: %s ", ports)
return ports return ports
@ -1053,7 +1058,7 @@ class _DVRAgentInterfaceMixin(object):
fip = fips[0] fip = fips[0]
network_id = fip.get('floating_network_id') network_id = fip.get('floating_network_id')
self.create_fip_agent_gw_port_if_not_exists( self.create_fip_agent_gw_port_if_not_exists(
context.elevated(), network_id, host) n_utils.get_elevated_context(context), network_id, host)
def create_fip_agent_gw_port_if_not_exists(self, context, network_id, def create_fip_agent_gw_port_if_not_exists(self, context, network_id,
host): host):
@ -1265,7 +1270,8 @@ class L3_NAT_with_dvr_db_mixin(_DVRAgentInterfaceMixin,
try: try:
# using admin context as router may belong to admin tenant # using admin context as router may belong to admin tenant
router = self._get_router(context.elevated(), router_id) router = self._get_router(n_utils.get_elevated_context(context),
router_id)
except l3_exc.RouterNotFound: except l3_exc.RouterNotFound:
LOG.warning("Router %s was not found. " LOG.warning("Router %s was not found. "
"Skipping agent notification.", "Skipping agent notification.",
@ -1299,7 +1305,7 @@ class L3_NAT_with_dvr_db_mixin(_DVRAgentInterfaceMixin,
context, [router_id], dest_host) context, [router_id], dest_host)
else: else:
centralized_agent_list = self.list_l3_agents_hosting_router( centralized_agent_list = self.list_l3_agents_hosting_router(
context.elevated(), router_id)['agents'] n_utils.get_elevated_context(context), router_id)['agents']
for agent in centralized_agent_list: for agent in centralized_agent_list:
self.l3_rpc_notifier.routers_updated_on_host( self.l3_rpc_notifier.routers_updated_on_host(
context, [router_id], agent['host']) context, [router_id], agent['host'])
@ -1325,7 +1331,8 @@ class L3_NAT_with_dvr_db_mixin(_DVRAgentInterfaceMixin,
def is_router_distributed(self, context, router_id): def is_router_distributed(self, context, router_id):
if router_id: if router_id:
return is_distributed_router( return is_distributed_router(
self.get_router(context.elevated(), router_id)) self.get_router(n_utils.get_elevated_context(context),
router_id))
return False return False
def get_ports_under_dvr_connected_subnet(self, context, subnet_id): def get_ports_under_dvr_connected_subnet(self, context, subnet_id):

10
neutron/db/l3_dvrscheduler_db.py
View File

@ -205,7 +205,7 @@ class L3_DVRsch_db_mixin(l3agent_sch_db.L3AgentSchedulerDbMixin):
if not n_utils.is_dvr_serviced(deleted_port['device_owner']): if not n_utils.is_dvr_serviced(deleted_port['device_owner']):
return [] return []
admin_context = context.elevated() admin_context = n_utils.get_elevated_context(context)
port_host = deleted_port[portbindings.HOST_ID] port_host = deleted_port[portbindings.HOST_ID]
subnet_ids = [ip['subnet_id'] for ip in deleted_port['fixed_ips']] subnet_ids = [ip['subnet_id'] for ip in deleted_port['fixed_ips']]
router_ids = self.get_dvr_routers_by_subnet_ids(admin_context, router_ids = self.get_dvr_routers_by_subnet_ids(admin_context,
@ -280,7 +280,7 @@ class L3_DVRsch_db_mixin(l3agent_sch_db.L3AgentSchedulerDbMixin):
'device_owner': 'device_owner':
[n_const.DEVICE_OWNER_DVR_INTERFACE]} [n_const.DEVICE_OWNER_DVR_INTERFACE]}
int_ports = self._core_plugin.get_ports( int_ports = self._core_plugin.get_ports(
context.elevated(), filters=filter_rtr) n_utils.get_elevated_context(context), filters=filter_rtr)
for port in int_ports: for port in int_ports:
dvr_binding = (ml2_db. dvr_binding = (ml2_db.
get_distributed_port_binding_by_host( get_distributed_port_binding_by_host(
@ -304,7 +304,8 @@ class L3_DVRsch_db_mixin(l3agent_sch_db.L3AgentSchedulerDbMixin):
"""Returns all hosts to send notification about router update""" """Returns all hosts to send notification about router update"""
hosts = super(L3_DVRsch_db_mixin, self).get_hosts_to_notify( hosts = super(L3_DVRsch_db_mixin, self).get_hosts_to_notify(
context, router_id) context, router_id)
router = self.get_router(context.elevated(), router_id) router = self.get_router(n_utils.get_elevated_context(context),
router_id)
if router.get('distributed', False): if router.get('distributed', False):
dvr_hosts = self._get_dvr_hosts_for_router(context, router_id) dvr_hosts = self._get_dvr_hosts_for_router(context, router_id)
dvr_hosts = set(dvr_hosts) - set(hosts) dvr_hosts = set(dvr_hosts) - set(hosts)
@ -398,7 +399,8 @@ class L3_DVRsch_db_mixin(l3agent_sch_db.L3AgentSchedulerDbMixin):
# TODO(slaweq): move this method to RouterPort OVO object # TODO(slaweq): move this method to RouterPort OVO object
subnet_ids = self.get_subnet_ids_on_router(context, router_id) subnet_ids = self.get_subnet_ids_on_router(context, router_id)
RouterPort = l3_models.RouterPort RouterPort = l3_models.RouterPort
query = context.elevated().session.query(RouterPort.router_id) query = n_utils.get_elevated_context(context).session.query(
RouterPort.router_id)
query = query.join(models_v2.Port) query = query.join(models_v2.Port)
query = query.join( query = query.join(
models_v2.Subnet, models_v2.Subnet,

3
neutron/db/l3_fip_pools_db.py
View File

@ -18,6 +18,7 @@ from neutron_lib import constants as lib_const
from neutron_lib.db import utils as lib_db_utils from neutron_lib.db import utils as lib_db_utils
from neutron_lib.plugins import directory from neutron_lib.plugins import directory
from neutron.common import utils as common_utils
from neutron.extensions import floatingip_pools as fip_pools_ext from neutron.extensions import floatingip_pools as fip_pools_ext
from neutron.objects import base as base_obj from neutron.objects import base as base_obj
from neutron.objects import network as net_obj from neutron.objects import network as net_obj
@ -49,7 +50,7 @@ class FloatingIPPoolsDbMixin(object):
# NOTE(hongbin): Use elevated context to make sure we have enough # NOTE(hongbin): Use elevated context to make sure we have enough
# permission to retrieve subnets that are not in current tenant # permission to retrieve subnets that are not in current tenant
# but belongs to external networks shared with current tenant. # but belongs to external networks shared with current tenant.
admin_context = context.elevated() admin_context = common_utils.get_elevated_context(context)
subnet_objs = subnet_obj.Subnet.get_objects(admin_context, subnet_objs = subnet_obj.Subnet.get_objects(admin_context,
_pager=pager, _pager=pager,
network_id=net_ids) network_id=net_ids)

12
neutron/db/l3_hamode_db.py
View File

@ -214,7 +214,7 @@ class L3_HA_NAT_db_mixin(l3_dvr_db.L3_NAT_with_dvr_db_mixin,
cfg.CONF.l3_ha_network_physical_name) cfg.CONF.l3_ha_network_physical_name)
def _create_ha_network(self, context, tenant_id): def _create_ha_network(self, context, tenant_id):
admin_ctx = context.elevated() admin_ctx = n_utils.get_elevated_context(context)
args = {'network': args = {'network':
{'name': constants.HA_NETWORK_NAME % tenant_id, {'name': constants.HA_NETWORK_NAME % tenant_id,
@ -311,7 +311,7 @@ class L3_HA_NAT_db_mixin(l3_dvr_db.L3_NAT_with_dvr_db_mixin,
return binding.db_obj return binding.db_obj
def _delete_ha_interfaces(self, context, router_id): def _delete_ha_interfaces(self, context, router_id):
admin_ctx = context.elevated() admin_ctx = n_utils.get_elevated_context(context)
device_filter = {'device_id': [router_id], device_filter = {'device_id': [router_id],
'device_owner': 'device_owner':
[constants.DEVICE_OWNER_ROUTER_HA_INTF]} [constants.DEVICE_OWNER_ROUTER_HA_INTF]}
@ -322,7 +322,7 @@ class L3_HA_NAT_db_mixin(l3_dvr_db.L3_NAT_with_dvr_db_mixin,
l3_port_check=False) l3_port_check=False)
def delete_ha_interfaces_on_host(self, context, router_id, host): def delete_ha_interfaces_on_host(self, context, router_id, host):
admin_ctx = context.elevated() admin_ctx = n_utils.get_elevated_context(context)
port_ids = (binding.port_id for binding port_ids = (binding.port_id for binding
in self.get_ha_router_port_bindings(admin_ctx, in self.get_ha_router_port_bindings(admin_ctx,
[router_id], host)) [router_id], host))
@ -497,7 +497,7 @@ class L3_HA_NAT_db_mixin(l3_dvr_db.L3_NAT_with_dvr_db_mixin,
self._notify_router_updated(context, router_db.id) self._notify_router_updated(context, router_db.id)
def _delete_ha_network(self, context, net): def _delete_ha_network(self, context, net):
admin_ctx = context.elevated() admin_ctx = n_utils.get_elevated_context(context)
self._core_plugin.delete_network(admin_ctx, net.network_id) self._core_plugin.delete_network(admin_ctx, net.network_id)
def safe_delete_ha_network(self, context, ha_network, tenant_id): def safe_delete_ha_network(self, context, ha_network, tenant_id):
@ -707,7 +707,7 @@ class L3_HA_NAT_db_mixin(l3_dvr_db.L3_NAT_with_dvr_db_mixin,
self._update_router_port_bindings(context, states, host) self._update_router_port_bindings(context, states, host)
def _update_router_port_bindings(self, context, states, host): def _update_router_port_bindings(self, context, states, host):
admin_ctx = context.elevated() admin_ctx = n_utils.get_elevated_context(context)
device_filter = {'device_id': list(states.keys()), device_filter = {'device_id': list(states.keys()),
'device_owner': 'device_owner':
[constants.DEVICE_OWNER_HA_REPLICATED_INT, [constants.DEVICE_OWNER_HA_REPLICATED_INT,
@ -740,7 +740,7 @@ class L3_HA_NAT_db_mixin(l3_dvr_db.L3_NAT_with_dvr_db_mixin,
gateway_port_status = gateway_port['status'] gateway_port_status = gateway_port['status']
gateway_port_binding_host = gateway_port[portbindings.HOST_ID] gateway_port_binding_host = gateway_port[portbindings.HOST_ID]
admin_ctx = context.elevated() admin_ctx = n_utils.get_elevated_context(context)
router_id = router['id'] router_id = router['id']
ha_bindings = self.get_l3_bindings_hosting_router_with_ha_states( ha_bindings = self.get_l3_bindings_hosting_router_with_ha_states(
admin_ctx, router_id) admin_ctx, router_id)

12
neutron/objects/rbac_db.py
View File

@ -75,7 +75,7 @@ class RbacNeutronDbObjectMixin(rbac_db_mixin.RbacPluginMixin,
@classmethod @classmethod
def is_shared_with_tenant(cls, context, obj_id, tenant_id): def is_shared_with_tenant(cls, context, obj_id, tenant_id):
ctx = context.elevated() ctx = utils.get_elevated_context(context)
with cls.db_context_reader(ctx): with cls.db_context_reader(ctx):
return cls.get_shared_with_tenant(ctx, cls.rbac_db_cls, return cls.get_shared_with_tenant(ctx, cls.rbac_db_cls,
obj_id, tenant_id) obj_id, tenant_id)
@ -105,7 +105,7 @@ class RbacNeutronDbObjectMixin(rbac_db_mixin.RbacPluginMixin,
@classmethod @classmethod
def _validate_rbac_policy_delete(cls, context, obj_id, target_tenant): def _validate_rbac_policy_delete(cls, context, obj_id, target_tenant):
ctx_admin = context.elevated() ctx_admin = utils.get_elevated_context(context)
rb_model = cls.rbac_db_cls.db_model rb_model = cls.rbac_db_cls.db_model
bound_tenant_ids = cls.get_bound_tenant_ids(ctx_admin, obj_id) bound_tenant_ids = cls.get_bound_tenant_ids(ctx_admin, obj_id)
db_obj_sharing_entries = cls._get_db_obj_rbac_entries( db_obj_sharing_entries = cls._get_db_obj_rbac_entries(
@ -148,7 +148,7 @@ class RbacNeutronDbObjectMixin(rbac_db_mixin.RbacPluginMixin,
return return
target_tenant = policy['target_tenant'] target_tenant = policy['target_tenant']
db_obj = obj_db_api.get_object( db_obj = obj_db_api.get_object(
cls, context.elevated(), id=policy['object_id']) cls, utils.get_elevated_context(context), id=policy['object_id'])
if db_obj.tenant_id == target_tenant: if db_obj.tenant_id == target_tenant:
return return
cls._validate_rbac_policy_delete(context=context, cls._validate_rbac_policy_delete(context=context,
@ -200,7 +200,7 @@ class RbacNeutronDbObjectMixin(rbac_db_mixin.RbacPluginMixin,
if object_type != cls.rbac_db_cls.db_model.object_type: if object_type != cls.rbac_db_cls.db_model.object_type:
return return
db_obj = obj_db_api.get_object( db_obj = obj_db_api.get_object(
cls, context.elevated(), id=policy['object_id']) cls, utils.get_elevated_context(context), id=policy['object_id'])
if event in (events.BEFORE_CREATE, events.BEFORE_UPDATE): if event in (events.BEFORE_CREATE, events.BEFORE_UPDATE):
if (not context.is_admin and if (not context.is_admin and
db_obj['tenant_id'] != context.tenant_id): db_obj['tenant_id'] != context.tenant_id):
@ -224,7 +224,7 @@ class RbacNeutronDbObjectMixin(rbac_db_mixin.RbacPluginMixin,
return self.create_rbac_policy(self.obj_context, rbac_policy) return self.create_rbac_policy(self.obj_context, rbac_policy)
def update_shared(self, is_shared_new, obj_id): def update_shared(self, is_shared_new, obj_id):
admin_context = self.obj_context.elevated() admin_context = utils.get_elevated_context(self.obj_context)
shared_prev = obj_db_api.get_object(self.rbac_db_cls, admin_context, shared_prev = obj_db_api.get_object(self.rbac_db_cls, admin_context,
object_id=obj_id, object_id=obj_id,
target_tenant='*', target_tenant='*',
@ -266,7 +266,7 @@ class RbacNeutronDbObjectMixin(rbac_db_mixin.RbacPluginMixin,
# instantiated and without DB interaction (get_object(s), update, # instantiated and without DB interaction (get_object(s), update,
# create), it should be rare case to load 'shared' by that method # create), it should be rare case to load 'shared' by that method
shared = self.get_shared_with_tenant( shared = self.get_shared_with_tenant(
self.obj_context.elevated(), utils.get_elevated_context(self.obj_context),
self.rbac_db_cls, self.rbac_db_cls,
self.id, self.id,
self.project_id self.project_id

4
neutron/objects/subnet.py
View File

@ -22,6 +22,7 @@ from oslo_versionedobjects import fields as obj_fields
from sqlalchemy import and_, or_ from sqlalchemy import and_, or_
from sqlalchemy.sql import exists from sqlalchemy.sql import exists
from neutron.common import utils as common_utils
from neutron.db.models import dns as dns_models from neutron.db.models import dns as dns_models
from neutron.db.models import segment as segment_model from neutron.db.models import segment as segment_model
from neutron.db.models import subnet_service_type from neutron.db.models import subnet_service_type
@ -273,7 +274,8 @@ class Subnet(base.NeutronDbObject):
# instantiated and without DB interaction (get_object(s), update, # instantiated and without DB interaction (get_object(s), update,
# create), it should be rare case to load 'shared' by that method # create), it should be rare case to load 'shared' by that method
shared = (rbac_db.RbacNeutronDbObjectMixin. shared = (rbac_db.RbacNeutronDbObjectMixin.
get_shared_with_tenant(self.obj_context.elevated(), get_shared_with_tenant(
common_utils.get_elevated_context(self.obj_context),
network.NetworkRBAC, network.NetworkRBAC,
self.network_id, self.network_id,
self.project_id)) self.project_id))

4
neutron/objects/subnetpool.py
View File

@ -20,6 +20,7 @@ from oslo_versionedobjects import fields as obj_fields
import sqlalchemy as sa import sqlalchemy as sa
from neutron._i18n import _ from neutron._i18n import _
from neutron.common import utils as common_utils
from neutron.db import models_v2 as models from neutron.db import models_v2 as models
from neutron.db import rbac_db_models from neutron.db import rbac_db_models
from neutron.extensions import rbac as ext_rbac from neutron.extensions import rbac as ext_rbac
@ -116,7 +117,8 @@ class SubnetPool(rbac_db.NeutronRbacObject):
policy = payload.request_body policy = payload.request_body
db_obj = obj_db_api.get_object( db_obj = obj_db_api.get_object(
cls, context.elevated(), id=policy['object_id']) cls, common_utils.get_elevated_context(context),
id=policy['object_id'])
if not db_obj["address_scope_id"]: if not db_obj["address_scope_id"]:
# Nothing to validate # Nothing to validate

4
neutron/plugins/ml2/db.py
View File

@ -28,6 +28,7 @@ from sqlalchemy import or_
from sqlalchemy.orm import exc from sqlalchemy.orm import exc
from neutron._i18n import _ from neutron._i18n import _
from neutron.common import utils as common_utils
from neutron.db.models import securitygroup as sg_models from neutron.db.models import securitygroup as sg_models
from neutron.db import models_v2 from neutron.db import models_v2
from neutron.objects import base as objects_base from neutron.objects import base as objects_base
@ -339,7 +340,8 @@ def _prevent_segment_delete_with_port_bound(resource, event, trigger,
plugin = directory.get_plugin() plugin = directory.get_plugin()
for port_id in auto_delete_port_ids: for port_id in auto_delete_port_ids:
try: try:
plugin.delete_port(payload.context.elevated(), port_id) plugin.delete_port(
common_utils.get_elevated_context(payload.context), port_id)
except nlib_exc.PortNotFound: except nlib_exc.PortNotFound:
# Don't raise if something else concurrently deleted the port # Don't raise if something else concurrently deleted the port
LOG.debug("Ignoring PortNotFound when deleting port '%s'. " LOG.debug("Ignoring PortNotFound when deleting port '%s'. "

2
neutron/scheduler/l3_agent_scheduler.py
View File

@ -263,7 +263,7 @@ class L3Scheduler(object, metaclass=abc.ABCMeta):
def create_ha_port_and_bind(self, plugin, context, router_id, def create_ha_port_and_bind(self, plugin, context, router_id,
tenant_id, agent, is_manual_scheduling=False): tenant_id, agent, is_manual_scheduling=False):
"""Creates and binds a new HA port for this agent.""" """Creates and binds a new HA port for this agent."""
ctxt = context.elevated() ctxt = utils.get_elevated_context(context)
router_db = plugin._get_router(ctxt, router_id) router_db = plugin._get_router(ctxt, router_id)
creator = functools.partial(self._add_port_from_net_and_ensure_vr_id, creator = functools.partial(self._add_port_from_net_and_ensure_vr_id,
plugin, ctxt, router_db, tenant_id) plugin, ctxt, router_db, tenant_id)

3
neutron/services/ovn_l3/plugin.py
View File

@ -33,6 +33,7 @@ from oslo_utils import excutils
from neutron.common.ovn import constants as ovn_const from neutron.common.ovn import constants as ovn_const
from neutron.common.ovn import extensions from neutron.common.ovn import extensions
from neutron.common.ovn import utils from neutron.common.ovn import utils
from neutron.common import utils as common_utils
from neutron.db.availability_zone import router as router_az_db from neutron.db.availability_zone import router as router_az_db
from neutron.db import dns_db from neutron.db import dns_db
from neutron.db import extraroute_db from neutron.db import extraroute_db
@ -286,7 +287,7 @@ class OVNL3RouterPlugin(service_base.ServicePluginBase,
return fip return fip
def disassociate_floatingips(self, context, port_id, do_notify=True): def disassociate_floatingips(self, context, port_id, do_notify=True):
fips = self.get_floatingips(context.elevated(), fips = self.get_floatingips(common_utils.get_elevated_context(context),
filters={'port_id': [port_id]}) filters={'port_id': [port_id]})
router_ids = super(OVNL3RouterPlugin, self).disassociate_floatingips( router_ids = super(OVNL3RouterPlugin, self).disassociate_floatingips(
context, port_id, do_notify) context, port_id, do_notify)

7
neutron/services/portforwarding/pf_plugin.py
View File

@ -142,7 +142,8 @@ class PortForwardingPlugin(fip_pf.PortForwardingPluginBase):
# dvr_no_external host to one dvr host. So we just do not allow # dvr_no_external host to one dvr host. So we just do not allow
# all dvr router's floating IP to be binded to a port which # all dvr router's floating IP to be binded to a port which
# already has port forwarding. # already has port forwarding.
router = self.l3_plugin.get_router(payload.context.elevated(), router = self.l3_plugin.get_router(
utils.get_elevated_context(payload.context),
pf_objs[0].router_id) pf_objs[0].router_id)
if l3_dvr_db.is_distributed_router(router): if l3_dvr_db.is_distributed_router(router):
raise pf_exc.PortHasPortForwarding(port_id=port_id) raise pf_exc.PortHasPortForwarding(port_id=port_id)
@ -210,7 +211,7 @@ class PortForwardingPlugin(fip_pf.PortForwardingPluginBase):
# context to check if the floatingip or port forwarding resources # context to check if the floatingip or port forwarding resources
# are owned by other tenants. # are owned by other tenants.
if not context.is_admin: if not context.is_admin:
context = context.elevated() context = utils.get_elevated_context(context)
# If the logic arrives here, that means we have got update_ip_set and # If the logic arrives here, that means we have got update_ip_set and
# its value is not None. So we need to get all port forwarding # its value is not None. So we need to get all port forwarding
# resources based on the request port_id for preparing the next # resources based on the request port_id for preparing the next
@ -330,7 +331,7 @@ class PortForwardingPlugin(fip_pf.PortForwardingPluginBase):
def _check_port_has_binding_floating_ip(self, context, port_forwarding): def _check_port_has_binding_floating_ip(self, context, port_forwarding):
port_id = port_forwarding['internal_port_id'] port_id = port_forwarding['internal_port_id']
floatingip_objs = l3_obj.FloatingIP.get_objects( floatingip_objs = l3_obj.FloatingIP.get_objects(
context.elevated(), utils.get_elevated_context(context),
fixed_port_id=port_id) fixed_port_id=port_id)
if floatingip_objs: if floatingip_objs:
floating_ip_address = floatingip_objs[0].floating_ip_address floating_ip_address = floatingip_objs[0].floating_ip_address

14
neutron/services/qos/qos_plugin.py
View File

@ -41,6 +41,7 @@ from oslo_config import cfg
from oslo_log import log as logging from oslo_log import log as logging
from neutron._i18n import _ from neutron._i18n import _
from neutron.common import utils as common_utils
from neutron.db import db_base_plugin_common from neutron.db import db_base_plugin_common
from neutron.extensions import qos from neutron.extensions import qos
from neutron.objects import base as base_obj from neutron.objects import base as base_obj
@ -250,7 +251,7 @@ class QoSPlugin(qos.QoSPluginBase):
return return
policy = policy_object.QosPolicy.get_object( policy = policy_object.QosPolicy.get_object(
context.elevated(), id=policy_id) common_utils.get_elevated_context(context), id=policy_id)
self.validate_policy_for_port(context, policy, port) self.validate_policy_for_port(context, policy, port)
def _check_port_for_placement_allocation_change(self, resource, event, def _check_port_for_placement_allocation_change(self, resource, event,
@ -269,9 +270,10 @@ class QoSPlugin(qos.QoSPluginBase):
if (nl_constants.DEVICE_OWNER_COMPUTE_PREFIX in if (nl_constants.DEVICE_OWNER_COMPUTE_PREFIX in
orig_port['device_owner']): orig_port['device_owner']):
original_policy = policy_object.QosPolicy.get_object( original_policy = policy_object.QosPolicy.get_object(
context.elevated(), id=original_policy_id) common_utils.get_elevated_context(context),
id=original_policy_id)
policy = policy_object.QosPolicy.get_object( policy = policy_object.QosPolicy.get_object(
context.elevated(), id=policy_id) common_utils.get_elevated_context(context), id=policy_id)
self._change_placement_allocation(original_policy, policy, self._change_placement_allocation(original_policy, policy,
orig_port) orig_port)
@ -343,7 +345,7 @@ class QoSPlugin(qos.QoSPluginBase):
updated_port = ports_object.Port.get_object( updated_port = ports_object.Port.get_object(
context, id=payload.desired_state['id']) context, id=payload.desired_state['id'])
policy = policy_object.QosPolicy.get_object( policy = policy_object.QosPolicy.get_object(
context.elevated(), id=policy_id) common_utils.get_elevated_context(context), id=policy_id)
self.validate_policy_for_port(context, policy, updated_port) self.validate_policy_for_port(context, policy, updated_port)
@ -358,7 +360,7 @@ class QoSPlugin(qos.QoSPluginBase):
return return
policy = policy_object.QosPolicy.get_object( policy = policy_object.QosPolicy.get_object(
context.elevated(), id=policy_id) common_utils.get_elevated_context(context), id=policy_id)
self.validate_policy_for_network(context, policy, network_id) self.validate_policy_for_network(context, policy, network_id)
def _validate_update_network_callback(self, resource, event, trigger, def _validate_update_network_callback(self, resource, event, trigger,
@ -374,7 +376,7 @@ class QoSPlugin(qos.QoSPluginBase):
return return
policy = policy_object.QosPolicy.get_object( policy = policy_object.QosPolicy.get_object(
context.elevated(), id=policy_id) common_utils.get_elevated_context(context), id=policy_id)
self.validate_policy_for_network( self.validate_policy_for_network(
context, policy, network_id=updated_network['id']) context, policy, network_id=updated_network['id'])

3
neutron/services/segments/db.py
View File

@ -29,6 +29,7 @@ from oslo_db import exception as db_exc
from oslo_log import helpers as log_helpers from oslo_log import helpers as log_helpers
from oslo_utils import uuidutils from oslo_utils import uuidutils
from neutron.common import utils as common_utils
from neutron.db import segments_db as db from neutron.db import segments_db as db
from neutron.extensions import segment as extension from neutron.extensions import segment as extension
from neutron import manager from neutron import manager
@ -333,7 +334,7 @@ def _add_segment_host_mapping_for_segment(resource, event, trigger,
def _delete_segments_for_network(resource, event, trigger, def _delete_segments_for_network(resource, event, trigger,
context, network_id): context, network_id):
admin_ctx = context.elevated() admin_ctx = common_utils.get_elevated_context(context)
global segments_plugin global segments_plugin
if not segments_plugin: if not segments_plugin:
segments_plugin = manager.NeutronManager.load_class_for_provider( segments_plugin = manager.NeutronManager.load_class_for_provider(

3
neutron/services/trunk/rpc/server.py
View File

@ -28,6 +28,7 @@ from neutron.api.rpc.callbacks import events
from neutron.api.rpc.callbacks.producer import registry from neutron.api.rpc.callbacks.producer import registry
from neutron.api.rpc.callbacks import resources from neutron.api.rpc.callbacks import resources
from neutron.api.rpc.handlers import resources_rpc from neutron.api.rpc.handlers import resources_rpc
from neutron.common import utils as common_utils
from neutron.objects import trunk as trunk_objects from neutron.objects import trunk as trunk_objects
from neutron.services.trunk import exceptions as trunk_exc from neutron.services.trunk import exceptions as trunk_exc
from neutron.services.trunk.rpc import constants from neutron.services.trunk.rpc import constants
@ -82,7 +83,7 @@ class TrunkSkeleton(object):
@log_helpers.log_method_call @log_helpers.log_method_call
def update_subport_bindings(self, context, subports): def update_subport_bindings(self, context, subports):
"""Update subport bindings to match trunk host binding.""" """Update subport bindings to match trunk host binding."""
el = context.elevated() el = common_utils.get_elevated_context(context)
ports_by_trunk_id = collections.defaultdict(list) ports_by_trunk_id = collections.defaultdict(list)
updated_ports = collections.defaultdict(list) updated_ports = collections.defaultdict(list)

4
neutron/services/trunk/rules.py
View File

@ -25,6 +25,7 @@ from neutron_lib.plugins.ml2 import api
from neutron_lib.services.trunk import constants from neutron_lib.services.trunk import constants
from neutron._i18n import _ from neutron._i18n import _
from neutron.common import utils as common_utils
from neutron.objects import trunk as trunk_objects from neutron.objects import trunk as trunk_objects
from neutron.services.trunk import exceptions as trunk_exc from neutron.services.trunk import exceptions as trunk_exc
from neutron.services.trunk import utils from neutron.services.trunk import utils
@ -212,7 +213,8 @@ class SubPortsValidator(object):
for p in ports: for p in ports:
network_port_map[p['network_id']].append({'port_id': p['id']}) network_port_map[p['network_id']].append({'port_id': p['id']})
networks = core_plugin.get_networks( networks = core_plugin.get_networks(
context.elevated(), filters={'id': network_port_map}) common_utils.get_elevated_context(context),
filters={'id': network_port_map})
subport_mtus = {} subport_mtus = {}
for net in networks: for net in networks:

5
neutron/services/trunk/utils.py
View File

@ -15,6 +15,8 @@
from neutron_lib.api import extensions from neutron_lib.api import extensions
from neutron_lib.plugins import directory from neutron_lib.plugins import directory
from neutron.common import utils as common_utils
def get_agent_types_by_host(context, host): def get_agent_types_by_host(context, host):
"""Return the agent types registered on the host.""" """Return the agent types registered on the host."""
@ -22,7 +24,8 @@ def get_agent_types_by_host(context, host):
core_plugin = directory.get_plugin() core_plugin = directory.get_plugin()
if extensions.is_extension_supported(core_plugin, 'agent'): if extensions.is_extension_supported(core_plugin, 'agent'):
agents = core_plugin.get_agents( agents = core_plugin.get_agents(
context.elevated(), filters={'host': [host]}) common_utils.get_elevated_context(context),
filters={'host': [host]})
agent_types = [a['agent_type'] for a in agents] agent_types = [a['agent_type'] for a in agents]
return agent_types return agent_types

2
neutron/tests/unit/api/v2/test_resource.py
View File

@ -102,7 +102,7 @@ class RequestTestCase(base.BaseTestCase):
user_context = context.Context( user_context = context.Context(
'fake_user', 'fake_project', is_admin=False) 'fake_user', 'fake_project', is_admin=False)
self.assertFalse(user_context.is_admin) self.assertFalse(user_context.is_admin)
admin_context = user_context.elevated() admin_context = utils.get_elevated_context(user_context)
self.assertFalse(user_context.is_admin) self.assertFalse(user_context.is_admin)
self.assertTrue(admin_context.is_admin) self.assertTrue(admin_context.is_admin)
self.assertNotIn('admin', user_context.roles) self.assertNotIn('admin', user_context.roles)

7
neutron/tests/unit/db/test_l3_dvr_db.py
View File

@ -30,6 +30,7 @@ from neutron_lib.plugins import directory
from neutron_lib.plugins import utils as plugin_utils from neutron_lib.plugins import utils as plugin_utils
from oslo_utils import uuidutils from oslo_utils import uuidutils
from neutron.common import utils as common_utils
from neutron.db import agents_db from neutron.db import agents_db
from neutron.db import l3_dvr_db from neutron.db import l3_dvr_db
from neutron.db import l3_dvrscheduler_db from neutron.db import l3_dvrscheduler_db
@ -327,9 +328,9 @@ class L3DvrTestCase(test_db_base_plugin_v2.NeutronDbPluginV2TestCase):
check_for_fip_and_create_agent_gw_port_on_host_if_not_exists( check_for_fip_and_create_agent_gw_port_on_host_if_not_exists(
ctxt, port, 'host')) ctxt, port, 'host'))
if fip: if fip:
c_fip.assert_called_once_with(ctxt.elevated(), c_fip.assert_called_once_with(
fip['floating_network_id'], common_utils.get_elevated_context(ctxt),
'host') fip['floating_network_id'], 'host')
else: else:
c_fip.assert_not_called() c_fip.assert_not_called()

5
neutron/tests/unit/extensions/test_floatingip_pools.py
View File

@ -25,6 +25,7 @@ from neutron_lib.plugins import directory
from oslo_config import cfg from oslo_config import cfg
from oslo_utils import uuidutils from oslo_utils import uuidutils
from neutron.common import utils as common_utils
from neutron.db import l3_fip_pools_db from neutron.db import l3_fip_pools_db
from neutron.extensions import l3 from neutron.extensions import l3
from neutron.objects import network as net_obj from neutron.objects import network as net_obj
@ -128,7 +129,7 @@ class FloatingIPPoolsDBIntTestCase(test_l3.L3BaseForIntTests,
self.setup_notification_driver() self.setup_notification_driver()
self.ctxt = context.Context('fake_user', 'fake_tenant') self.ctxt = context.Context('fake_user', 'fake_tenant')
self.admin_ctxt = self.ctxt.elevated() self.admin_ctxt = common_utils.get_elevated_context(self.ctxt)
class FloatingIPPoolsDBSepTestCase(test_l3.L3BaseForSepTests, class FloatingIPPoolsDBSepTestCase(test_l3.L3BaseForSepTests,
@ -154,4 +155,4 @@ class FloatingIPPoolsDBSepTestCase(test_l3.L3BaseForSepTests,
self.setup_notification_driver() self.setup_notification_driver()
self.plugin = directory.get_plugin(plugin_constants.L3) self.plugin = directory.get_plugin(plugin_constants.L3)
self.ctxt = context.Context('fake_user', 'fake_tenant') self.ctxt = context.Context('fake_user', 'fake_tenant')
self.admin_ctxt = self.ctxt.elevated() self.admin_ctxt = common_utils.get_elevated_context(self.ctxt)

3
neutron/tests/unit/objects/qos/test_policy.py
View File

@ -18,6 +18,7 @@ from neutron_lib.services.qos import constants as qos_consts
from oslo_utils import uuidutils from oslo_utils import uuidutils
from oslo_versionedobjects import exception from oslo_versionedobjects import exception
from neutron.common import utils as common_utils
from neutron.objects.db import api as db_api from neutron.objects.db import api as db_api
from neutron.objects import network as net_obj from neutron.objects import network as net_obj
from neutron.objects import ports as port_obj from neutron.objects import ports as port_obj
@ -145,7 +146,7 @@ class QosPolicyObjectTestCase(test_base.BaseObjectIfaceTestCase):
test_to_dict_makes_primitive_field_value()) test_to_dict_makes_primitive_field_value())
def test_get_policy_obj_not_found(self): def test_get_policy_obj_not_found(self):
context = self.context.elevated() context = common_utils.get_elevated_context(self.context)
self.assertRaises(qos_exc.QosPolicyNotFound, self.assertRaises(qos_exc.QosPolicyNotFound,
policy.QosPolicy.get_policy_obj, policy.QosPolicy.get_policy_obj,
context, "fake_id") context, "fake_id")