LBaaS: Fix healthmonitor disassociation for non-admin
Due to specifics of policy engine, checked object should have tenant_id to be checked by rule admin_or_owner. In 'disassociate' operation neutron API layer works with PoolHealthMonitorAssociation which doesn't have tenant_id field. Need to add it to resulting dict returned by get_pool_health_monitor. Change-Id: I6c58558b09ff34dedd7da30866275de44d3ba993 Closes-bug: 1220668
This commit is contained in:
parent
57ce39fa66
commit
9f60611c90
@ -608,11 +608,11 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase,
|
|||||||
|
|
||||||
def delete_pool_health_monitor(self, context, id, pool_id):
|
def delete_pool_health_monitor(self, context, id, pool_id):
|
||||||
with context.session.begin(subtransactions=True):
|
with context.session.begin(subtransactions=True):
|
||||||
assoc = self.get_pool_health_monitor(context, id, pool_id)
|
assoc = self._get_pool_health_monitor(context, id, pool_id)
|
||||||
pool = self._get_resource(context, Pool, pool_id)
|
pool = self._get_resource(context, Pool, pool_id)
|
||||||
pool.monitors.remove(assoc)
|
pool.monitors.remove(assoc)
|
||||||
|
|
||||||
def get_pool_health_monitor(self, context, id, pool_id, fields=None):
|
def _get_pool_health_monitor(self, context, id, pool_id):
|
||||||
try:
|
try:
|
||||||
assoc_qry = context.session.query(PoolMonitorAssociation)
|
assoc_qry = context.session.query(PoolMonitorAssociation)
|
||||||
return assoc_qry.filter_by(monitor_id=id, pool_id=pool_id).one()
|
return assoc_qry.filter_by(monitor_id=id, pool_id=pool_id).one()
|
||||||
@ -620,10 +620,21 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase,
|
|||||||
raise loadbalancer.PoolMonitorAssociationNotFound(
|
raise loadbalancer.PoolMonitorAssociationNotFound(
|
||||||
monitor_id=id, pool_id=pool_id)
|
monitor_id=id, pool_id=pool_id)
|
||||||
|
|
||||||
|
def get_pool_health_monitor(self, context, id, pool_id, fields=None):
|
||||||
|
pool_hm = self._get_pool_health_monitor(context, id, pool_id)
|
||||||
|
# need to add tenant_id for admin_or_owner policy check to pass
|
||||||
|
hm = self.get_health_monitor(context, id)
|
||||||
|
res = {'pool_id': pool_id,
|
||||||
|
'monitor_id': id,
|
||||||
|
'status': pool_hm['status'],
|
||||||
|
'status_description': pool_hm['status_description'],
|
||||||
|
'tenant_id': hm['tenant_id']}
|
||||||
|
return self._fields(res, fields)
|
||||||
|
|
||||||
def update_pool_health_monitor(self, context, id, pool_id,
|
def update_pool_health_monitor(self, context, id, pool_id,
|
||||||
status, status_description=None):
|
status, status_description=None):
|
||||||
with context.session.begin(subtransactions=True):
|
with context.session.begin(subtransactions=True):
|
||||||
assoc = self.get_pool_health_monitor(context, id, pool_id)
|
assoc = self._get_pool_health_monitor(context, id, pool_id)
|
||||||
self.assert_modification_allowed(assoc)
|
self.assert_modification_allowed(assoc)
|
||||||
assoc.status = status
|
assoc.status = status
|
||||||
assoc.status_description = status_description
|
assoc.status_description = status_description
|
||||||
|
@ -1285,6 +1285,12 @@ class TestLoadBalancer(LoadBalancerPluginDbTestCase):
|
|||||||
health_mon2['health_monitor']['id']]},
|
health_mon2['health_monitor']['id']]},
|
||||||
res)
|
res)
|
||||||
|
|
||||||
|
res = self.plugin.get_pool_health_monitor(
|
||||||
|
context.get_admin_context(),
|
||||||
|
health_mon2['health_monitor']['id'], pool['pool']['id'])
|
||||||
|
self.assertEqual(res['tenant_id'],
|
||||||
|
health_mon1['health_monitor']['tenant_id'])
|
||||||
|
|
||||||
def test_driver_call_create_pool_health_monitor(self):
|
def test_driver_call_create_pool_health_monitor(self):
|
||||||
with mock.patch.object(self.plugin.drivers['lbaas'],
|
with mock.patch.object(self.plugin.drivers['lbaas'],
|
||||||
'create_pool_health_monitor') as driver_call:
|
'create_pool_health_monitor') as driver_call:
|
||||||
|
Loading…
Reference in New Issue
Block a user