Merge "Don't send enable_port_security when disallowed by policy"
This commit is contained in:
Zuul
@@ -216,7 +216,7 @@ class NetworkPortTests(test.BaseAdminViewTests):
|
|||||||
self.assertRedirectsNoFollow(res, redir_url)
|
self.assertRedirectsNoFollow(res, redir_url)
|
||||||
|
|
||||||
self.assert_mock_multiple_calls_with_same_arguments(
|
self.assert_mock_multiple_calls_with_same_arguments(
|
||||||
self.mock_network_get, 2,
|
self.mock_network_get, 3,
|
||||||
mock.call(test.IsHttpRequest(), network.id))
|
mock.call(test.IsHttpRequest(), network.id))
|
||||||
self.mock_security_group_list.assert_called_once_with(
|
self.mock_security_group_list.assert_called_once_with(
|
||||||
test.IsHttpRequest(), tenant_id='1')
|
test.IsHttpRequest(), tenant_id='1')
|
||||||
@@ -284,7 +284,7 @@ class NetworkPortTests(test.BaseAdminViewTests):
|
|||||||
self.assertRedirectsNoFollow(res, redir_url)
|
self.assertRedirectsNoFollow(res, redir_url)
|
||||||
|
|
||||||
self.assert_mock_multiple_calls_with_same_arguments(
|
self.assert_mock_multiple_calls_with_same_arguments(
|
||||||
self.mock_network_get, 2,
|
self.mock_network_get, 3,
|
||||||
mock.call(test.IsHttpRequest(), network.id))
|
mock.call(test.IsHttpRequest(), network.id))
|
||||||
self._check_is_extension_supported(
|
self._check_is_extension_supported(
|
||||||
{'mac-learning': 1,
|
{'mac-learning': 1,
|
||||||
@@ -363,7 +363,7 @@ class NetworkPortTests(test.BaseAdminViewTests):
|
|||||||
self.assertRedirectsNoFollow(res, redir_url)
|
self.assertRedirectsNoFollow(res, redir_url)
|
||||||
|
|
||||||
self.assert_mock_multiple_calls_with_same_arguments(
|
self.assert_mock_multiple_calls_with_same_arguments(
|
||||||
self.mock_network_get, 2,
|
self.mock_network_get, 3,
|
||||||
mock.call(test.IsHttpRequest(), network.id))
|
mock.call(test.IsHttpRequest(), network.id))
|
||||||
self._check_is_extension_supported(
|
self._check_is_extension_supported(
|
||||||
{'mac-learning': 1,
|
{'mac-learning': 1,
|
||||||
|
|||||||
@@ -624,7 +624,7 @@ class NetworkPortTests(test.TestCase):
|
|||||||
self.assertRedirectsNoFollow(res, redir_url)
|
self.assertRedirectsNoFollow(res, redir_url)
|
||||||
|
|
||||||
self.assert_mock_multiple_calls_with_same_arguments(
|
self.assert_mock_multiple_calls_with_same_arguments(
|
||||||
self.mock_network_get, 2,
|
self.mock_network_get, 3,
|
||||||
mock.call(test.IsHttpRequest(), network.id))
|
mock.call(test.IsHttpRequest(), network.id))
|
||||||
self._check_is_extension_supported({'binding': 1,
|
self._check_is_extension_supported({'binding': 1,
|
||||||
'mac-learning': 1,
|
'mac-learning': 1,
|
||||||
@@ -769,7 +769,7 @@ class NetworkPortTests(test.TestCase):
|
|||||||
self.assertRedirectsNoFollow(res, redir_url)
|
self.assertRedirectsNoFollow(res, redir_url)
|
||||||
|
|
||||||
self.assert_mock_multiple_calls_with_same_arguments(
|
self.assert_mock_multiple_calls_with_same_arguments(
|
||||||
self.mock_network_get, 2,
|
self.mock_network_get, 3,
|
||||||
mock.call(test.IsHttpRequest(), network.id))
|
mock.call(test.IsHttpRequest(), network.id))
|
||||||
self._check_is_extension_supported({'binding': 1,
|
self._check_is_extension_supported({'binding': 1,
|
||||||
'mac-learning': 1,
|
'mac-learning': 1,
|
||||||
|
|||||||
@@ -24,6 +24,7 @@ from horizon import workflows
|
|||||||
|
|
||||||
from openstack_dashboard import api
|
from openstack_dashboard import api
|
||||||
from openstack_dashboard.dashboards.project.networks.ports import sg_base
|
from openstack_dashboard.dashboards.project.networks.ports import sg_base
|
||||||
|
from openstack_dashboard import policy
|
||||||
from openstack_dashboard.utils import filters
|
from openstack_dashboard.utils import filters
|
||||||
from openstack_dashboard.utils import settings as setting_utils
|
from openstack_dashboard.utils import settings as setting_utils
|
||||||
|
|
||||||
@@ -248,6 +249,25 @@ class CreatePort(workflows.Workflow):
|
|||||||
def handle(self, request, context):
|
def handle(self, request, context):
|
||||||
try:
|
try:
|
||||||
params = self._construct_parameters(context)
|
params = self._construct_parameters(context)
|
||||||
|
network_id = context['network_id']
|
||||||
|
try:
|
||||||
|
network = api.neutron.network_get(self.request, network_id)
|
||||||
|
except Exception:
|
||||||
|
network = None
|
||||||
|
if (
|
||||||
|
not policy.check(
|
||||||
|
(("network", "create_port:port_security_enabled"),),
|
||||||
|
request,
|
||||||
|
{
|
||||||
|
'network_id': context['network_id'],
|
||||||
|
'tenant_id': context['target_tenant_id'],
|
||||||
|
'network:tenant_id': getattr(
|
||||||
|
network, 'tenant_id', None
|
||||||
|
),
|
||||||
|
}
|
||||||
|
) and params.get('port_security_enabled', True)
|
||||||
|
):
|
||||||
|
params.pop('port_security_enabled')
|
||||||
port = api.neutron.port_create(request, **params)
|
port = api.neutron.port_create(request, **params)
|
||||||
self.context['port_id'] = port.id
|
self.context['port_id'] = port.id
|
||||||
return True
|
return True
|
||||||
|
|||||||
@@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Don't send enable_port_security when disallowed by policy. When a user
|
||||||
|
creates a network port, if they don't have the rights to change port
|
||||||
|
security, they will be unable to submit the form. The solution is to not
|
||||||
|
send any value for port security when the user doesn't have the rights
|
||||||
|
to change it.
|
||||||
Reference in New Issue
Block a user