From 32814bb39e4f7738d460035d30cc8b3c0d9667e4 Mon Sep 17 00:00:00 2001
From: Kevin Benton <kevin@benton.pub>
Date: Tue, 1 Aug 2017 18:21:11 -0700
Subject: [PATCH] Bump network rev on RBAC change

Increment the revision number when RBAC policies are
changed since it impacts the calculation of the 'shared'
field.

Closes-Bug: #1708079
Change-Id: I4c7eeff8745eff3761d54ef6d3665cf3dc6e6222
---
 neutron/db/models_v2.py                           |  4 +++-
 neutron/db/rbac_db_models.py                      |  1 +
 .../api/admin/test_shared_network_extension.py    | 15 +++++++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/neutron/db/models_v2.py b/neutron/db/models_v2.py
index 4a09f1ab6a0..4906d015ef1 100644
--- a/neutron/db/models_v2.py
+++ b/neutron/db/models_v2.py
@@ -262,7 +262,9 @@ class Network(standard_attr.HasStandardAttributes, model_base.BASEV2,
     admin_state_up = sa.Column(sa.Boolean)
     vlan_transparent = sa.Column(sa.Boolean, nullable=True)
     rbac_entries = orm.relationship(rbac_db_models.NetworkRBAC,
-                                    backref='network', lazy='subquery',
+                                    backref=orm.backref('network',
+                                                        load_on_pending=True),
+                                    lazy='subquery',
                                     cascade='all, delete, delete-orphan')
     availability_zone_hints = sa.Column(sa.String(255))
     dhcp_agents = orm.relationship(
diff --git a/neutron/db/rbac_db_models.py b/neutron/db/rbac_db_models.py
index 7b0f73e4cc1..913e41d0c02 100644
--- a/neutron/db/rbac_db_models.py
+++ b/neutron/db/rbac_db_models.py
@@ -94,6 +94,7 @@ class NetworkRBAC(RBACColumns, model_base.BASEV2):
 
     object_id = _object_id_column('networks.id')
     object_type = 'network'
+    revises_on_change = ('network', )
 
     def get_valid_actions(self):
         actions = (ACCESS_SHARED,)
diff --git a/neutron/tests/tempest/api/admin/test_shared_network_extension.py b/neutron/tests/tempest/api/admin/test_shared_network_extension.py
index ab5900fcf0a..fc2e55cae28 100644
--- a/neutron/tests/tempest/api/admin/test_shared_network_extension.py
+++ b/neutron/tests/tempest/api/admin/test_shared_network_extension.py
@@ -423,6 +423,21 @@ class RBACSharedNetworksTest(base.BaseAdminNetworkTest):
                                        target_tenant=self.client2.tenant_id)
         self.client.delete_port(port['id'])
 
+    @test.requires_ext(extension="standard-attr-revisions", service="network")
+    @decorators.idempotent_id('86c3529b-1231-40de-1234-89664291a4cb')
+    def test_rbac_bumps_network_revision(self):
+        resp = self._make_admin_net_and_subnet_shared_to_tenant_id(
+            self.client.tenant_id)
+        net_id = resp['network']['id']
+        rev = self.client.show_network(net_id)['network']['revision_number']
+        self.admin_client.create_rbac_policy(
+            object_type='network', object_id=net_id,
+            action='access_as_shared', target_tenant='*')
+        self.assertGreater(
+            self.client.show_network(net_id)['network']['revision_number'],
+            rev
+        )
+
     @decorators.idempotent_id('86c3529b-1231-40de-803c-aeeeeeee7fff')
     def test_filtering_works_with_rbac_records_present(self):
         resp = self._make_admin_net_and_subnet_shared_to_tenant_id(