Bump network rev on RBAC change

Increment the revision number when RBAC policies are
changed since it impacts the calculation of the 'shared'
field.

Closes-Bug: #1708079
Change-Id: I4c7eeff8745eff3761d54ef6d3665cf3dc6e6222
This commit is contained in:
Kevin Benton 2017-08-01 18:21:11 -07:00 committed by Armando Migliaccio
parent 90feab379a
commit 32814bb39e
3 changed files with 19 additions and 1 deletions

View File

@ -262,7 +262,9 @@ class Network(standard_attr.HasStandardAttributes, model_base.BASEV2,
admin_state_up = sa.Column(sa.Boolean)
vlan_transparent = sa.Column(sa.Boolean, nullable=True)
rbac_entries = orm.relationship(rbac_db_models.NetworkRBAC,
backref='network', lazy='subquery',
backref=orm.backref('network',
load_on_pending=True),
lazy='subquery',
cascade='all, delete, delete-orphan')
availability_zone_hints = sa.Column(sa.String(255))
dhcp_agents = orm.relationship(

View File

@ -94,6 +94,7 @@ class NetworkRBAC(RBACColumns, model_base.BASEV2):
object_id = _object_id_column('networks.id')
object_type = 'network'
revises_on_change = ('network', )
def get_valid_actions(self):
actions = (ACCESS_SHARED,)

View File

@ -423,6 +423,21 @@ class RBACSharedNetworksTest(base.BaseAdminNetworkTest):
target_tenant=self.client2.tenant_id)
self.client.delete_port(port['id'])
@test.requires_ext(extension="standard-attr-revisions", service="network")
@decorators.idempotent_id('86c3529b-1231-40de-1234-89664291a4cb')
def test_rbac_bumps_network_revision(self):
resp = self._make_admin_net_and_subnet_shared_to_tenant_id(
self.client.tenant_id)
net_id = resp['network']['id']
rev = self.client.show_network(net_id)['network']['revision_number']
self.admin_client.create_rbac_policy(
object_type='network', object_id=net_id,
action='access_as_shared', target_tenant='*')
self.assertGreater(
self.client.show_network(net_id)['network']['revision_number'],
rev
)
@decorators.idempotent_id('86c3529b-1231-40de-803c-aeeeeeee7fff')
def test_filtering_works_with_rbac_records_present(self):
resp = self._make_admin_net_and_subnet_shared_to_tenant_id(