Return both project_id when validating auto allocate network
When neutron API is called to check requirements for the auto_allocate
topology, it needs to return not only 'tenant_id' field but also
'project_id' as that is required for the policy enforcement.
Without this 'project_id' field requirements check was failing for
member and reader users as they got 404 from the Neutron API. And the
reason why Neutron was returning 404 was that it wasn't passing policy
enforcement due to missing project_id field in the 'target' object.
Closes-bug: #2066369
Change-Id: Idf96a82bc6c8cb0b47dfde3baba94b42a8a8beba
(cherry picked from commit dfc01beab2
)
This commit is contained in:
parent
ac1472c8cf
commit
d8208fc514
@ -194,7 +194,9 @@ class AutoAllocatedTopologyMixin(object):
|
||||
except n_exc.NotFound:
|
||||
raise exceptions.AutoAllocationFailure(
|
||||
reason=_("No default subnetpools defined"))
|
||||
return {'id': 'dry-run=pass', 'tenant_id': tenant_id}
|
||||
return {'id': 'dry-run=pass',
|
||||
'tenant_id': tenant_id,
|
||||
'project_id': tenant_id}
|
||||
|
||||
def _validate(self, context, tenant_id):
|
||||
"""Validate and return the tenant to be associated to the topology."""
|
||||
|
@ -351,7 +351,10 @@ class AutoAllocateTestCase(testlib_api.SqlTestCase):
|
||||
mock.patch.object(
|
||||
self.mixin, '_get_supported_subnetpools'):
|
||||
result = self.mixin._check_requirements(self.ctx, 'foo_tenant')
|
||||
expected = {'id': 'dry-run=pass', 'tenant_id': 'foo_tenant'}
|
||||
expected = {
|
||||
'id': 'dry-run=pass',
|
||||
'tenant_id': 'foo_tenant',
|
||||
'project_id': 'foo_tenant'}
|
||||
self.assertEqual(expected, result)
|
||||
|
||||
def test__cleanup_handles_failures(self):
|
||||
|
Loading…
Reference in New Issue
Block a user