From acd081c298052e678eb2ff74434d1529544088d8 Mon Sep 17 00:00:00 2001 From: Slawek Kaplonski Date: Mon, 20 May 2019 18:47:18 +0200 Subject: [PATCH] Show all SG rules belong to SG in group's details If security group contains rule(s) which were created by different user (admin), owner of this security group should see such rules even if those rules don't belong to him. This patch changes to use admin_context to get security group rules in get_security_group() method to achieve that. Test to cover such case is added in neutron-tempest-plugin repo. Change-Id: I890c81bb6eabc5caa620ed4fcc4dc88ebfa6e1b0 Closes-Bug: #1824248 (cherry picked from commit 1920a37a94b7a9589dcf83f6ff0765068560dbf8) --- neutron/db/securitygroups_db.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py index 8d51ebd6a79..753147f0405 100644 --- a/neutron/db/securitygroups_db.py +++ b/neutron/db/securitygroups_db.py @@ -20,6 +20,7 @@ from neutron_lib.callbacks import exceptions from neutron_lib.callbacks import registry from neutron_lib.callbacks import resources from neutron_lib import constants +from neutron_lib import context as context_lib from neutron_lib.db import api as db_api from neutron_lib.db import model_query from neutron_lib.db import resource_extend @@ -190,7 +191,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase, if (fields is None or len(fields) == 0 or 'security_group_rules' in fields): rules = self.get_security_group_rules( - context, {'security_group_id': [id]}) + context_lib.get_admin_context(), + {'security_group_id': [id]}) ret['security_group_rules'] = rules finally: