Allow fip associate to different tenant port if admin
Admin users should be able to associate a fip to a port owned by a different project. This would allow services like Octavia (with the WIP FLIP driver) to utilize a tenant's FIP without taking ownership of it. They can pass the FIP ID to the API and the service can bind it, but the tenant still owns their FIP and doesn't "lose" the FIP in the process. Change-Id: I873ac98e2d275fb435983ca3d652960ca5b715ca
This commit is contained in:
parent
879665d304
commit
d0e56d79af
|
@ -1097,7 +1097,7 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
|
|||
the floating IP should be associated to.
|
||||
"""
|
||||
internal_port = self._core_plugin.get_port(context, fip['port_id'])
|
||||
if not internal_port['tenant_id'] == tenant_id:
|
||||
if internal_port['tenant_id'] != tenant_id and not context.is_admin:
|
||||
port_id = fip['port_id']
|
||||
msg = (_('Cannot process floating IP association with '
|
||||
'Port %s, since that port is owned by a '
|
||||
|
|
|
@ -2562,6 +2562,16 @@ class L3NatTestCaseBase(L3NatTestCaseMixin):
|
|||
fip2_r2_res = associate_and_assert(fip2, p2)
|
||||
self.assertEqual(fip2_r2_res, r2['router']['id'])
|
||||
|
||||
def test_floatingip_update_different_port_owner_as_admin(self):
|
||||
with self.subnet() as private_sub:
|
||||
with self.floatingip_no_assoc(private_sub) as fip:
|
||||
with self.port(subnet=private_sub, tenant_id='other') as p:
|
||||
body = self._update('floatingips', fip['floatingip']['id'],
|
||||
{'floatingip':
|
||||
{'port_id': p['port']['id']}})
|
||||
self.assertEqual(p['port']['id'],
|
||||
body['floatingip']['port_id'])
|
||||
|
||||
def test_floatingip_port_delete(self):
|
||||
with self.subnet() as private_sub:
|
||||
with self.floatingip_no_assoc(private_sub) as fip:
|
||||
|
|
Loading…
Reference in New Issue