Use elevated context when getting default SG for tenant
With new scopes, when e.g. project admin context is used to ensure default SG for different tenant, elevated context needs to be used to make db query. Otherwise default SG will not be found and attempt to create it in DB may fail with DuplicateDbEntry error. Closes-Bug: #1938910 Change-Id: Ib884be6aa12bd0d3faf83f3e753f8e7aad503b68
This commit is contained in:
parent
0985c7c29c
commit
e6c3686cd8
|
@ -910,8 +910,11 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
|
|||
security_groups else [])
|
||||
|
||||
def _get_default_sg_id(self, context, tenant_id):
|
||||
# NOTE(slaweq): With new system/project scopes it may happen that
|
||||
# project admin will try to find default SG for different
|
||||
# project. In such case elevated context needs to be used.
|
||||
default_group = sg_obj.DefaultSecurityGroup.get_object(
|
||||
context,
|
||||
context.elevated(),
|
||||
project_id=tenant_id,
|
||||
)
|
||||
if default_group:
|
||||
|
|
Loading…
Reference in New Issue