Elevate context for router lookups during floating IP association.

During a floating IP association, the tenant making the request may not always be the owner of the router. To make the association, Neutron needs to query the router details internally but needs to use an elevated context to do so. Otherwise, the user sees a cryptic error stating that the router doesn't exist. Change-Id: If2bd6baa785ff879c61ce12e70b62e0ba25635f5 Closes-Bug: #1537754
2016-01-26 11:46:07 -08:00 · 2016-01-26 11:46:07 -08:00 · 0e5c3fa44d
parent 2c52dc40f0
commit 0e5c3fa44d
2 changed files with 27 additions and 1 deletions
--- a/neutron/db/l3_db.py
+++ b/neutron/db/l3_db.py
@ -993,7 +993,9 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase):
                              'last_known_router_id': previous_router_id})
        next_hop = None
        if router_id:
-            router = self._get_router(context, router_id)
+            # NOTE(tidwellr) use admin context here
+            # tenant may not own the router and that's OK on a FIP association
+            router = self._get_router(context.elevated(), router_id)
            gw_port = router.gw_port
            for fixed_ip in gw_port.fixed_ips:
                addr = netaddr.IPAddress(fixed_ip.ip_address)
--- a/neutron/tests/unit/extensions/test_l3.py
+++ b/neutron/tests/unit/extensions/test_l3.py
@ -2089,6 +2089,30 @@ class L3NatTestCaseBase(L3NatTestCaseMixin):
                                          router_id=None,
                                          next_hop=None)

+    def test_floatingip_association_on_unowned_router(self):
+        # create a router owned by one tenant and associate the FIP with a
+        # different tenant, assert that the FIP association succeeds
+        with self.subnet(cidr='11.0.0.0/24') as public_sub:
+            self._set_net_external(public_sub['subnet']['network_id'])
+            with self.port() as private_port:
+                with self.router(tenant_id='router-owner',
+                                 set_context=True) as r:
+                    sid = private_port['port']['fixed_ips'][0]['subnet_id']
+                    private_sub = {'subnet': {'id': sid}}
+
+                    self._add_external_gateway_to_router(
+                        r['router']['id'],
+                        public_sub['subnet']['network_id'])
+                    self._router_interface_action(
+                        'add', r['router']['id'],
+                        private_sub['subnet']['id'], None)
+
+                    self._make_floatingip(self.fmt,
+                                          public_sub['subnet']['network_id'],
+                                          port_id=private_port['port']['id'],
+                                          fixed_ip=None,
+                                          set_context=True)
+
    def test_floatingip_update_different_router(self):
        # Create subnet with different CIDRs to account for plugins which
        # do not support overlapping IPs