From d8208fc51482737a2aeed2a1c5e61737a2808d94 Mon Sep 17 00:00:00 2001 From: Slawek Kaplonski Date: Wed, 22 May 2024 15:28:05 +0200 Subject: [PATCH] Return both project_id when validating auto allocate network When neutron API is called to check requirements for the auto_allocate topology, it needs to return not only 'tenant_id' field but also 'project_id' as that is required for the policy enforcement. Without this 'project_id' field requirements check was failing for member and reader users as they got 404 from the Neutron API. And the reason why Neutron was returning 404 was that it wasn't passing policy enforcement due to missing project_id field in the 'target' object. Closes-bug: #2066369 Change-Id: Idf96a82bc6c8cb0b47dfde3baba94b42a8a8beba (cherry picked from commit dfc01beab22f1c2b977d3e399c3fcda69a72082d) --- neutron/services/auto_allocate/db.py | 4 +++- neutron/tests/unit/services/auto_allocate/test_db.py | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/neutron/services/auto_allocate/db.py b/neutron/services/auto_allocate/db.py index c51777f1473..1d6d77519e8 100644 --- a/neutron/services/auto_allocate/db.py +++ b/neutron/services/auto_allocate/db.py @@ -194,7 +194,9 @@ class AutoAllocatedTopologyMixin(object): except n_exc.NotFound: raise exceptions.AutoAllocationFailure( reason=_("No default subnetpools defined")) - return {'id': 'dry-run=pass', 'tenant_id': tenant_id} + return {'id': 'dry-run=pass', + 'tenant_id': tenant_id, + 'project_id': tenant_id} def _validate(self, context, tenant_id): """Validate and return the tenant to be associated to the topology.""" diff --git a/neutron/tests/unit/services/auto_allocate/test_db.py b/neutron/tests/unit/services/auto_allocate/test_db.py index 83167d7ee62..2ff3cf7955a 100644 --- a/neutron/tests/unit/services/auto_allocate/test_db.py +++ b/neutron/tests/unit/services/auto_allocate/test_db.py @@ -351,7 +351,10 @@ class AutoAllocateTestCase(testlib_api.SqlTestCase): mock.patch.object( self.mixin, '_get_supported_subnetpools'): result = self.mixin._check_requirements(self.ctx, 'foo_tenant') - expected = {'id': 'dry-run=pass', 'tenant_id': 'foo_tenant'} + expected = { + 'id': 'dry-run=pass', + 'tenant_id': 'foo_tenant', + 'project_id': 'foo_tenant'} self.assertEqual(expected, result) def test__cleanup_handles_failures(self):