Make non-admin's VIM accessible for admin

In current code, One tenant can not access other tenant's Vim, even though this tenant has admin role. Due to it operations like force delete fails. In another scenario, a VNf of non-admin tenants also fails to scale as admin not able to access VIM. With this fix, admin tenants can access other tenant's VIMs. Change-Id: If65098ed5f1cfda29f63a28031d895afb04d5e31 Closes-Bug:#1833505
2019-07-30 05:15:44 +00:00 · 2019-07-30 05:15:44 +00:00 · f43264a420
parent 2417ececbd
commit f43264a420
2 changed files with 3 additions and 6 deletions
--- a/tacker/db/db_base.py
+++ b/tacker/db/db_base.py
@ -89,11 +89,6 @@ class CommonDbMixin(object):
                                (model.shared == sql.true()))
            else:
                query_filter = (model.tenant_id == context.tenant_id)
-        elif context.is_admin and hasattr(model, 'tenant_id'):
-            # NOTE(Lijiale) One tenant can not access other tenant's Vim,
-            # NOTE(Lijiale) even though this tenant has admin role.
-            if hasattr(model, 'shared'):
-                query_filter = (model.tenant_id == context.tenant_id)

        # Execute query hooks registered from mixins and plugins
        for _name, hooks in iteritems(self._model_query_hooks.get(model, {})):
--- a/tacker/db/nfvo/nfvo_db_plugin.py
+++ b/tacker/db/nfvo/nfvo_db_plugin.py
@ -201,7 +201,9 @@ class NfvoPluginDb(nfvo.NFVOPluginBase, db_base.CommonDbMixin):

    def _get_default_vim(self, context):
        query = self._model_query(context, nfvo_db.Vim)
-        return query.filter(nfvo_db.Vim.is_default == sql.true()).one()
+        return query.filter(
+            nfvo_db.Vim.tenant_id == context.tenant_id).filter(
+            nfvo_db.Vim.is_default == sql.true()).one()

    def get_default_vim(self, context):
        vim_db = self._get_default_vim(context)