From 9f60611c90b397e2964add8cc5f798ceba4a0487 Mon Sep 17 00:00:00 2001 From: Eugene Nikanorov Date: Wed, 4 Sep 2013 22:00:40 +0400 Subject: [PATCH] LBaaS: Fix healthmonitor disassociation for non-admin Due to specifics of policy engine, checked object should have tenant_id to be checked by rule admin_or_owner. In 'disassociate' operation neutron API layer works with PoolHealthMonitorAssociation which doesn't have tenant_id field. Need to add it to resulting dict returned by get_pool_health_monitor. Change-Id: I6c58558b09ff34dedd7da30866275de44d3ba993 Closes-bug: 1220668 --- neutron/db/loadbalancer/loadbalancer_db.py | 17 ++++++++++++++--- .../db/loadbalancer/test_db_loadbalancer.py | 6 ++++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/neutron/db/loadbalancer/loadbalancer_db.py b/neutron/db/loadbalancer/loadbalancer_db.py index c6e35f526..02d2a7b15 100644 --- a/neutron/db/loadbalancer/loadbalancer_db.py +++ b/neutron/db/loadbalancer/loadbalancer_db.py @@ -608,11 +608,11 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase, def delete_pool_health_monitor(self, context, id, pool_id): with context.session.begin(subtransactions=True): - assoc = self.get_pool_health_monitor(context, id, pool_id) + assoc = self._get_pool_health_monitor(context, id, pool_id) pool = self._get_resource(context, Pool, pool_id) pool.monitors.remove(assoc) - def get_pool_health_monitor(self, context, id, pool_id, fields=None): + def _get_pool_health_monitor(self, context, id, pool_id): try: assoc_qry = context.session.query(PoolMonitorAssociation) return assoc_qry.filter_by(monitor_id=id, pool_id=pool_id).one() @@ -620,10 +620,21 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase, raise loadbalancer.PoolMonitorAssociationNotFound( monitor_id=id, pool_id=pool_id) + def get_pool_health_monitor(self, context, id, pool_id, fields=None): + pool_hm = self._get_pool_health_monitor(context, id, pool_id) + # need to add tenant_id for admin_or_owner policy check to pass + hm = self.get_health_monitor(context, id) + res = {'pool_id': pool_id, + 'monitor_id': id, + 'status': pool_hm['status'], + 'status_description': pool_hm['status_description'], + 'tenant_id': hm['tenant_id']} + return self._fields(res, fields) + def update_pool_health_monitor(self, context, id, pool_id, status, status_description=None): with context.session.begin(subtransactions=True): - assoc = self.get_pool_health_monitor(context, id, pool_id) + assoc = self._get_pool_health_monitor(context, id, pool_id) self.assert_modification_allowed(assoc) assoc.status = status assoc.status_description = status_description diff --git a/neutron/tests/unit/db/loadbalancer/test_db_loadbalancer.py b/neutron/tests/unit/db/loadbalancer/test_db_loadbalancer.py index 0cbadf5ff..d646afd0f 100644 --- a/neutron/tests/unit/db/loadbalancer/test_db_loadbalancer.py +++ b/neutron/tests/unit/db/loadbalancer/test_db_loadbalancer.py @@ -1285,6 +1285,12 @@ class TestLoadBalancer(LoadBalancerPluginDbTestCase): health_mon2['health_monitor']['id']]}, res) + res = self.plugin.get_pool_health_monitor( + context.get_admin_context(), + health_mon2['health_monitor']['id'], pool['pool']['id']) + self.assertEqual(res['tenant_id'], + health_mon1['health_monitor']['tenant_id']) + def test_driver_call_create_pool_health_monitor(self): with mock.patch.object(self.plugin.drivers['lbaas'], 'create_pool_health_monitor') as driver_call: