Elevate context for router lookups during floating IP association.
During a floating IP association, the tenant making the request may not always be the owner of the router. To make the association, Neutron needs to query the router details internally but needs to use an elevated context to do so. Otherwise, the user sees a cryptic error stating that the router doesn't exist. Change-Id: If2bd6baa785ff879c61ce12e70b62e0ba25635f5 Closes-Bug: #1537754
This commit is contained in:
parent
2c52dc40f0
commit
0e5c3fa44d
|
@ -993,7 +993,9 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase):
|
|||
'last_known_router_id': previous_router_id})
|
||||
next_hop = None
|
||||
if router_id:
|
||||
router = self._get_router(context, router_id)
|
||||
# NOTE(tidwellr) use admin context here
|
||||
# tenant may not own the router and that's OK on a FIP association
|
||||
router = self._get_router(context.elevated(), router_id)
|
||||
gw_port = router.gw_port
|
||||
for fixed_ip in gw_port.fixed_ips:
|
||||
addr = netaddr.IPAddress(fixed_ip.ip_address)
|
||||
|
|
|
@ -2089,6 +2089,30 @@ class L3NatTestCaseBase(L3NatTestCaseMixin):
|
|||
router_id=None,
|
||||
next_hop=None)
|
||||
|
||||
def test_floatingip_association_on_unowned_router(self):
|
||||
# create a router owned by one tenant and associate the FIP with a
|
||||
# different tenant, assert that the FIP association succeeds
|
||||
with self.subnet(cidr='11.0.0.0/24') as public_sub:
|
||||
self._set_net_external(public_sub['subnet']['network_id'])
|
||||
with self.port() as private_port:
|
||||
with self.router(tenant_id='router-owner',
|
||||
set_context=True) as r:
|
||||
sid = private_port['port']['fixed_ips'][0]['subnet_id']
|
||||
private_sub = {'subnet': {'id': sid}}
|
||||
|
||||
self._add_external_gateway_to_router(
|
||||
r['router']['id'],
|
||||
public_sub['subnet']['network_id'])
|
||||
self._router_interface_action(
|
||||
'add', r['router']['id'],
|
||||
private_sub['subnet']['id'], None)
|
||||
|
||||
self._make_floatingip(self.fmt,
|
||||
public_sub['subnet']['network_id'],
|
||||
port_id=private_port['port']['id'],
|
||||
fixed_ip=None,
|
||||
set_context=True)
|
||||
|
||||
def test_floatingip_update_different_router(self):
|
||||
# Create subnet with different CIDRs to account for plugins which
|
||||
# do not support overlapping IPs
|
||||
|
|
Loading…
Reference in New Issue