From 53a942c2b8f308a6d3e65eacded3a53e1435d0bb Mon Sep 17 00:00:00 2001 From: Nisar Khan Date: Mon, 1 Jul 2024 07:03:55 +0000 Subject: [PATCH] Add Bobcat Support Change-Id: I3b53ec07b635908b3d980b7c4d1e660daa815d4e --- .zuul.yaml | 24 +- devstack/local.conf.nfp | 10 +- .../drivers/apic_aim/mechanism_driver.py | 4 +- .../db/grouppolicy/test_group_policy_db.py | 28 +- .../unit/plugins/ml2plus/test_apic_aim.py | 591 +++++++++++------- .../ml2plus/test_extension_driver_api.py | 46 +- .../unit/plugins/ml2plus/test_l3_apic_aim.py | 2 +- .../tests/unit/plugins/ml2plus/test_plugin.py | 23 +- .../grouppolicy/test_aim_mapping_driver.py | 65 +- .../grouppolicy/test_aim_validation.py | 39 +- .../grouppolicy/test_resource_mapping.py | 96 +-- .../unit/services/qos/test_aim_qos_driver.py | 3 +- .../unit/services/sfc/test_aim_sfc_driver.py | 6 +- test-requirements.txt | 8 +- tox.ini | 4 +- 15 files changed, 549 insertions(+), 400 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index affd886c0..31d6dba14 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -15,40 +15,40 @@ nodeset: ubuntu-focal required-projects: - name: openstack/requirements - override-checkout: stable/2023.1 + override-checkout: stable/2023.2 - openstack-tox-py38: nodeset: ubuntu-focal # Ignore py38 results until the gate is fixed voting: false required-projects: - name: openstack/requirements - override-checkout: stable/2023.1 + override-checkout: stable/2023.2 - openstack-tox-py39: nodeset: ubuntu-focal required-projects: - name: openstack/requirements - override-checkout: stable/2023.1 + override-checkout: stable/2023.2 - openstack-tox-py310: nodeset: ubuntu-jammy # Ignore py310 results until the gate is fixed voting: false required-projects: - name: openstack/requirements - override-checkout: stable/2023.1 + override-checkout: stable/2023.2 - openstack-tox-py311: nodeset: ubuntu-jammy # Ignore py311 results until the gate is fixed voting: false required-projects: - name: openstack/requirements - override-checkout: stable/2023.1 + override-checkout: stable/2023.2 - openstack-tox-py312: nodeset: ubuntu-jammy # Ignore py311 results until the gate is fixed voting: false required-projects: - name: openstack/requirements - override-checkout: stable/2023.1 + override-checkout: stable/2023.2 - legacy-group-based-policy-dsvm-functional: voting: false - legacy-group-based-policy-dsvm-aim: @@ -61,37 +61,37 @@ nodeset: ubuntu-focal required-projects: - name: openstack/requirements - override-checkout: stable/2023.1 + override-checkout: stable/2023.2 - openstack-tox-py38: nodeset: ubuntu-focal # Ignore py38 results until the gate is fixed voting: false required-projects: - name: openstack/requirements - override-checkout: stable/2023.1 + override-checkout: stable/2023.2 - openstack-tox-py39: nodeset: ubuntu-focal required-projects: - name: openstack/requirements - override-checkout: stable/2023.1 + override-checkout: stable/2023.2 - openstack-tox-py310: nodeset: ubuntu-jammy # Ignore py310 results until the gate is fixed voting: false required-projects: - name: openstack/requirements - override-checkout: stable/2023.1 + override-checkout: stable/2023.2 - openstack-tox-py311: nodeset: ubuntu-jammy # Ignore py311 results until the gate is fixed voting: false required-projects: - name: openstack/requirements - override-checkout: stable/2023.1 + override-checkout: stable/2023.2 - openstack-tox-py312: nodeset: ubuntu-jammy # Ignore py311 results until the gate is fixed voting: false required-projects: - name: openstack/requirements - override-checkout: stable/2023.1 + override-checkout: stable/2023.2 diff --git a/devstack/local.conf.nfp b/devstack/local.conf.nfp index f46b0293c..76d6592d6 100644 --- a/devstack/local.conf.nfp +++ b/devstack/local.conf.nfp @@ -43,11 +43,11 @@ if [[ $ENABLE_NFP = True ]]; then # Make sure that your public interface is not attached to any bridge. PUBLIC_INTERFACE= - enable_plugin neutron-fwaas http://opendev.org/openstack/neutron-fwaas.git stable/2023.1 - enable_plugin neutron-lbaas https://opendev.org/openstack/neutron-lbaas.git stable/2023.1 - enable_plugin neutron https://opendev.org/openstack/neutron.git stable/2023.1 - enable_plugin neutron-vpnaas https://opendev.org/openstack/neutron-vpnaas.git stable/2023.1 - enable_plugin octavia https://opendev.org/openstack/octavia.git stable/2023.1 + enable_plugin neutron-fwaas http://opendev.org/openstack/neutron-fwaas.git stable/2023.2 + enable_plugin neutron-lbaas https://opendev.org/openstack/neutron-lbaas.git stable/2023.2 + enable_plugin neutron https://opendev.org/openstack/neutron.git stable/2023.2 + enable_plugin neutron-vpnaas https://opendev.org/openstack/neutron-vpnaas.git stable/2023.2 + enable_plugin octavia https://opendev.org/openstack/octavia.git stable/2023.2 fi fi diff --git a/gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py b/gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py index 6ce09fa39..e13fafa72 100644 --- a/gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py +++ b/gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py @@ -3323,8 +3323,8 @@ class ApicMechanismDriver(api_plus.MechanismDriver, original_port = payload.states[0] port = payload.states[1] if payload.metadata: - orig_binding = payload.metadata['orig_binding'] - new_binding = payload.metadata['new_binding'] + orig_binding = payload.metadata.get('orig_binding') + new_binding = payload.metadata.get('new_binding') if self._is_port_bound(original_port) and 'fixed_ips' in port: # When a bound port is updated with a subnet, if the port diff --git a/gbpservice/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py b/gbpservice/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py index c57cd9192..28f50d80f 100644 --- a/gbpservice/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py +++ b/gbpservice/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py @@ -95,10 +95,9 @@ class ApiManagerMixin(object): defaults = kwargs data = {type: {'tenant_id': self._tenant_id}} data[type].update(defaults) - req = self.new_create_request(plural, data, self.fmt) - req.environ['neutron.context'] = context.Context( - '', kwargs.get('tenant_id', self._tenant_id) if not - is_admin_context else self._tenant_id, is_admin_context) + req = self.new_create_request(plural, data, self.fmt, + tenant_id=kwargs.get('tenant_id', self._tenant_id), + as_admin=is_admin_context) res = req.get_response(self.ext_api) if expected_res_status: self.assertEqual(expected_res_status, res.status_int) @@ -115,12 +114,9 @@ class ApiManagerMixin(object): data = {type: kwargs} tenant_id = kwargs.pop('tenant_id', self._tenant_id) # Create PT with bound port - req = self.new_update_request(plural, data, id, self.fmt) - req.environ['neutron.context'] = context.Context( - '', tenant_id if not is_admin_context else self._tenant_id, - is_admin_context) + req = self.new_update_request(plural, data, id, self.fmt, + tenant_id=tenant_id, as_admin=is_admin_context) res = req.get_response(api or self.ext_api) - if expected_res_status: self.assertEqual(expected_res_status, res.status_int) elif deserialize and res.status_int >= webob.exc.HTTPClientError.code: @@ -130,9 +126,9 @@ class ApiManagerMixin(object): def _show_resource(self, id, plural, expected_res_status=None, is_admin_context=False, tenant_id=None, deserialize=True): - req = self.new_show_request(plural, id, fmt=self.fmt) - req.environ['neutron.context'] = context.Context( - '', tenant_id or self._tenant_id, is_admin_context) + + req = self.new_show_request(plural, id, fmt=self.fmt, + tenant_id='' or self._tenant_id, as_admin=is_admin_context) res = req.get_response(self.ext_api) if expected_res_status: @@ -144,7 +140,8 @@ class ApiManagerMixin(object): def _delete_resource(self, id, plural, is_admin_context=False, expected_res_status=None, tenant_id=None, deserialize=True): - req = self.new_delete_request(plural, id) + req = self.new_delete_request(plural, id, + as_admin=is_admin_context) req.environ['neutron.context'] = context.Context( '', tenant_id or self._tenant_id, is_admin_context) res = req.get_response(self.ext_api) @@ -192,7 +189,7 @@ class ApiManagerMixin(object): 'device_id': 'b'}} # Create EP with bound port req = self.new_update_request('ports', data, port_id, - self.fmt) + self.fmt, as_admin=True) return self.deserialize(self.fmt, req.get_response(self.api)) def _bind_subport(self, ctx, trunk, port): @@ -206,7 +203,7 @@ class ApiManagerMixin(object): def _unbind_port(self, port_id): data = {'port': {'binding:host_id': ''}} req = self.new_update_request('ports', data, port_id, - self.fmt) + self.fmt, as_admin=True) return self.deserialize(self.fmt, req.get_response(self.api)) @@ -298,7 +295,6 @@ class GroupPolicyDBTestBase(ApiManagerMixin): resource_plural = self._get_resource_plural(resource) res = self._list(resource_plural, - neutron_context=neutron_context, query_params=query_params) params = None if query_params: diff --git a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py index afccb3307..f69d0231a 100644 --- a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py +++ b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py @@ -15,6 +15,7 @@ import copy import datetime +import logging import re import time @@ -290,7 +291,8 @@ class ApicAimTestMixin(object): # Arg must be present and not null (but can be false) if kwargs.get(arg) is not None: data['subnet'][arg] = kwargs[arg] - subnet_req = self.new_create_request('subnets', data, fmt) + subnet_req = self.new_create_request('subnets', data, fmt, + as_admin=True) subnet_res = subnet_req.get_response(self.api) # Things can go wrong - raise HTTP exc with res code only @@ -441,7 +443,7 @@ class ApicAimTestCase(test_address_scope.AddressScopeTestCase, data = {'port': {'network_id': net_id, portbindings.VNIC_TYPE: 'baremetal', 'project_id': project_id}} - req = self.new_create_request('ports', data, self.fmt) + req = self.new_create_request('ports', data, self.fmt, as_admin=True) return self.deserialize(self.fmt, req.get_response(self.api)) def _bind_port_to_host(self, port_id, host, **kwargs): @@ -450,7 +452,7 @@ class ApicAimTestCase(test_address_scope.AddressScopeTestCase, 'device_id': 'someid'}} data['port'].update(kwargs) req = self.new_update_request('ports', data, port_id, - self.fmt) + self.fmt, as_admin=True) return self.deserialize(self.fmt, req.get_response(self.api)) def _bind_dhcp_port_to_host(self, port_id, host): @@ -459,7 +461,7 @@ class ApicAimTestCase(test_address_scope.AddressScopeTestCase, 'device_id': 'someid'}} # Create EP with bound port req = self.new_update_request('ports', data, port_id, - self.fmt) + self.fmt, as_admin=True) return self.deserialize(self.fmt, req.get_response(self.api)) def _make_ext_network(self, name, dn=None, nat_type=None, cidrs=None, @@ -476,24 +478,24 @@ class ApicAimTestCase(test_address_scope.AddressScopeTestCase, if multi_ext_nets: kwargs['apic:multi_ext_nets'] = True - return self._make_network(self.fmt, name, True, + return self._make_network(self.fmt, name, True, as_admin=True, arg_list=self.extension_attributes, **kwargs)['network'] def _make_address_scope_for_vrf(self, vrf_dn, ip_version=n_constants.IP_VERSION_4, - expected_status=None, + expected_status=None, tenant_id=None, **kwargs): attrs = {'ip_version': ip_version} if vrf_dn: attrs[DN] = {'VRF': vrf_dn} attrs.update(kwargs) + tenant_id = tenant_id or self._tenant_id + req = self.new_create_request('address-scopes', - {'address_scope': attrs}, self.fmt) - neutron_context = n_context.Context('', kwargs.get('tenant_id', - self._tenant_id)) - req.environ['neutron.context'] = neutron_context + {'address_scope': attrs}, self.fmt, + tenant_id=tenant_id, as_admin=True) res = req.get_response(self.ext_api) if expected_status: @@ -1714,7 +1716,8 @@ class TestAimMapping(ApicAimTestCase): # Verify creating network with extra provided contracts fails. kwargs['apic:extra_provided_contracts'] = ['ep1'] resp = self._create_network( - self.fmt, 'net', True, arg_list=tuple(list(kwargs.keys())), + self.fmt, 'net', True, as_admin=True, + arg_list=tuple(list(kwargs.keys())), **kwargs) result = self.deserialize(self.fmt, resp) self.assertEqual( @@ -1725,7 +1728,8 @@ class TestAimMapping(ApicAimTestCase): # Verify creating network with extra consumed contracts fails. kwargs['apic:extra_consumed_contracts'] = ['ec1'] resp = self._create_network( - self.fmt, 'net', True, arg_list=tuple(list(kwargs.keys())), + self.fmt, 'net', True, as_admin=True, + arg_list=tuple(list(kwargs.keys())), **kwargs) result = self.deserialize(self.fmt, resp) self.assertEqual( @@ -1738,7 +1742,8 @@ class TestAimMapping(ApicAimTestCase): 'name': 'epg2'}] resp = self._create_network( - self.fmt, 'net', True, arg_list=tuple(list(kwargs.keys())), + self.fmt, 'net', True, as_admin=True, + arg_list=tuple(list(kwargs.keys())), **kwargs) result = self.deserialize(self.fmt, resp) self.assertEqual( @@ -1748,7 +1753,7 @@ class TestAimMapping(ApicAimTestCase): # Create network without extra provided or consumed contracts. net_id = self._make_network( - self.fmt, 'net', True, + self.fmt, 'net', True, as_admin=True, arg_list=tuple(list(kwargs.keys())), **kwargs)['network']['id'] # Verify setting extra provided contracts on network fails. @@ -2467,10 +2472,12 @@ class TestAimMapping(ApicAimTestCase): router = self._make_router( self.fmt, self._tenant_id, 'router1', - external_gateway_info={'network_id': ext_net['id']})['router'] + external_gateway_info={'network_id': ext_net['id']}, + as_admin=True)['router'] routerb = self._make_router( self.fmt, self._tenant_id, 'router2', - external_gateway_info={'network_id': ext_net['id']})['router'] + external_gateway_info={'network_id': ext_net['id']}, + as_admin=True)['router'] self._check_router(router) self._check_router(routerb) self.assertEqual(subnet3['id'], @@ -2486,7 +2493,8 @@ class TestAimMapping(ApicAimTestCase): router = self._make_router( self.fmt, self._tenant_id, 'router3', - external_gateway_info={'network_id': ext_net['id']})['router'] + external_gateway_info={'network_id': ext_net['id']}, + as_admin=True)['router'] self.assertEqual(subnet2['id'], router['external_gateway_info'] ['external_fixed_ips'][0]['subnet_id']) @@ -2495,7 +2503,8 @@ class TestAimMapping(ApicAimTestCase): {'subnet': {ROUTER_GW_IP_POOL: False}}) router = self._make_router( self.fmt, self._tenant_id, 'router4', - external_gateway_info={'network_id': ext_net['id']})['router'] + external_gateway_info={'network_id': ext_net['id']}, + as_admin=True)['router'] self.assertEqual(subnet3['id'], router['external_gateway_info'] ['external_fixed_ips'][0]['subnet_id']) @@ -2504,7 +2513,8 @@ class TestAimMapping(ApicAimTestCase): {'subnet': {ROUTER_GW_IP_POOL: True}}) router = self._make_router( self.fmt, self._tenant_id, 'router4', - external_gateway_info={'network_id': ext_net['id']})['router'] + external_gateway_info={'network_id': ext_net['id']}, + as_admin=True)['router'] self.assertEqual(subnet['id'], router['external_gateway_info'] ['external_fixed_ips'][0]['subnet_id']) @@ -2517,16 +2527,17 @@ class TestAimMapping(ApicAimTestCase): self._check_router(router) # Test show. - router = self._show('routers', router_id)['router'] + router = self._show('routers', router_id, as_admin=True)['router'] self._check_router(router) # Test update. data = {'router': {'name': 'newnameforrouter'}} - router = self._update('routers', router_id, data)['router'] + router = self._update('routers', router_id, data, + as_admin=True)['router'] self._check_router(router) # Test delete. - self._delete('routers', router_id) + self._delete('routers', router_id, as_admin=True) self._check_router_deleted(router) def _test_router_interface(self, is_svi=False): @@ -2563,14 +2574,14 @@ class TestAimMapping(ApicAimTestCase): port = self._make_port(self.fmt, net_id, fixed_ips=fixed_ips)['port'] port = self._bind_port_to_host(port['id'], 'host1')['port'] port['dns_name'] = '' - port = self._show('ports', port['id'])['port'] + port = self._show('ports', port['id'], as_admin=True)['port'] port_calls = [mock.call(mock.ANY, port)] fixed_ips = [{'subnet_id': subnet1_id, 'ip_address': '10.0.1.101'}] port = self._make_port(self.fmt, net_id, fixed_ips=fixed_ips)['port'] port = self._bind_port_to_host(port['id'], 'host2')['port'] port['dns_name'] = '' - port = self._show('ports', port['id'])['port'] + port = self._show('ports', port['id'], as_admin=True)['port'] port_calls.append(mock.call(mock.ANY, port)) # The update to host_routes should trigger the port updates @@ -2585,7 +2596,7 @@ class TestAimMapping(ApicAimTestCase): data = {'subnet': {'dns_nameservers': ['9.8.7.6']}} subnet = self._update('subnets', subnet1_id, data)['subnet'] self._check_subnet(subnet, net, [], [gw1_ip]) - port = self._show('ports', port['id'])['port'] + port = self._show('ports', port['id'], as_admin=True)['port'] mock_notif.assert_has_calls(port_calls, any_order=True) # Create subnet2. @@ -2602,7 +2613,7 @@ class TestAimMapping(ApicAimTestCase): fixed_ips=fixed_ips)['port'] port = self._bind_port_to_host(port['id'], 'host1')['port'] port['dns_name'] = '' - port = self._show('ports', port['id'])['port'] + port = self._show('ports', port['id'], as_admin=True)['port'] port_calls.append(mock.call(mock.ANY, port)) # Add subnet1 to router by subnet. @@ -2854,7 +2865,7 @@ class TestAimMapping(ApicAimTestCase): port = self._bind_port_to_host(port['id'], 'host1')['port'] port['dns_name'] = "" port['project_id'] = port['tenant_id'] - port = self._show('ports', port['id'])['port'] + port = self._show('ports', port['id'], as_admin=True)['port'] port_calls = [mock.call(mock.ANY, port)] # Create subnet2. @@ -2872,7 +2883,7 @@ class TestAimMapping(ApicAimTestCase): port = self._bind_port_to_host(port['id'], 'host1')['port'] port['dns_name'] = '' port['project_id'] = port['tenant_id'] - port = self._show('ports', port['id'])['port'] + port = self._show('ports', port['id'], as_admin=True)['port'] port_calls.append(mock.call(mock.ANY, port)) # Add subnet1 to router by subnet. @@ -2900,12 +2911,14 @@ class TestAimMapping(ApicAimTestCase): # Test subnet update. data = {'subnet': {'name': 'newnameforsubnet'}} - subnet = self._update('subnets', subnet1_id, data)['subnet'] + subnet = self._update('subnets', subnet1_id, data, + as_admin=True)['subnet'] self._check_subnet(subnet, net, [(gw1_ip, router)], [], scope) # Test router update. data = {'router': {'name': 'newnameforrouter'}} - router = self._update('routers', router_id, data)['router'] + router = self._update('routers', router_id, + data, as_admin=True)['router'] self._check_subnet(subnet, net, [(gw1_ip, router)], [], scope) # Add subnet2 to router by port. @@ -3260,7 +3273,8 @@ class TestAimMapping(ApicAimTestCase): pool6u_id = None # Create network with subnets using first v4 scope and v6 scope. - net_resp = self._make_network(self.fmt, 'net1', True) + net_resp = self._make_network(self.fmt, 'net1', True, + as_admin=True) net1 = net_resp['network'] self._check_network(net1) gw4i1_ip = '10.1.1.1' @@ -3277,7 +3291,8 @@ class TestAimMapping(ApicAimTestCase): check_vrf_notifies(notify, [unrouted_vrf]) # Create network with subnets using second v4 scope and v6 scope. - net_resp = self._make_network(self.fmt, 'net2', True) + net_resp = self._make_network(self.fmt, 'net2', + True, as_admin=True) net2 = net_resp['network'] self._check_network(net2) gw4n2_ip = '10.2.1.1' @@ -3294,7 +3309,8 @@ class TestAimMapping(ApicAimTestCase): check_vrf_notifies(notify, [unrouted_vrf]) # Create network with unscoped subnets. - net_resp = self._make_network(self.fmt, 'net3', True) + net_resp = self._make_network(self.fmt, 'net3', + True, as_admin=True) net3 = net_resp['network'] self._check_network(net3) gw43_ip = '10.3.1.1' @@ -3312,19 +3328,21 @@ class TestAimMapping(ApicAimTestCase): # Create shared network with unscoped subnets. net_resp = self._make_network( - self.fmt, 'net4', True, tenant_id='tenant_2', shared=True) + self.fmt, 'net4', True, tenant_id='tenant_2', + shared=True, as_admin=True) net4 = net_resp['network'] self._check_network(net4) gw44_ip = '10.4.1.1' subnet44 = self._make_subnet( self.fmt, net_resp, gw44_ip, '10.4.1.0/24', - subnetpool_id=pool4u_id)['subnet'] + subnetpool_id=pool4u_id, as_admin=True)['subnet'] self._check_subnet(subnet44, net4, [], [gw44_ip]) check_vrf_notifies(notify, [unrouted_vrf]) gw64_ip = '2001:db8:1:4::1' subnet64 = self._make_subnet( self.fmt, net_resp, gw64_ip, '2001:db8:1:4::0/64', - ip_version=6, subnetpool_id=pool6u_id)['subnet'] + ip_version=6, subnetpool_id=pool6u_id, + as_admin=True)['subnet'] self._check_subnet(subnet64, net4, [], [gw64_ip]) check_vrf_notifies(notify, [unrouted_vrf]) @@ -3644,11 +3662,11 @@ class TestAimMapping(ApicAimTestCase): self.assertIn(subnet1_id, info['subnet_ids']) # Check network. - net = self._show('networks', net_id)['network'] + net = self._show('networks', net_id, as_admin=True)['network'] self._check_network(net, [router], scope) # Check subnet1. - subnet = self._show('subnets', subnet1_id)['subnet'] + subnet = self._show('subnets', subnet1_id, as_admin=True)['subnet'] self._check_subnet(subnet, net, [(gw1_ip, router)], [], scope) # Create subnet2 as tenant_2. @@ -3666,15 +3684,15 @@ class TestAimMapping(ApicAimTestCase): self.assertIn(subnet2_id, info['subnet_ids']) # Check network. - net = self._show('networks', net_id)['network'] + net = self._show('networks', net_id, as_admin=True)['network'] self._check_network(net, [router], scope) # Check subnet1. - subnet = self._show('subnets', subnet1_id)['subnet'] + subnet = self._show('subnets', subnet1_id, as_admin=True)['subnet'] self._check_subnet(subnet, net, [(gw1_ip, router)], [], scope) # Check subnet2. - subnet = self._show('subnets', subnet2_id)['subnet'] + subnet = self._show('subnets', subnet2_id, as_admin=True)['subnet'] self._check_subnet(subnet, net, [(gw2_ip, router)], [], scope) # Remove subnet1 from router. @@ -3684,15 +3702,15 @@ class TestAimMapping(ApicAimTestCase): self.assertIn(subnet1_id, info['subnet_ids']) # Check network. - net = self._show('networks', net_id)['network'] + net = self._show('networks', net_id, as_admin=True)['network'] self._check_network(net, [router], scope) # Check subnet1. - subnet = self._show('subnets', subnet1_id)['subnet'] + subnet = self._show('subnets', subnet1_id, as_admin=True)['subnet'] self._check_subnet(subnet, net, [], [gw1_ip]) # Check subnet2. - subnet = self._show('subnets', subnet2_id)['subnet'] + subnet = self._show('subnets', subnet2_id, as_admin=True)['subnet'] self._check_subnet(subnet, net, [(gw2_ip, router)], [], scope) # Remove subnet2 from router. @@ -3702,15 +3720,15 @@ class TestAimMapping(ApicAimTestCase): self.assertIn(subnet2_id, info['subnet_ids']) # Check network. - net = self._show('networks', net_id)['network'] + net = self._show('networks', net_id, as_admin=True)['network'] self._check_network(net) # Check subnet1. - subnet = self._show('subnets', subnet1_id)['subnet'] + subnet = self._show('subnets', subnet1_id, as_admin=True)['subnet'] self._check_subnet(subnet, net, [], [gw1_ip]) # Check subnet2. - subnet = self._show('subnets', subnet2_id)['subnet'] + subnet = self._show('subnets', subnet2_id, as_admin=True)['subnet'] self._check_subnet(subnet, net, [], [gw2_ip]) def test_shared_network(self): @@ -3739,7 +3757,8 @@ class TestAimMapping(ApicAimTestCase): # Create shared net2 as tenant_2. net2_resp = self._make_network( - self.fmt, 'net2', True, tenant_id='tenant_2', shared=True) + self.fmt, 'net2', True, as_admin=True, + tenant_id='tenant_2', shared=True) net2 = net2_resp['network'] net2_id = net2['id'] self._check_network(net2) @@ -3747,7 +3766,7 @@ class TestAimMapping(ApicAimTestCase): # Create subnet2 as tenant_1. gw2_ip = '10.0.2.1' subnet2 = self._make_subnet( - self.fmt, net2_resp, gw2_ip, '10.0.2.0/24', + self.fmt, net2_resp, gw2_ip, '10.0.2.0/24', as_admin=True, tenant_id='tenant_1')['subnet'] subnet2_id = subnet2['id'] self._check_subnet(subnet2, net2, [], [gw2_ip]) @@ -3772,27 +3791,27 @@ class TestAimMapping(ApicAimTestCase): self.assertIn(subnet1_id, info['subnet_ids']) # Check net1. - net1 = self._show('networks', net1_id)['network'] + net1 = self._show('networks', net1_id, as_admin=True)['network'] self._check_network(net1, [router]) # Check subnet1. - subnet1 = self._show('subnets', subnet1_id)['subnet'] + subnet1 = self._show('subnets', subnet1_id, as_admin=True)['subnet'] self._check_subnet(subnet1, net1, [(gw1_ip, router)], []) # Check net2. - net2 = self._show('networks', net2_id)['network'] + net2 = self._show('networks', net2_id, as_admin=True)['network'] self._check_network(net2) # Check subnet2. - subnet2 = self._show('subnets', subnet2_id)['subnet'] + subnet2 = self._show('subnets', subnet2_id, as_admin=True)['subnet'] self._check_subnet(subnet2, net2, [], [gw2_ip]) # Check net3. - net3 = self._show('networks', net3_id)['network'] + net3 = self._show('networks', net3_id, as_admin=True)['network'] self._check_network(net3) # Check subnet3. - subnet3 = self._show('subnets', subnet3_id)['subnet'] + subnet3 = self._show('subnets', subnet3_id, as_admin=True)['subnet'] self._check_subnet(subnet3, net3, [], [gw3_ip]) # Add subnet2 to router. @@ -3801,28 +3820,28 @@ class TestAimMapping(ApicAimTestCase): self.assertIn(subnet2_id, info['subnet_ids']) # Check net1, which should be moved to tenant_2. - net1 = self._show('networks', net1_id)['network'] + net1 = self._show('networks', net1_id, as_admin=True)['network'] self._check_network(net1, [router], project='tenant_2') # Check subnet1, which should be moved to tenant_2. - subnet1 = self._show('subnets', subnet1_id)['subnet'] + subnet1 = self._show('subnets', subnet1_id, as_admin=True)['subnet'] self._check_subnet(subnet1, net1, [(gw1_ip, router)], [], project='tenant_2') # Check net2. - net2 = self._show('networks', net2_id)['network'] + net2 = self._show('networks', net2_id, as_admin=True)['network'] self._check_network(net2, [router]) # Check subnet2. - subnet2 = self._show('subnets', subnet2_id)['subnet'] + subnet2 = self._show('subnets', subnet2_id, as_admin=True)['subnet'] self._check_subnet(subnet2, net2, [(gw2_ip, router)], []) # Check net3. - net3 = self._show('networks', net3_id)['network'] + net3 = self._show('networks', net3_id, as_admin=True)['network'] self._check_network(net3) # Check subnet3. - subnet3 = self._show('subnets', subnet3_id)['subnet'] + subnet3 = self._show('subnets', subnet3_id, as_admin=True)['subnet'] self._check_subnet(subnet3, net3, [], [gw3_ip]) # Add subnet3 to router. @@ -3831,28 +3850,28 @@ class TestAimMapping(ApicAimTestCase): self.assertIn(subnet3_id, info['subnet_ids']) # Check net1, which should still be moved to tenant_2. - net1 = self._show('networks', net1_id)['network'] + net1 = self._show('networks', net1_id, as_admin=True)['network'] self._check_network(net1, [router], project='tenant_2') # Check subnet1, which should still be moved to tenant_2. - subnet1 = self._show('subnets', subnet1_id)['subnet'] + subnet1 = self._show('subnets', subnet1_id, as_admin=True)['subnet'] self._check_subnet(subnet1, net1, [(gw1_ip, router)], [], project='tenant_2') # Check net2. - net2 = self._show('networks', net2_id)['network'] + net2 = self._show('networks', net2_id, as_admin=True)['network'] self._check_network(net2, [router]) # Check subnet2. - subnet2 = self._show('subnets', subnet2_id)['subnet'] + subnet2 = self._show('subnets', subnet2_id, as_admin=True)['subnet'] self._check_subnet(subnet2, net2, [(gw2_ip, router)], []) # Check net3, which should be moved to tenant_2. - net3 = self._show('networks', net3_id)['network'] + net3 = self._show('networks', net3_id, as_admin=True)['network'] self._check_network(net3, [router], project='tenant_2') # Check subnet3, which should be moved to tenant_2. - subnet3 = self._show('subnets', subnet3_id)['subnet'] + subnet3 = self._show('subnets', subnet3_id, as_admin=True)['subnet'] self._check_subnet(subnet3, net3, [(gw3_ip, router)], [], project='tenant_2') @@ -3862,28 +3881,28 @@ class TestAimMapping(ApicAimTestCase): self.assertIn(subnet3_id, info['subnet_ids']) # Check net1, which should still be moved to tenant_2. - net1 = self._show('networks', net1_id)['network'] + net1 = self._show('networks', net1_id, as_admin=True)['network'] self._check_network(net1, [router], project='tenant_2') # Check subnet1, which should still be moved to tenant_2. - subnet1 = self._show('subnets', subnet1_id)['subnet'] + subnet1 = self._show('subnets', subnet1_id, as_admin=True)['subnet'] self._check_subnet(subnet1, net1, [(gw1_ip, router)], [], project='tenant_2') # Check net2. - net2 = self._show('networks', net2_id)['network'] + net2 = self._show('networks', net2_id, as_admin=True)['network'] self._check_network(net2, [router]) # Check subnet2. - subnet2 = self._show('subnets', subnet2_id)['subnet'] + subnet2 = self._show('subnets', subnet2_id, as_admin=True)['subnet'] self._check_subnet(subnet2, net2, [(gw2_ip, router)], []) # Check net3, which should be moved back to tenant_1. - net3 = self._show('networks', net3_id)['network'] + net3 = self._show('networks', net3_id, as_admin=True)['network'] self._check_network(net3) # Check subnet3, which should be moved back to tenant_1. - subnet3 = self._show('subnets', subnet3_id)['subnet'] + subnet3 = self._show('subnets', subnet3_id, as_admin=True)['subnet'] self._check_subnet(subnet3, net3, [], [gw3_ip]) # Remove subnet2 from router. @@ -3892,27 +3911,27 @@ class TestAimMapping(ApicAimTestCase): self.assertIn(subnet2_id, info['subnet_ids']) # Check net1, which should be moved back to tenant_1. - net1 = self._show('networks', net1_id)['network'] + net1 = self._show('networks', net1_id, as_admin=True)['network'] self._check_network(net1, [router]) # Check subnet1, which should be moved back to tenant_1. - subnet1 = self._show('subnets', subnet1_id)['subnet'] + subnet1 = self._show('subnets', subnet1_id, as_admin=True)['subnet'] self._check_subnet(subnet1, net1, [(gw1_ip, router)], []) # Check net2. - net2 = self._show('networks', net2_id)['network'] + net2 = self._show('networks', net2_id, as_admin=True)['network'] self._check_network(net2) # Check subnet2. - subnet2 = self._show('subnets', subnet2_id)['subnet'] + subnet2 = self._show('subnets', subnet2_id, as_admin=True)['subnet'] self._check_subnet(subnet2, net2, [], [gw2_ip]) # Check net3. - net3 = self._show('networks', net3_id)['network'] + net3 = self._show('networks', net3_id, as_admin=True)['network'] self._check_network(net3) # Check subnet3. - subnet3 = self._show('subnets', subnet3_id)['subnet'] + subnet3 = self._show('subnets', subnet3_id, as_admin=True)['subnet'] self._check_subnet(subnet3, net3, [], [gw3_ip]) # Remove subnet1 from router. @@ -3921,34 +3940,35 @@ class TestAimMapping(ApicAimTestCase): self.assertIn(subnet1_id, info['subnet_ids']) # Check net1. - net1 = self._show('networks', net1_id)['network'] + net1 = self._show('networks', net1_id, as_admin=True)['network'] self._check_network(net1) # Check subnet1. - subnet1 = self._show('subnets', subnet1_id)['subnet'] + subnet1 = self._show('subnets', subnet1_id, as_admin=True)['subnet'] self._check_subnet(subnet1, net1, [], [gw1_ip]) # Check net2. - net2 = self._show('networks', net2_id)['network'] + net2 = self._show('networks', net2_id, as_admin=True)['network'] self._check_network(net2) # Check subnet2. - subnet2 = self._show('subnets', subnet2_id)['subnet'] + subnet2 = self._show('subnets', subnet2_id, as_admin=True)['subnet'] self._check_subnet(subnet2, net2, [], [gw2_ip]) # Check net3. - net3 = self._show('networks', net3_id)['network'] + net3 = self._show('networks', net3_id, as_admin=True)['network'] self._check_network(net3) # Check subnet3. - subnet3 = self._show('subnets', subnet3_id)['subnet'] + subnet3 = self._show('subnets', subnet3_id, as_admin=True)['subnet'] self._check_subnet(subnet3, net3, [], [gw3_ip]) def test_shared_network_topologies(self): def make_net(number, project, shared=False): name = 'net%s' % number net_resp = self._make_network( - self.fmt, name, True, tenant_id=project, shared=shared) + self.fmt, name, True, tenant_id=project, + shared=shared, as_admin=True) net = net_resp['network'] net_id = net['id'] self._check_network(net) @@ -3976,7 +3996,7 @@ class TestAimMapping(ApicAimTestCase): fixed_ips = [{'subnet_id': subnet_id, 'ip_address': gw_ip}] port = self._make_port( self.fmt, net_id, fixed_ips=fixed_ips, - tenant_id=project)['port'] + tenant_id=project, as_admin=True)['port'] router_ctx = n_context.Context(None, project) info = self.l3_plugin.add_router_interface( router_ctx, router['id'], {'port_id': port['id']}) @@ -3990,9 +4010,9 @@ class TestAimMapping(ApicAimTestCase): def check_net(net_id, subnet_id, routers, expected_gws, unexpected_gw_ips, project): - net = self._show('networks', net_id)['network'] + net = self._show('networks', net_id, as_admin=True)['network'] self._check_network(net, routers, project=project) - subnet = self._show('subnets', subnet_id)['subnet'] + subnet = self._show('subnets', subnet_id, as_admin=True)['subnet'] self._check_subnet( subnet, net, expected_gws, unexpected_gw_ips, project=project) @@ -4040,10 +4060,10 @@ class TestAimMapping(ApicAimTestCase): # Add extra contracts to two of the networks. self._update( 'networks', net2, {'network': {'apic:extra_provided_contracts': - ['ep1', 'ep2']}}) + ['ep1', 'ep2']}}, as_admin=True) self._update( 'networks', net3, {'network': {'apic:extra_consumed_contracts': - ['ec1', 'ec2']}}) + ['ec1', 'ec2']}}, as_admin=True) # Check initial state with no routing. check_net(net1, sn1, [], [], [gw1A], t1) @@ -4057,7 +4077,7 @@ class TestAimMapping(ApicAimTestCase): # Add subnet 1 to router A, which should create tenant 1's # default VRF. add_interface(rA, net1, sn1, gw1A, t1) - p1 = self._show('ports', p1['id'])['port'] + p1 = self._show('ports', p1['id'], as_admin=True)['port'] check_port_notify([p1]) check_net(net1, sn1, [rA], [(gw1A, rA)], [], t1) check_net(net2, sn2, [], [], [gw2A, gw2B], t1) @@ -4069,7 +4089,7 @@ class TestAimMapping(ApicAimTestCase): # Add subnet 2 to router A. add_interface(rA, net2, sn2, gw2A, t1) - p2 = self._show('ports', p2['id'])['port'] + p2 = self._show('ports', p2['id'], as_admin=True)['port'] check_port_notify([p2]) check_net(net1, sn1, [rA], [(gw1A, rA)], [], t1) check_net(net2, sn2, [rA], [(gw2A, rA)], [gw2B], t1) @@ -4092,7 +4112,7 @@ class TestAimMapping(ApicAimTestCase): # Add subnet 3 to router B. add_interface(rB, net3, sn3, gw3B, t1) - p3 = self._show('ports', p3['id'])['port'] + p3 = self._show('ports', p3['id'], as_admin=True)['port'] check_port_notify([p3]) check_net(net1, sn1, [rA], [(gw1A, rA)], [], t1) check_net(net2, sn2, [rA, rB], [(gw2A, rA), (gw2B, rB)], [], t1) @@ -4334,7 +4354,7 @@ class TestAimMapping(ApicAimTestCase): self.assertIsNone(sub['subnetpool_id']) # Make SP default data = {'subnetpool': {'is_implicit': True}} - self._update('subnetpools', subnetpool['id'], data) + self._update('subnetpools', subnetpool['id'], data, as_admin=True) # Make a new network since Subnets hosted on the same network must be # allocated from the same subnet pool net = self._make_network(self.fmt, 'pvt-net2', True, @@ -4390,12 +4410,13 @@ class TestAimMapping(ApicAimTestCase): # Update is_implicit to false sp = self._update( 'subnetpools', sp['id'], - {'subnetpool': {'is_implicit': False}})['subnetpool'] + {'subnetpool': {'is_implicit': False}}, + as_admin=True)['subnetpool'] self.assertFalse(sp['is_implicit']) # Update to True sp = self._update( 'subnetpools', sp['id'], - {'subnetpool': {'is_implicit': True}})['subnetpool'] + {'subnetpool': {'is_implicit': True}}, as_admin=True)['subnetpool'] self.assertTrue(sp['is_implicit']) # Create another implicit in the same family, same tenant, it will fail self.assertRaises(webob.exc.HTTPClientError, self._make_subnetpool, @@ -4415,7 +4436,8 @@ class TestAimMapping(ApicAimTestCase): # Try to update to implicit, will fail self._update('subnetpools', sp2['id'], {'subnetpool': {'is_implicit': True}}, - expected_code=webob.exc.HTTPBadRequest.code) + expected_code=webob.exc.HTTPBadRequest.code, + as_admin=True) # Create a shared implicit SP in a different tenant sp3 = self._make_subnetpool( self.fmt, ['11.0.0.0/8'], name='spoolShared', @@ -4657,12 +4679,12 @@ class TestSyncState(ApicAimTestCase): 'router'] self.assertEqual(expected_state, router['apic:synchronization_state']) - router = self._show('routers', router['id'])['router'] + router = self._show('routers', router['id'], as_admin=True)['router'] self.assertEqual(expected_state, router['apic:synchronization_state']) router = self._list( 'routers', - query_params=('id=%s' % router['id']))['routers'][0] + query_params=('id=%s' % router['id']), as_admin=True)['routers'][0] self.assertEqual(expected_state, router['apic:synchronization_state']) def test_router_synced(self): @@ -5195,7 +5217,8 @@ class TestTopology(ApicAimTestCase): # Create shared network and non-overlapping subnet as tenant_2. net3_resp = self._make_network( - self.fmt, 'net3', True, tenant_id='tenant_2', shared=True) + self.fmt, 'net3', True, + as_admin=True, tenant_id='tenant_2', shared=True) subnet3_id = self._make_subnet( self.fmt, net3_resp, '10.0.3.1', '10.0.3.0/24', tenant_id='tenant_2')['subnet']['id'] @@ -5224,7 +5247,8 @@ class TestTopology(ApicAimTestCase): # Create shared network and non-overlapping subnet as tenant_2. net2_resp = self._make_network( - self.fmt, 'net', True, tenant_id='tenant_2', shared=True) + self.fmt, 'net', True, tenant_id='tenant_2', + shared=True, as_admin=True) subnet2_id = self._make_subnet( self.fmt, net2_resp, '10.0.2.1', '10.0.2.0/24', tenant_id='tenant_2')['subnet']['id'] @@ -5255,8 +5279,8 @@ class TestTopology(ApicAimTestCase): self.fmt, 'tenant_1', 'router3')['router']['id'] port_id = self._make_port( self.fmt, net3_resp['network']['id'], - fixed_ips=[{'subnet_id': subnet3_id, 'ip_address': '10.0.1.2'}] - )['port']['id'] + fixed_ips=[{'subnet_id': subnet3_id, 'ip_address': '10.0.1.2'}], + as_admin=True)['port']['id'] self.l3_plugin.add_router_interface( n_context.get_admin_context(), router3_id, {'port_id': port_id}) @@ -5300,7 +5324,8 @@ class TestTopology(ApicAimTestCase): # Create shared net1 and subnet1 as tenant_1. net1_resp = self._make_network( - self.fmt, 'net1', True, tenant_id='tenant_1', shared=True) + self.fmt, 'net1', True, as_admin=True, + tenant_id='tenant_1', shared=True) gw1_ip = '10.0.1.1' subnet1_id = self._make_subnet( self.fmt, net1_resp, gw1_ip, '10.0.1.0/24', @@ -5308,7 +5333,8 @@ class TestTopology(ApicAimTestCase): # Create shared net2 and subnet2 as tenant_2. net2_resp = self._make_network( - self.fmt, 'net2', True, tenant_id='tenant_2', shared=True) + self.fmt, 'net2', True, as_admin=True, + tenant_id='tenant_2', shared=True) gw2_ip = '10.0.2.1' subnet2_id = self._make_subnet( self.fmt, net2_resp, gw2_ip, '10.0.2.0/24', @@ -5316,7 +5342,8 @@ class TestTopology(ApicAimTestCase): # Create shared net3 and subnet3 as tenant_1. net3_resp = self._make_network( - self.fmt, 'net3', True, tenant_id='tenant_1', shared=True) + self.fmt, 'net3', True, as_admin=True, + tenant_id='tenant_1', shared=True) gw3_ip = '10.0.3.1' subnet3_id = self._make_subnet( self.fmt, net3_resp, gw3_ip, '10.0.3.0/24', @@ -5358,7 +5385,7 @@ class TestTopology(ApicAimTestCase): net_id = net_resp['network']['id'] subnet = self._make_subnet( self.fmt, net_resp, '10.1.0.1', '10.1.0.0/24', - subnetpool_id=pool_id)['subnet'] + subnetpool_id=pool_id, as_admin=True)['subnet'] subnet1_id = subnet['id'] # Verify network is not associated with address_scope. @@ -5367,7 +5394,7 @@ class TestTopology(ApicAimTestCase): # Associate subnetpool with address_scope. data = {'subnetpool': {'address_scope_id': scope_id}} - self._update('subnetpools', pool_id, data) + self._update('subnetpools', pool_id, data, as_admin=True) # Verify network is associated with address_scope. net = self._show('networks', net_id)['network'] @@ -5375,7 +5402,7 @@ class TestTopology(ApicAimTestCase): # Disassociate subnetpool from address_scope. data = {'subnetpool': {'address_scope_id': None}} - self._update('subnetpools', pool_id, data) + self._update('subnetpools', pool_id, data, as_admin=True) # Verify network is not associated with address_scope. net = self._show('networks', net_id)['network'] @@ -5385,13 +5412,14 @@ class TestTopology(ApicAimTestCase): router_id = self._make_router( self.fmt, 'test-tenant', 'router1')['router']['id'] self.l3_plugin.add_router_interface( - n_context.get_admin_context(), router_id, - {'subnet_id': subnet1_id}) + n_context.get_admin_context(), router_id, + {'subnet_id': subnet1_id}) # Verify associating subnetpool with address_scope fails. data = {'subnetpool': {'address_scope_id': scope_id}} result = self._update('subnetpools', pool_id, data, - webob.exc.HTTPBadRequest.code) + webob.exc.HTTPBadRequest.code, + as_admin=True) self.assertEqual('ScopeUpdateNotSupported', result['NeutronError']['type']) @@ -5502,23 +5530,26 @@ class TestTopology(ApicAimTestCase): self.fmt, ['10.0.0.0/8'], name='spool1', tenant_id='t1', shared=True, admin=True)['subnetpool'] net = self._make_network(self.fmt, 'net', True, tenant_id='t1', - shared=True) + shared=True, as_admin=True) sub1 = self._make_subnet(self.fmt, net, '10.10.10.1', '10.10.10.0/24', sp['id'], - tenant_id='t1')['subnet'] + tenant_id='t1', as_admin=True)['subnet'] sub2 = self._make_subnet(self.fmt, net, '10.10.20.1', '10.10.20.0/24', sp['id'], - tenant_id='t1')['subnet'] + tenant_id='t1', as_admin=True)['subnet'] sub3 = self._make_subnet(self.fmt, net, '10.20.10.1', '10.20.10.0/24', sp['id'], - tenant_id='t2')['subnet'] + tenant_id='t2', as_admin=True)['subnet'] rtr = self._make_router(self.fmt, 't1', 'rtr')['router'] - self._router_interface_action('add', rtr['id'], sub1['id'], None) - self._router_interface_action('add', rtr['id'], sub2['id'], None) - self._router_interface_action('add', rtr['id'], sub3['id'], None) + self._router_interface_action('add', rtr['id'], sub1['id'], None, + as_admin=True) + self._router_interface_action('add', rtr['id'], sub2['id'], None, + as_admin=True) + self._router_interface_action('add', rtr['id'], sub3['id'], None, + as_admin=True) class TestMigrations(ApicAimTestCase, db.DbMixin): @@ -5687,7 +5718,8 @@ class TestMigrations(ApicAimTestCase, db.DbMixin): self.fmt, self.tenant_1, 'router', arg_list=self.extension_attributes, external_gateway_info={'network_id': net['id']})['router'] - self._router_interface_action('add', router['id'], sub['id'], None) + self._router_interface_action('add', router['id'], sub['id'], None, + as_admin=True) aim = self.aim_mgr with db_api.CONTEXT_READER.using(self.db_session): @@ -5756,7 +5788,7 @@ class TestMigrations(ApicAimTestCase, db.DbMixin): self.assertTrue(r.name.startswith(self.driver.apic_system_id), '%s name: %s' % (type(r), r.name)) self._update('routers', router['id'], - {'router': {'external_gateway_info': {}}}) + {'router': {'external_gateway_info': {}}}, as_admin=True) self._delete('networks', net['id']) for r in final_res: self.assertIsNone(aim.get(aim_ctx, r), @@ -5940,14 +5972,14 @@ class TestPortBinding(ApicAimTestCase): if kwargs: data['binding'].update(kwargs) binding_resource = 'ports/%s/bindings' % port_id - binding_req = self.new_create_request(binding_resource, data, fmt) + binding_req = self.new_create_request(binding_resource, data, fmt, + as_admin=True) return binding_req.get_response(self.api) def _update_port_binding(self, fmt, port_id, host, **kwargs): data = {'binding': kwargs} binding_req = self.new_update_request('ports', data, port_id, fmt, - subresource='bindings', - sub_id=host) + as_admin=True, subresource='bindings', sub_id=host) return binding_req.get_response(self.api) def _do_update_port_binding(self, fmt, port_id, host, **kwargs): @@ -6099,7 +6131,7 @@ class TestPortBinding(ApicAimTestCase): self._register_agent('h1', AGENT_CONF_OPFLEX) - net1 = self._make_network(self.fmt, 'net1', True, + net1 = self._make_network(self.fmt, 'net1', True, as_admin=True, arg_list=self.extension_attributes, **{'apic:svi': 'True', 'provider:network_type': 'vlan', @@ -6225,7 +6257,7 @@ class TestPortBinding(ApicAimTestCase): self._register_agent('h1', AGENT_CONF_OPFLEX) self._register_agent('h2', AGENT_CONF_OPFLEX) - net1 = self._make_network(self.fmt, 'net1', True, + net1 = self._make_network(self.fmt, 'net1', True, as_admin=True, arg_list=self.extension_attributes, **{'apic:svi': 'True', 'provider:network_type': 'vlan', @@ -6429,7 +6461,7 @@ class TestPortBinding(ApicAimTestCase): path='topology/pod-1/paths-102/pathep-[eth1/8]') self.aim_mgr.create(aim_ctx, hlink_1) - net = self._make_network(self.fmt, 'net1', True, + net = self._make_network(self.fmt, 'net1', True, as_admin=True, arg_list=self.extension_attributes, **{'apic:svi': 'True', 'provider:network_type': 'vlan'}) @@ -6561,7 +6593,7 @@ class TestPortBinding(ApicAimTestCase): if is_svi: kwargs.update({'apic:svi': 'True'}) arg_list = self.extension_attributes + ('provider:physical_network',) - net = self._make_network(self.fmt, 'net1', True, + net = self._make_network(self.fmt, 'net1', True, as_admin=True, arg_list=arg_list, **kwargs) self._make_subnet(self.fmt, net, '10.0.1.1', '10.0.1.0/24') port = self._make_baremetal_port(net['network']['tenant_id'], @@ -6659,12 +6691,12 @@ class TestPortBinding(ApicAimTestCase): self._register_agent('host1', AGENT_CONF_OPFLEX) kwargs = {'provider:network_type': 'vlan'} arg_list = self.extension_attributes - net1 = self._make_network(self.fmt, 'parent_net', True, + net1 = self._make_network(self.fmt, 'parent_net', True, as_admin=True, arg_list=arg_list, **kwargs) self._make_subnet(self.fmt, net1, '10.0.1.1', '10.0.1.0/24') parent = self._make_port(self.fmt, net1['network']['id'])['port'] parent_id = parent['id'] - net2 = self._make_network(self.fmt, 'child_net', True, + net2 = self._make_network(self.fmt, 'child_net', True, as_admin=True, arg_list=arg_list, **kwargs) self._make_subnet(self.fmt, net2, '10.0.2.1', '10.0.2.0/24') subport = self._make_port(self.fmt, net2['network']['id'])['port'] @@ -6733,7 +6765,7 @@ class TestPortBinding(ApicAimTestCase): arg_list = self.extension_attributes + ('provider:physical_network',) kwargs = {'provider:network_type': parent_net_type, 'provider:physical_network': parent_physnet} - net1 = self._make_network(self.fmt, 'parent_net', True, + net1 = self._make_network(self.fmt, 'parent_net', True, as_admin=True, arg_list=arg_list, **kwargs) self._make_subnet(self.fmt, net1, '10.0.1.1', '10.0.1.0/24') parent_port = self._make_baremetal_port(net1['network']['tenant_id'], @@ -6745,7 +6777,7 @@ class TestPortBinding(ApicAimTestCase): kwargs = {'provider:network_type': subport_net_type, 'provider:physical_network': subport_physnet} sb_net1 = self._make_network(self.fmt, 'subport_net1', True, - arg_list=arg_list, **kwargs) + as_admin=True, arg_list=arg_list, **kwargs) self._make_subnet(self.fmt, sb_net1, '20.0.1.1', '20.0.1.0/24') subport_net1_port = self._make_baremetal_port( sb_net1['network']['tenant_id'], @@ -6754,7 +6786,8 @@ class TestPortBinding(ApicAimTestCase): epg = self.aim_mgr.get(aim_ctx, epg) sb_net2 = self._make_network(self.fmt, 'subport_net2', True, - arg_list=arg_list, **kwargs) + as_admin=True, arg_list=arg_list, + **kwargs) self._make_subnet(self.fmt, sb_net2, '20.0.2.1', '20.0.2.0/24') subport_net2_port = self._make_baremetal_port( sb_net2['network']['tenant_id'], @@ -6846,13 +6879,15 @@ class TestPortBinding(ApicAimTestCase): bottom_bound_physnet=bottom_bound_physnet, expected_binding_info=expected_binding_info) # Check the subport binding. - subport = self._show('ports', subport_net1_port['id'])['port'] + subport = self._show('ports', subport_net1_port['id'], + as_admin=True)['port'] self.assertEqual(kwargs['binding:profile'], subport['binding:profile']) self.assertEqual('other', subport['binding:vif_type']) self.assertEqual('host1', subport['binding:host_id']) # Verify the other port (not yet a subport) isn't bound. - subport = self._show('ports', subport_net2_port['id'])['port'] + subport = self._show('ports', subport_net2_port['id'], + as_admin=True)['port'] self.assertEqual('unbound', subport['binding:vif_type']) # Test addition and deletion of subports to the @@ -6865,7 +6900,8 @@ class TestPortBinding(ApicAimTestCase): self._update_trunk(net1['network']['tenant_id'], trunk['id'], add_subports) # Check the subport binding. - subport = self._show('ports', subport_net2_port['id'])['port'] + subport = self._show('ports', subport_net2_port['id'], + as_admin=True)['port'] self.assertEqual(kwargs['binding:profile'], subport['binding:profile']) self.assertEqual('other', subport['binding:vif_type']) @@ -6886,7 +6922,8 @@ class TestPortBinding(ApicAimTestCase): trunk['id'], subports, remove=True) for subport, net in ((subport_net1_port, sb_net1), (subport_net2_port, sb_net2)): - subport = self._show('ports', subport['id'])['port'] + subport = self._show('ports', subport['id'], + as_admin=True)['port'] self.assertEqual({}, subport['binding:profile']) self.assertEqual({}, subport['binding:vif_details']) self.assertEqual('unbound', subport['binding:vif_type']) @@ -6920,7 +6957,7 @@ class TestPortBinding(ApicAimTestCase): kwargs = {'provider:network_type': subport_net_type, 'provider:physical_network': baremetal_physnet} net1 = self._make_network(self.fmt, 'parent_net', True, - arg_list=arg_list, **kwargs) + as_admin=True, arg_list=arg_list, **kwargs) self._make_subnet(self.fmt, net1, '10.0.1.1', '10.0.1.0/24') parent_port = self._make_baremetal_port(net1['network']['tenant_id'], net1['network']['id'])['port'] @@ -6932,13 +6969,13 @@ class TestPortBinding(ApicAimTestCase): kwargs = {'provider:network_type': subport_net_type, 'provider:physical_network': sb_physnet} sb_net1 = self._make_network(self.fmt, 'subport_net1', True, - arg_list=arg_list, **kwargs) + as_admin=True, arg_list=arg_list, **kwargs) self._make_subnet(self.fmt, sb_net1, '20.0.1.1', '20.0.1.0/24') subport_net1_port = self._make_baremetal_port( sb_net1['network']['tenant_id'], sb_net1['network']['id'])['port'] sb_net2 = self._make_network(self.fmt, 'subport_net2', True, - arg_list=arg_list, **kwargs) + as_admin=True, arg_list=arg_list, **kwargs) self._make_subnet(self.fmt, sb_net2, '20.0.2.1', '20.0.2.0/24') subport_net2_port = self._make_baremetal_port( sb_net2['network']['tenant_id'], @@ -6949,7 +6986,7 @@ class TestPortBinding(ApicAimTestCase): 'provider:segmentation_id': 135, 'provider:physical_network': baremetal_physnet} other_net1 = self._make_network(self.fmt, 'other_net1', True, - arg_list=arg_list, **kwargs) + as_admin=True, arg_list=arg_list, **kwargs) self._make_subnet(self.fmt, other_net1, '10.0.2.1', '10.0.2.0/24') other_net1_port = self._make_baremetal_port( other_net1['network']['tenant_id'], @@ -6961,7 +6998,7 @@ class TestPortBinding(ApicAimTestCase): 'provider:segmentation_id': 137, 'provider:physical_network': sb_physnet} other_net2 = self._make_network(self.fmt, 'other_net2', True, - arg_list=arg_list, **kwargs) + as_admin=True, arg_list=arg_list, **kwargs) self._make_subnet(self.fmt, other_net2, '10.0.3.1', '10.0.3.0/24') # Add a port as a subport to the trunk before binding the parent # port. In this case, the subport belongs to a nework with a static @@ -8018,14 +8055,14 @@ class TestExtensionAttributes(ApicAimTestCase): def test_external_network_fail(self): # APIC DN not specified - resp = self._create_network(self.fmt, 'net1', True, + resp = self._create_network(self.fmt, 'net1', True, as_admin=True, arg_list=self.extension_attributes, **{'router:external': True, DN: {'Foo': 'bar'}}) self.assertEqual(400, resp.status_code) # APIC DN is wrong - resp = self._create_network(self.fmt, 'net1', True, + resp = self._create_network(self.fmt, 'net1', True, as_admin=True, arg_list=self.extension_attributes, **{'router:external': True, DN: {'ExternalNetwork': 'uni/tenant-t1/ext-l1/instP-n2'}}) @@ -8038,12 +8075,14 @@ class TestExtensionAttributes(ApicAimTestCase): data = {'network': {DN: {'ExternalNetwork': 'uni/tn-t1/out-l1/instP-n2'}}} - req = self.new_update_request('networks', data, net1['id'], self.fmt) + req = self.new_update_request('networks', data, net1['id'], + self.fmt, as_admin=True) resp = req.get_response(self.api) self.assertEqual(resp.status_code, 400) data = {'network': {'apic:nat_type': ''}} - req = self.new_update_request('networks', data, net1['id'], self.fmt) + req = self.new_update_request('networks', data, net1['id'], + self.fmt, as_admin=True) resp = req.get_response(self.api) self.assertEqual(resp.status_code, 400) @@ -8228,24 +8267,26 @@ class TestExtensionAttributes(ApicAimTestCase): # update router self._update('routers', rtr1['id'], - {'router': {PROV: [], CONS: ['k']}}) - rtr1 = self._show('routers', rtr1['id'])['router'] + {'router': {PROV: [], CONS: ['k']}}, as_admin=True) + rtr1 = self._show('routers', rtr1['id'], as_admin=True)['router'] self.assertEqual([], rtr1[PROV]) self.assertEqual(['k'], rtr1[CONS]) rtr1 = self._list( - 'routers', query_params=('id=%s' % rtr1['id']))['routers'][0] + 'routers', query_params=('id=%s' % rtr1['id']), + as_admin=True)['routers'][0] self.assertEqual([], rtr1[PROV]) self.assertEqual(['k'], rtr1[CONS]) self._update('routers', rtr1['id'], - {'router': {PROV: ['p1', 'p2']}}) - rtr1 = self._show('routers', rtr1['id'])['router'] + {'router': {PROV: ['p1', 'p2']}}, as_admin=True) + rtr1 = self._show('routers', rtr1['id'], as_admin=True)['router'] self.assertEqual(['p1', 'p2'], sorted(rtr1[PROV])) self.assertEqual(['k'], rtr1[CONS]) rtr1 = self._list( - 'routers', query_params=('id=%s' % rtr1['id']))['routers'][0] + 'routers', query_params=('id=%s' % rtr1['id']), + as_admin=True)['routers'][0] self.assertEqual(['p1', 'p2'], sorted(rtr1[PROV])) self.assertEqual(['k'], rtr1[CONS]) @@ -8256,27 +8297,30 @@ class TestExtensionAttributes(ApicAimTestCase): with db_api.CONTEXT_WRITER.using(ctx): extn.set_router_extn_db(ctx.session, rtr2['id'], {PROV: [], CONS: []}) - rtr2 = self._show('routers', rtr2['id'])['router'] + rtr2 = self._show('routers', rtr2['id'], as_admin=True)['router'] self.assertEqual([], rtr2[PROV]) self.assertEqual([], rtr2[CONS]) rtr2 = self._list( - 'routers', query_params=('id=%s' % rtr2['id']))['routers'][0] + 'routers', query_params=('id=%s' % rtr2['id']), + as_admin=True)['routers'][0] self.assertEqual([], rtr2[PROV]) self.assertEqual([], rtr2[CONS]) rtr2 = self._update('routers', rtr2['id'], - {'router': {PROV: ['p1', 'p2']}})['router'] + {'router': {PROV: ['p1', 'p2']}}, + as_admin=True)['router'] self.assertEqual(['p1', 'p2'], sorted(rtr2[PROV])) self.assertEqual([], rtr2[CONS]) rtr2 = self._list( - 'routers', query_params=('id=%s' % rtr2['id']))['routers'][0] + 'routers', query_params=('id=%s' % rtr2['id']), + as_admin=True)['routers'][0] self.assertEqual(['p1', 'p2'], sorted(rtr2[PROV])) self.assertEqual([], rtr2[CONS]) # Test the full list which will invoke the bulk extension - rtrs = self._list('routers')['routers'] + rtrs = self._list('routers', as_admin=True)['routers'] self.assertEqual(3, len(rtrs)) for rtr in rtrs: self._check_router(rtr) @@ -8291,7 +8335,7 @@ class TestExtensionAttributes(ApicAimTestCase): self.assertEqual([], rtr[CONS]) # delete - self._delete('routers', rtr1['id']) + self._delete('routers', rtr1['id'], as_admin=True) with db_api.CONTEXT_READER.using(ctx): self.assertEqual({PROV: [], CONS: []}, extn.get_router_extn_db(ctx.session, rtr1['id'])) @@ -8500,7 +8544,7 @@ class TestExtensionAttributes(ApicAimTestCase): port_data.get('apic:erspan_config')) def test_erspan_exceptions(self): - net1 = self._make_network(self.fmt, 'net1', True) + net1 = self._make_network(self.fmt, 'net1', True, as_admin=True) self._make_subnet( self.fmt, net1, '10.0.0.1', '10.0.0.0/24')['subnet'] # Make network with ERSPAN config, but isn't an instance port. @@ -8508,7 +8552,7 @@ class TestExtensionAttributes(ApicAimTestCase): 'apic:erspan_config': [{'dest_ip': '192.168.0.10', 'flow_id': 1023}], 'project_id': 'tenant1'}} - req = self.new_create_request('ports', data, self.fmt) + req = self.new_create_request('ports', data, self.fmt, as_admin=True) resp = req.get_response(self.api) result = self.deserialize(self.fmt, resp) self.assertEqual( @@ -8529,7 +8573,7 @@ class TestExtensionAttributes(ApicAimTestCase): self.assertEqual( 'InvalidPortForErspanSession', result['NeutronError']['type']) - net2 = self._make_network(self.fmt, 'net2', True, + net2 = self._make_network(self.fmt, 'net2', True, as_admin=True, arg_list=('provider:physical_network', 'provider:network_type', SVI), **{'provider:physical_network': 'physnet3', @@ -8542,7 +8586,7 @@ class TestExtensionAttributes(ApicAimTestCase): 'flow_id': 1023}], 'device_owner': 'compute:', 'project_id': 'tenant1'}} - req = self.new_create_request('ports', data, self.fmt) + req = self.new_create_request('ports', data, self.fmt, as_admin=True) resp = req.get_response(self.api) result = self.deserialize(self.fmt, resp) self.assertEqual( @@ -8554,7 +8598,8 @@ class TestExtensionAttributes(ApicAimTestCase): data = {'port': {'apic:erspan_config': [{'dest_ip': '192.168.0.10', 'flow_id': 1023}], 'device_owner': 'compute:'}} - req = self.new_update_request('ports', data, p2['id'], self.fmt) + req = self.new_update_request('ports', data, p2['id'], + self.fmt, as_admin=True) resp = req.get_response(self.api) result = self.deserialize(self.fmt, resp) self.assertEqual( @@ -8724,7 +8769,7 @@ class TestExtensionAttributes(ApicAimTestCase): device_owner='compute:', tenant_id='tenant2', arg_list=('apic:erspan_config',), - **erspan_config)['port'] + **erspan_config, as_admin=True)['port'] self.assertEqual(erspan_config.get('apic:erspan_config'), p2['apic:erspan_config']) self._bind_port_to_host(p2['id'], 'host1') @@ -9148,7 +9193,8 @@ class TestExternalConnectivityBase(object): for idx in range(0, len(subnets)): self.mock_ns.reset_mock() self._router_interface_action('add', router['id'], - subnets[idx]['id'], None) + subnets[idx]['id'], None, + as_admin=True) if idx == 0: provided = sorted(prov, key=lambda x: x.name) consumed = sorted(cons, key=lambda x: x.name) @@ -9205,7 +9251,8 @@ class TestExternalConnectivityBase(object): for idx in range(0, len(subnets)): self.mock_ns.reset_mock() self._router_interface_action('remove', router['id'], - subnets[idx]['id'], None) + subnets[idx]['id'], None, + as_admin=True) aname = self.name_mapper.network( None, subnets[idx]['network_id']) aim_bd = aim_resource.BridgeDomain( @@ -9234,7 +9281,7 @@ class TestExternalConnectivityBase(object): self._validate() self.mock_ns.reset_mock() - self._delete('routers', router['id']) + self._delete('routers', router['id'], as_admin=True) dv.assert_not_called() def test_router_interface(self): @@ -9283,7 +9330,8 @@ class TestExternalConnectivityBase(object): CONS: ['co-1']})['router'] objs.append(tuple([router, [sub1]])) - self._router_interface_action('add', router['id'], sub1['id'], None) + self._router_interface_action('add', router['id'], sub1['id'], + None, as_admin=True) self.mock_ns.connect_vrf.assert_not_called() tenant_aname = self.name_mapper.project( @@ -9297,9 +9345,9 @@ class TestExternalConnectivityBase(object): self.mock_ns.reset_mock() self._update('routers', router['id'], - {'router': - {'external_gateway_info': {'network_id': - ext_net1['id']}}}) + {'router': + {'external_gateway_info': {'network_id': + ext_net1['id']}}}, as_admin=True) contract = self.name_mapper.router(None, router['id']) a_ext_net1 = aim_resource.ExternalNetwork( tenant_name=self.t1_aname, l3out_name='l1', name='n1') @@ -9327,9 +9375,9 @@ class TestExternalConnectivityBase(object): self.mock_ns.reset_mock() self._update('routers', router['id'], - {'router': - {'external_gateway_info': {'network_id': - ext_net2['id']}}}) + {'router': + {'external_gateway_info': {'network_id': + ext_net2['id']}}}, as_admin=True) a_ext_net2 = aim_resource.ExternalNetwork( tenant_name=self.t1_aname, l3out_name='l2', name='n2') p1_ext2 = aim_resource.ExternalNetworkProvidedContract( @@ -9365,7 +9413,7 @@ class TestExternalConnectivityBase(object): self.mock_ns.reset_mock() self._update('routers', router['id'], {'router': - {PROV: []}}) + {PROV: []}}, as_admin=True) a_ext_net2 = aim_resource.ExternalNetwork( tenant_name=self.t1_aname, l3out_name='l2', name='n2') consumed = sorted([crc_ext2, c1_ext2], key=lambda x: x.name) @@ -9376,7 +9424,7 @@ class TestExternalConnectivityBase(object): self.mock_ns.reset_mock() self._update('routers', router['id'], {'router': - {CONS: ['co-1', 'co-2']}}) + {CONS: ['co-1', 'co-2']}}, as_admin=True) a_ext_net2 = aim_resource.ExternalNetwork( tenant_name=self.t1_aname, l3out_name='l2', name='n2') consumed = sorted([crc_ext2, c1_ext2, c2_ext2], key=lambda x: x.name) @@ -9386,7 +9434,7 @@ class TestExternalConnectivityBase(object): self.mock_ns.reset_mock() self._update('routers', router['id'], - {'router': {'external_gateway_info': {}}}) + {'router': {'external_gateway_info': {}}}, as_admin=True) dv.assert_called_once_with(mock.ANY, a_ext_net2, a_vrf, epg_name=None) @@ -9482,18 +9530,20 @@ class TestExternalConnectivityBase(object): if x: sub_id = None intf_port = self._make_port(self.fmt, net['id'], - fixed_ips=[{'subnet_id': sub1['id']}])['port']['id'] + fixed_ips=[{'subnet_id': sub1['id']}], + as_admin=True)['port']['id'] else: sub_id = sub1['id'] intf_port = None self._router_interface_action('add', r['id'], sub_id, - intf_port) + intf_port, as_admin=True) routers.append(r['id']) contracts.append(self.name_mapper.router(None, r['id'])) cv.assert_not_called() self._validate() - self._add_external_gateway_to_router(routers[0], ext_nets[0]) + self._add_external_gateway_to_router(routers[0], + ext_nets[0], as_admin=True) prov_ext1 = [] cons_ext1 = [] for con in contracts: @@ -9523,7 +9573,8 @@ class TestExternalConnectivityBase(object): tenant_name=a_ext_nets[1].tenant_name, l3out_name=a_ext_nets[1].l3out_name, ext_net_name=a_ext_nets[1].name, name=con)) - self._add_external_gateway_to_router(routers[1], ext_nets[1]) + self._add_external_gateway_to_router(routers[1], ext_nets[1], + as_admin=True) if shared_l3out: provided = sorted(prov_ext2, key=lambda x: x.name) consumed = sorted(cons_ext2, key=lambda x: x.name) @@ -9539,7 +9590,8 @@ class TestExternalConnectivityBase(object): self._validate() self.mock_ns.reset_mock() - self._router_interface_action('remove', routers[0], sub1['id'], None) + self._router_interface_action('remove', routers[0], sub1['id'], + None, as_admin=True) if shared_l3out: cv.assert_called_once_with(mock.ANY, a_ext_nets[0], a_vrf, provided_contracts=[prov_ext2[1]], @@ -9553,7 +9605,8 @@ class TestExternalConnectivityBase(object): self._validate() self.mock_ns.reset_mock() - self._router_interface_action('remove', routers[1], sub1['id'], None) + self._router_interface_action('remove', routers[1], sub1['id'], + None, as_admin=True) dv.assert_called_once_with(mock.ANY, a_ext_nets[1], a_vrf, epg_name=None) self._validate() @@ -9603,7 +9656,7 @@ class TestExternalConnectivityBase(object): with self.port(subnet=sub) as port: port = self._bind_port_to_host(port['port']['id'], 'host1') port['port']['dns_name'] = '' - port = self._show('ports', port['port']['id']) + port = self._show('ports', port['port']['id'], as_admin=True) p.append(port['port']) mock_notif = mock.Mock(side_effect=self.port_notif_verifier()) @@ -9680,10 +9733,10 @@ class TestExternalConnectivityBase(object): self.fmt, {'network': net}, '10.10.1.1', '10.10.1.0/24')['subnet'] port_calls = [] for x in range(0, 2): - with self.port(subnet={'subnet': sub}) as p: + with self.port(subnet={'subnet': sub}, is_admin=True) as p: p = self._bind_port_to_host(p['port']['id'], 'host1')['port'] p['dns_name'] = '' - p = self._show('ports', p['id'])['port'] + p = self._show('ports', p['id'], as_admin=True)['port'] port_calls.append(mock.call(mock.ANY, p)) router = self._make_router( @@ -9691,18 +9744,20 @@ class TestExternalConnectivityBase(object): # set external gateway - expect no notifications self._update('routers', router['id'], - {'router': - {'external_gateway_info': {'network_id': - ext_net1['id']}}}) + {'router': + {'external_gateway_info': {'network_id': + ext_net1['id']}}}, as_admin=True) mock_notif.assert_not_called() # connect subnet to router - notifications expected - self._router_interface_action('add', router['id'], sub['id'], None) + self._router_interface_action('add', router['id'], sub['id'], + None, as_admin=True) mock_notif.assert_has_calls(port_calls, any_order=True) # disconnect subnet from router - notifications expected mock_notif.reset_mock() - self._router_interface_action('remove', router['id'], sub['id'], None) + self._router_interface_action('remove', router['id'], sub['id'], + None, as_admin=True) mock_notif.assert_has_calls(port_calls, any_order=True) def test_port_notif_router_gateway_op(self): @@ -9726,18 +9781,19 @@ class TestExternalConnectivityBase(object): sub = self._make_subnet( self.fmt, {'network': net}, '10.10.%d.1' % x, '10.10.%d.0/24' % x) - with self.port(subnet=sub) as p: + with self.port(subnet=sub, is_admin=True) as p: p = self._bind_port_to_host(p['port']['id'], 'host1')['port'] p['dns_name'] = '' subnets.append(sub['subnet']) - p = self._show('ports', p['id'])['port'] + p = self._show('ports', p['id'], as_admin=True)['port'] port_calls.append(mock.call(mock.ANY, p)) # add router - expect notifications router = self._make_router( self.fmt, net['tenant_id'], 'router1')['router'] for sub in subnets: - self._router_interface_action('add', router['id'], sub['id'], None) + self._router_interface_action('add', router['id'], sub['id'], + None, as_admin=True) mock_notif.assert_has_calls(port_calls, any_order=True) # add, update or delete a snat subnet - expect no notifications @@ -9763,9 +9819,9 @@ class TestExternalConnectivityBase(object): # set external gateway - expect notifications mock_notif.reset_mock() self._update('routers', router['id'], - {'router': - {'external_gateway_info': {'network_id': - ext_net1['id']}}}) + {'router': + {'external_gateway_info': {'network_id': + ext_net1['id']}}}, as_admin=True) mock_notif.assert_has_calls(port_calls, any_order=True) # add, update or delete a snat subnet - expect notifications @@ -9794,7 +9850,8 @@ class TestExternalConnectivityBase(object): # unset external gateway - expect notifications mock_notif.reset_mock() self._update('routers', router['id'], - {'router': {'external_gateway_info': {}}}) + {'router': {'external_gateway_info': {}}}, + as_admin=True) mock_notif.assert_has_calls(port_calls, any_order=True) def test_shared_unscoped_network(self): @@ -9843,7 +9900,8 @@ class TestExternalConnectivityBase(object): tenant_id='tenant_1')['network'] sub1 = self._make_subnet(self.fmt, {'network': net1}, '10.10.10.1', '10.10.10.0/24')['subnet'] - self._router_interface_action('add', router['id'], sub1['id'], None) + self._router_interface_action('add', router['id'], sub1['id'], + None, as_admin=True) a_vrf1 = aim_resource.VRF( tenant_name=self.name_mapper.project(None, 'tenant_1'), name='DefaultVRF') @@ -9856,10 +9914,12 @@ class TestExternalConnectivityBase(object): # it to router r1 self.mock_ns.reset_mock() net2 = self._make_network(self.fmt, 'net2', True, - tenant_id='tenant_2', shared=True)['network'] + tenant_id='tenant_2', shared=True, + as_admin=True)['network'] sub2 = self._make_subnet(self.fmt, {'network': net2}, '20.20.20.1', '20.20.20.0/24')['subnet'] - self._router_interface_action('add', router['id'], sub2['id'], None) + self._router_interface_action('add', router['id'], sub2['id'], + None, as_admin=True) a_vrf2 = aim_resource.VRF( tenant_name=self.name_mapper.project(None, 'tenant_2'), name='DefaultVRF') @@ -9876,19 +9936,22 @@ class TestExternalConnectivityBase(object): tenant_id='test-tenant')['network'] sub3 = self._make_subnet(self.fmt, {'network': net3}, '30.30.30.1', '30.30.30.0/24')['subnet'] - self._router_interface_action('add', router['id'], sub3['id'], None) + self._router_interface_action('add', router['id'], sub3['id'], + None, as_admin=True) cv.assert_not_called() dv.assert_not_called() # 4. Disconnect net3 from r1 self.mock_ns.reset_mock() - self._router_interface_action('remove', router['id'], sub3['id'], None) + self._router_interface_action('remove', router['id'], sub3['id'], + None, as_admin=True) cv.assert_not_called() dv.assert_not_called() # 5. Disconnect net2 from r1 self.mock_ns.reset_mock() - self._router_interface_action('remove', router['id'], sub2['id'], None) + self._router_interface_action('remove', router['id'], sub2['id'], + None, as_admin=True) cv.assert_called_once_with(mock.ANY, a_ext_net1, a_vrf1, provided_contracts=[prov], consumed_contracts=[cons], epg_name=None) @@ -9897,7 +9960,8 @@ class TestExternalConnectivityBase(object): # 6. Disconnect net1 from r1 self.mock_ns.reset_mock() - self._router_interface_action('remove', router['id'], sub1['id'], None) + self._router_interface_action('remove', router['id'], sub1['id'], + None, as_admin=True) cv.assert_not_called() dv.assert_called_once_with(mock.ANY, a_ext_net1_no_contracts, a_vrf1, epg_name=None) @@ -10364,7 +10428,7 @@ class TestSnatIpAllocation(ApicAimTestCase): # allocate FIP by external address res = self._make_floatingip(self.fmt, ext_net['id'], floating_ip='100.100.100.10', - http_status=400) + http_status=400, as_admin=True) self.assertEqual('SnatPoolCannotBeUsedForFloatingIp', res['NeutronError']['type']) @@ -10393,7 +10457,8 @@ class TestSnatIpAllocation(ApicAimTestCase): # FIP with external-address fip2 = self._make_floatingip(self.fmt, ext_net['id'], - floating_ip='250.100.100.3')['floatingip'] + floating_ip='250.100.100.3', + as_admin=True)['floatingip'] self.assertEqual('250.100.100.3', fip2['floating_ip_address']) # FIP with no IP specifications - exhaust all available IPs @@ -10461,7 +10526,7 @@ class TestPortVlanNetwork(ApicAimTestCase): self.assertEqual('h1', static_path.host) self.assertEqual('vlan-%s' % vlan_h1, static_path.encap) self._validate() - p1 = self._show('ports', p1['port']['id']) + p1 = self._show('ports', p1['port']['id'], as_admin=True) # The update to host_routes should trigger the port updates port_calls = [mock.call(mock.ANY, p1['port'])] @@ -11160,7 +11225,7 @@ class TestPortVlanNetwork(ApicAimTestCase): net_type = cfg.CONF.ml2.tenant_network_types[0] if not is_svi: net1 = self._make_network( - self.fmt, 'net1', True, + self.fmt, 'net1', True, as_admin=True, arg_list=('provider:physical_network', 'provider:network_type'), **{'provider:physical_network': 'physnet3', @@ -11169,7 +11234,7 @@ class TestPortVlanNetwork(ApicAimTestCase): else: if bgp_enabled: net1 = self._make_network( - self.fmt, 'net1', True, + self.fmt, 'net1', True, as_admin=True, arg_list=('provider:physical_network', 'provider:network_type', SVI, BGP, BGP_TYPE, ASN), @@ -11180,7 +11245,7 @@ class TestPortVlanNetwork(ApicAimTestCase): 'apic:bgp_asn': '3'})['network'] else: net1 = self._make_network( - self.fmt, 'net1', True, + self.fmt, 'net1', True, as_admin=True, arg_list=('provider:physical_network', 'provider:network_type', SVI), **{'provider:physical_network': 'physnet3', @@ -11297,7 +11362,7 @@ class TestPortVlanNetwork(ApicAimTestCase): # test the fallback if not is_svi: net2 = self._make_network( - self.fmt, 'net2', True, + self.fmt, 'net2', True, as_admin=True, arg_list=('provider:physical_network', 'provider:network_type'), **{'provider:physical_network': 'physnet2', @@ -11306,7 +11371,7 @@ class TestPortVlanNetwork(ApicAimTestCase): else: if not bgp_enabled: net2 = self._make_network( - self.fmt, 'net2', True, + self.fmt, 'net2', True, as_admin=True, arg_list=('provider:physical_network', 'provider:network_type', SVI), **{'provider:physical_network': 'physnet2', @@ -11314,7 +11379,7 @@ class TestPortVlanNetwork(ApicAimTestCase): 'apic:svi': 'True'})['network'] else: net2 = self._make_network( - self.fmt, 'net2', True, + self.fmt, 'net2', True, as_admin=True, arg_list=('provider:physical_network', 'provider:network_type', SVI, BGP, BGP_TYPE, ASN), @@ -11991,7 +12056,7 @@ class TestPortOnPhysicalNode(TestPortVlanNetwork): self._register_agent('opflex-1', AGENT_CONF_OPFLEX) net1 = self._make_network( - self.fmt, 'net1', True, + self.fmt, 'net1', True, as_admin=True, arg_list=('provider:physical_network', 'provider:network_type'), **{'provider:physical_network': 'physnet3', 'provider:network_type': 'opflex'})['network'] @@ -12042,7 +12107,7 @@ class TestPortOnPhysicalNode(TestPortVlanNetwork): self._register_agent('opflex-1', AGENT_CONF_OPFLEX) self._register_agent('opflex-2', AGENT_CONF_OPFLEX) net1 = self._make_network( - self.fmt, 'net1', True, + self.fmt, 'net1', True, as_admin=True, arg_list=('provider:physical_network', 'provider:network_type'), **{'provider:physical_network': 'physnet3', 'provider:network_type': 'opflex'})['network'] @@ -12112,6 +12177,33 @@ class TestPortOnPhysicalNode(TestPortVlanNetwork): set(self._doms(epg1.physical_domains, with_type=False))) + def _test_create_default_sg_from_template(self, default_sg, default_sg_id): + context = n_context.get_admin_context() + plugin = directory.get_plugin() + wrapped_rules_for_default_sg = [] + with db_api.CONTEXT_WRITER.using(context): + for rule in test_securitygroup.RULES_TEMPLATE_FOR_DEFAULT_SG: + if rule['remote_group_id']: + rule['remote_group_id'] = default_sg_id + wrapped_rules_for_default_sg.append({ + 'tenant_id': default_sg['tenant_id'], + 'security_group_id': default_sg_id, + **rule, + 'remote_ip_prefix': None, + 'remote_address_group_id': None, + 'normalized_cidr': None, + 'description': None, + 'project_id': default_sg['tenant_id'] + }) + + for rule in wrapped_rules_for_default_sg: + try: + plugin.create_security_group_rule(context, { + 'security_group_rule': rule}) + except Exception as e: + logging.error( + f"Security group rule creation failed: {e}") + def _test_sg_update_remote_groups(self): session = db_api.get_reader_session() extn = extn_db.ExtensionDbMixin() @@ -12133,13 +12225,18 @@ class TestPortOnPhysicalNode(TestPortVlanNetwork): default_sg_id)['security_group'] tenant_aname = self.name_mapper.project(None, default_sg['tenant_id']) + if not default_sg.get('security_group_rules'): + self._test_create_default_sg_from_template( + default_sg, default_sg_id) + default_sg = self._show('security-groups', + default_sg_id)['security_group'] for sg_rule in default_sg['security_group_rules']: if sg_rule['remote_group_id'] and sg_rule['ethertype'] == 'IPv4': break aim_sg_rule = self._get_sg_rule( - sg_rule['id'], 'default', default_sg_id, tenant_aname) + sg_rule['id'], 'default', default_sg_id, tenant_aname) self.assertEqual( - aim_sg_rule.remote_group_id, sg_rule['remote_group_id']) + aim_sg_rule.remote_group_id, sg_rule['remote_group_id']) if extn.get_hpp_normalized(session): rg_cont = self._check_sg_remote_group_container(default_sg_id, @@ -12236,7 +12333,7 @@ class TestPortOnPhysicalNode(TestPortVlanNetwork): data = {'port': {'security_groups': [default_sg_id]}} port = self._update('ports', port['id'], data)['port'] aim_sg_rule = self._get_sg_rule( - sg_rule['id'], 'default', default_sg_id, tenant_aname) + sg_rule['id'], 'default', default_sg_id, tenant_aname) aim_sg_rule1 = self._get_sg_rule( sg_rule1['id'], 'default', default_sg_id, tenant_aname) if extn.get_hpp_normalized(session): @@ -12336,12 +12433,19 @@ class TestPortOnPhysicalNode(TestPortVlanNetwork): port = self._make_port(self.fmt, net['id'], fixed_ips=fixed_ips, tenant_id='tenant_1')['port'] default_sg_id = port['security_groups'][0] - default_sg = self._show('security-groups', - default_sg_id)['security_group'] + default_sg = self._show('security-groups', default_sg_id, + tenant_id='tenant_1')['security_group'] + tenant_aname = self.name_mapper.project(None, default_sg['tenant_id']) + + if not default_sg.get('security_group_rules'): + self._test_create_default_sg_from_template( + default_sg, default_sg_id) + default_sg = self._show('security-groups', default_sg_id, + tenant_id='tenant_1')['security_group'] + for sg_rule in default_sg['security_group_rules']: if sg_rule['remote_group_id'] and sg_rule['ethertype'] == 'IPv4': break - tenant_aname = self.name_mapper.project(None, default_sg['tenant_id']) aim_sg_rule = self._get_sg_rule( sg_rule['id'], 'default', default_sg_id, tenant_aname) if extn.get_hpp_normalized(session): @@ -12366,7 +12470,8 @@ class TestPortOnPhysicalNode(TestPortVlanNetwork): remote_group_id=default_sg_id, ethertype=n_constants.IPv4) rules = {'security_group_rules': [rule1['security_group_rule']]} sg_rule1 = self._make_security_group_rule( - self.fmt, rules, tenant_id='tenant_2')['security_group_rules'][0] + self.fmt, rules, tenant_id='tenant_2', + as_admin=True)['security_group_rules'][0] aim_sg_rule1 = self._get_sg_rule( sg_rule1['id'], 'default', default_sg_id, tenant_aname) if extn.get_hpp_normalized(session): @@ -12438,11 +12543,16 @@ class TestPortOnPhysicalNode(TestPortVlanNetwork): fixed_ips=fixed_ips)['port'] default_sg_id = port['security_groups'][0] default_sg = self._show('security-groups', - default_sg_id)['security_group'] + default_sg_id)['security_group'] + tenant_aname = self.name_mapper.project(None, default_sg['tenant_id']) + if not default_sg.get('security_group_rules'): + self._test_create_default_sg_from_template( + default_sg, default_sg_id) + default_sg = self._show('security-groups', + default_sg_id)['security_group'] for sg_rule in default_sg['security_group_rules']: if sg_rule['remote_group_id'] and sg_rule['ethertype'] == 'IPv4': break - tenant_aname = self.name_mapper.project(None, default_sg['tenant_id']) aim_sg_rule = self._get_sg_rule( sg_rule['id'], 'default', default_sg_id, tenant_aname) self.assertEqual(aim_sg_rule.remote_ips, ['10.0.1.100']) @@ -12528,7 +12638,7 @@ class TestPortOnPhysicalNode(TestPortVlanNetwork): self._register_agent('opflex-2a', AGENT_CONF_OPFLEX) self._register_agent('opflex-3', AGENT_CONF_OPFLEX) net1 = self._make_network( - self.fmt, 'net1', True, + self.fmt, 'net1', True, as_admin=True, arg_list=('provider:physical_network', 'provider:network_type'), **{'provider:physical_network': 'physnet3', @@ -12675,7 +12785,7 @@ class TestPortOnPhysicalNode(TestPortVlanNetwork): aim_ctx = aim_context.AimContext(self.db_session) self._register_agent('opflex-1', AGENT_CONF_OPFLEX) net1 = self._make_network( - self.fmt, 'net1', True, + self.fmt, 'net1', True, as_admin=True, arg_list=('provider:physical_network', 'provider:network_type'), **{'provider:physical_network': 'physnet3', 'provider:network_type': 'opflex'})['network'] @@ -12764,7 +12874,7 @@ class TestPortOnPhysicalNode(TestPortVlanNetwork): self._register_agent('opflex-1', AGENT_CONF_OPFLEX) self._register_agent('opflex-2', AGENT_CONF_OPFLEX) net1 = self._make_network( - self.fmt, 'net1', True, + self.fmt, 'net1', True, as_admin=True, arg_list=('provider:physical_network', 'provider:network_type'), **{'provider:physical_network': 'physnet3', @@ -13217,7 +13327,7 @@ class TestPortOnPhysicalNodeSingleDriver(TestPortOnPhysicalNode): net_arg_list += (SVI,) net_kwargs.update({SVI: 'True'}) net1 = self._make_network( - self.fmt, 'net1', True, + self.fmt, 'net1', True, as_admin=True, arg_list=net_arg_list, **net_kwargs)['network'] # Bind the port using a single interface or VPC on one physnet. with self.subnet(network={'network': net1}): @@ -13232,7 +13342,7 @@ class TestPortOnPhysicalNodeSingleDriver(TestPortOnPhysicalNode): validate_static_path_and_doms(aim_ctx, is_svi, net1, kv_dict_1, physical_domain, vlan_p1) net2 = self._make_network( - self.fmt, 'net2', True, + self.fmt, 'net2', True, as_admin=True, arg_list=net_arg_list, **net_kwargs)['network'] # Bind the port using a single interface or VPC on the same physnet. with self.subnet(network={'network': net2}): @@ -13539,7 +13649,7 @@ class TestOpflexRpc(ApicAimTestCase): if apic_svi: kwargs.update({'apic:svi': 'True'}) - network = self._make_network(self.fmt, 'net1', True, + network = self._make_network(self.fmt, 'net1', True, as_admin=True, arg_list=self.extension_attributes, **kwargs) net1 = network['network'] @@ -13586,7 +13696,7 @@ class TestOpflexRpc(ApicAimTestCase): if apic_svi: kwargs.update({'apic:svi': 'True'}) - network = self._make_network(self.fmt, 'net1', True, + network = self._make_network(self.fmt, 'net1', True, as_admin=True, arg_list=self.extension_attributes, **kwargs) net1 = network['network'] @@ -13754,7 +13864,8 @@ class TestUpdateRouterSubnet(ApicAimTestCase): 'external_fixed_ips': fixed_ips} } } - router = self._update('routers', router_id, data)['router'] + router = self._update('routers', router_id, data, + as_admin=True)['router'] self._check_ip_in_cidr(router ['external_gateway_info']['external_fixed_ips'][0]['ip_address'], fip_sub['cidr']) @@ -13811,7 +13922,8 @@ class TestUpdateRouterSubnet(ApicAimTestCase): {'network_id': ext_net['id'], 'external_fixed_ips': fixed_ips} }} - router = self._update('routers', router_id, data)['router'] + router = self._update('routers', router_id, data, + as_admin=True)['router'] self._check_ip_in_cidr(router ['external_gateway_info']['external_fixed_ips'][0]['ip_address'], @@ -13871,7 +13983,8 @@ class TestUpdateRouterSubnet(ApicAimTestCase): router = self._make_router( self.fmt, self._tenant_id, 'router1', external_gateway_info={'network_id': ext_net['id'], - 'external_fixed_ips': fixed_ips})['router'] + 'external_fixed_ips': fixed_ips}, + as_admin=True)['router'] router_id = router['id'] self._check_ip_in_cidr(router ['external_gateway_info']['external_fixed_ips'][0]['ip_address'], @@ -13928,14 +14041,16 @@ class TestUpdateRouterSubnet(ApicAimTestCase): # Update the subnet attribute, and check if gateway works self._update('subnets', snat_sub['id'], {'subnet': {SNAT_SUBNET_ONLY: False}}) - router = self._update('routers', router_id, data)['router'] + router = self._update('routers', router_id, data, + as_admin=True)['router'] self._check_ip_in_cidr(router ['external_gateway_info']['external_fixed_ips'][0]['ip_address'], snat_sub['cidr']) # Remove the gateway data = {'router': {'external_gateway_info': {}}} - router = self._update('routers', router_id, data)['router'] + router = self._update('routers', router_id, data, + as_admin=True)['router'] self.assertIsNone(router['external_gateway_info']) def test_router_add_gateway_invalid_network(self): diff --git a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_extension_driver_api.py b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_extension_driver_api.py index 1f27dbf5d..0e1f4cc7f 100644 --- a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_extension_driver_api.py +++ b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_extension_driver_api.py @@ -42,7 +42,7 @@ class ExtensionDriverTestCase(test_plugin.Ml2PlusPluginV2TestCase): data = {'subnetpool': {'prefixes': ['10.0.0.0/8'], 'name': 'sp1', 'tenant_id': tenant_id}} - req = self.new_create_request('subnetpools', data) + req = self.new_create_request('subnetpools', data, as_admin=True) res = req.get_response(self.api) self.assertEqual(code, res.status_int) @@ -57,7 +57,8 @@ class ExtensionDriverTestCase(test_plugin.Ml2PlusPluginV2TestCase): sp_id = subnetpool['subnetpool']['id'] new_name = 'a_brand_new_name' data = {'subnetpool': {'name': new_name}} - req = self.new_update_request('subnetpools', data, sp_id) + req = self.new_update_request('subnetpools', data, sp_id, + as_admin=True) res = req.get_response(self.api) self.assertEqual(code, res.status_int) error = self.deserialize(self.fmt, res) @@ -99,7 +100,7 @@ class ExtensionDriverTestCase(test_plugin.Ml2PlusPluginV2TestCase): self.assertIsNotNone(ent) # Test list subnetpools - res = self._list('subnetpools') + res = self._list('subnetpools', as_admin=True) val = res['subnetpools'][0].get('subnetpool_extension') self.assertEqual('Test_SubnetPool_Extension_extend', val) @@ -108,7 +109,7 @@ class ExtensionDriverTestCase(test_plugin.Ml2PlusPluginV2TestCase): {'subnetpool_extension': 'Test_SubnetPool_Extension_Update'}} res = self._update('subnetpools', subnetpool['subnetpool']['id'], - data) + data, as_admin=True) val = res['subnetpool'].get('subnetpool_extension') self.assertEqual('Test_SubnetPool_Extension_Update_update', val) @@ -132,7 +133,7 @@ class ExtensionDriverTestCase(test_plugin.Ml2PlusPluginV2TestCase): data = {'address_scope': {'ip_version': 4, 'name': 'as1', 'tenant_id': tenant_id}} - req = self.new_create_request('address-scopes', data) + req = self.new_create_request('address-scopes', data, as_admin=True) res = req.get_response(self.ext_api) self.assertEqual(code, res.status_int) @@ -147,7 +148,8 @@ class ExtensionDriverTestCase(test_plugin.Ml2PlusPluginV2TestCase): as_id = address_scope['address_scope']['id'] new_name = 'a_brand_new_name' data = {'address_scope': {'name': new_name}} - req = self.new_update_request('address-scopes', data, as_id) + req = self.new_update_request('address-scopes', data, + as_id, as_admin=True) res = req.get_response(self.ext_api) self.assertEqual(code, res.status_int) error = self.deserialize(self.fmt, res) @@ -190,7 +192,7 @@ class ExtensionDriverTestCase(test_plugin.Ml2PlusPluginV2TestCase): self.assertIsNotNone(ent) # Test list address_scopes - res = self._list('address-scopes') + res = self._list('address-scopes', as_admin=True) val = res['address_scopes'][0].get('address_scope_extension') self.assertEqual('Test_AddressScope_Extension_extend', val) @@ -199,7 +201,8 @@ class ExtensionDriverTestCase(test_plugin.Ml2PlusPluginV2TestCase): {'address_scope_extension': 'Test_AddressScope_Extension_Update'}} res = self._update('address-scopes', - address_scope['address_scope']['id'], data) + address_scope['address_scope']['id'], data, + as_admin=True) val = res['address_scope'].get('address_scope_extension') self.assertEqual('Test_AddressScope_Extension_Update_update', val) @@ -235,12 +238,12 @@ class DBExtensionDriverTestCase(test_plugin.Ml2PlusPluginV2TestCase): sp_id = subnetpool['subnetpool']['id'] val = subnetpool['subnetpool']['subnetpool_extension'] self.assertEqual("", val) - res = self._show('subnetpools', sp_id) + res = self._show('subnetpools', sp_id, as_admin=True) val = res['subnetpool']['subnetpool_extension'] self.assertEqual("", val) # Test list. - res = self._list('subnetpools') + res = self._list('subnetpools', as_admin=True) val = res['subnetpools'][0]['subnetpool_extension'] self.assertEqual("", val) @@ -250,22 +253,23 @@ class DBExtensionDriverTestCase(test_plugin.Ml2PlusPluginV2TestCase): 'name': 'sp2', 'tenant_id': 't1', 'subnetpool_extension': 'abc'}} - req = self.new_create_request('subnetpools', data, self.fmt) + req = self.new_create_request('subnetpools', data, self.fmt, + as_admin=True) res = req.get_response(self.api) subnetpool = self.deserialize(self.fmt, res) subnetpool_id = subnetpool['subnetpool']['id'] val = subnetpool['subnetpool']['subnetpool_extension'] self.assertEqual("abc", val) - res = self._show('subnetpools', subnetpool_id) + res = self._show('subnetpools', subnetpool_id, as_admin=True) val = res['subnetpool']['subnetpool_extension'] self.assertEqual("abc", val) # Test update. data = {'subnetpool': {'subnetpool_extension': "def"}} - res = self._update('subnetpools', subnetpool_id, data) + res = self._update('subnetpools', subnetpool_id, data, as_admin=True) val = res['subnetpool']['subnetpool_extension'] self.assertEqual("def", val) - res = self._show('subnetpools', subnetpool_id) + res = self._show('subnetpools', subnetpool_id, as_admin=True) val = res['subnetpool']['subnetpool_extension'] self.assertEqual("def", val) @@ -276,12 +280,12 @@ class DBExtensionDriverTestCase(test_plugin.Ml2PlusPluginV2TestCase): as_id = address_scope['address_scope']['id'] val = address_scope['address_scope']['address_scope_extension'] self.assertEqual("", val) - res = self._show('address-scopes', as_id) + res = self._show('address-scopes', as_id, as_admin=True) val = res['address_scope']['address_scope_extension'] self.assertEqual("", val) # Test list. - res = self._list('address-scopes') + res = self._list('address-scopes', as_admin=True) val = res['address_scopes'][0]['address_scope_extension'] self.assertEqual("", val) @@ -291,21 +295,23 @@ class DBExtensionDriverTestCase(test_plugin.Ml2PlusPluginV2TestCase): 'name': 'as2', 'tenant_id': 't1', 'address_scope_extension': 'abc'}} - req = self.new_create_request('address-scopes', data, self.fmt) + req = self.new_create_request('address-scopes', data, self.fmt, + as_admin=True) res = req.get_response(self.ext_api) address_scope = self.deserialize(self.fmt, res) address_scope_id = address_scope['address_scope']['id'] val = address_scope['address_scope']['address_scope_extension'] self.assertEqual("abc", val) - res = self._show('address-scopes', address_scope_id) + res = self._show('address-scopes', address_scope_id, as_admin=True) val = res['address_scope']['address_scope_extension'] self.assertEqual("abc", val) # Test update. data = {'address_scope': {'address_scope_extension': "def"}} - res = self._update('address-scopes', address_scope_id, data) + res = self._update('address-scopes', address_scope_id, data, + as_admin=True) val = res['address_scope']['address_scope_extension'] self.assertEqual("def", val) - res = self._show('address-scopes', address_scope_id) + res = self._show('address-scopes', address_scope_id, as_admin=True) val = res['address_scope']['address_scope_extension'] self.assertEqual("def", val) diff --git a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_l3_apic_aim.py b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_l3_apic_aim.py index e8d73daea..cd3598eec 100644 --- a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_l3_apic_aim.py +++ b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_l3_apic_aim.py @@ -149,7 +149,7 @@ class TestCiscoApicAimL3Plugin(test_aim_mapping_driver.AIMBaseTestCase): # there will be four calls in total to the event handler self._verify_event_handler_calls(floatingip, expected_call_count=2) - self._delete('floatingips', floatingip['id']) + self._delete('floatingips', floatingip['id'], as_admin=True) # Expecting 2 more calls - 1 for the port, 1 for the floatingip self._verify_event_handler_calls( [internal_port, floatingip], expected_call_count=4) diff --git a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_plugin.py b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_plugin.py index be06d6fb7..f60c6e036 100644 --- a/gbpservice/neutron/tests/unit/plugins/ml2plus/test_plugin.py +++ b/gbpservice/neutron/tests/unit/plugins/ml2plus/test_plugin.py @@ -121,7 +121,8 @@ class TestEnsureTenant(Ml2PlusPluginV2TestCase): 'tenant_id': 't2'}}, {'network': {'name': 'n3', 'tenant_id': 't1'}}] - res = self._create_bulk_from_list(self.fmt, 'network', networks) + res = self._create_bulk_from_list(self.fmt, 'network', networks, + as_admin=True) self.assertEqual(201, res.status_int) et.assert_has_calls([mock.call(mock.ANY, 't1'), mock.call(mock.ANY, 't2')], @@ -134,7 +135,7 @@ class TestEnsureTenant(Ml2PlusPluginV2TestCase): with mock.patch.object(mech_logger.LoggerPlusMechanismDriver, 'ensure_tenant') as et: self._make_subnet(self.fmt, net, None, '10.0.0.0/24', - tenant_id='t1') + tenant_id='t1', as_admin=True) et.assert_called_once_with(mock.ANY, 't1') def test_subnet_bulk(self): @@ -158,7 +159,8 @@ class TestEnsureTenant(Ml2PlusPluginV2TestCase): 'ip_version': 4, 'cidr': '10.0.3.0/24', 'tenant_id': 't1'}}] - res = self._create_bulk_from_list(self.fmt, 'subnet', subnets) + res = self._create_bulk_from_list(self.fmt, 'subnet', subnets, + as_admin=True) self.assertEqual(201, res.status_int) et.assert_has_calls([mock.call(mock.ANY, 't1'), mock.call(mock.ANY, 't2')], @@ -170,7 +172,8 @@ class TestEnsureTenant(Ml2PlusPluginV2TestCase): with mock.patch.object(mech_logger.LoggerPlusMechanismDriver, 'ensure_tenant') as et: - self._make_port(self.fmt, net['network']['id'], tenant_id='t1') + self._make_port(self.fmt, net['network']['id'], tenant_id='t1', + as_admin=True) et.assert_has_calls([mock.call(mock.ANY, 't1')]) self.assertEqual(2, et.call_count) @@ -189,7 +192,8 @@ class TestEnsureTenant(Ml2PlusPluginV2TestCase): {'port': {'name': 'n3', 'network_id': network_id, 'tenant_id': 't1'}}] - res = self._create_bulk_from_list(self.fmt, 'port', ports) + res = self._create_bulk_from_list(self.fmt, 'port', ports, + as_admin=True) self.assertEqual(201, res.status_int) et.assert_has_calls([mock.call(mock.ANY, 't1'), mock.call(mock.ANY, 't2')], @@ -238,7 +242,7 @@ class TestSubnetPool(Ml2PlusPluginV2TestCase): with mock.patch.object(mech_logger.LoggerPlusMechanismDriver, 'update_subnetpool_postcommit') as post: res = self._update('subnetpools', subnetpool['id'], - data)['subnetpool'] + data, as_admin=True)['subnetpool'] self.assertEqual('newnameforsubnetpool', res['name']) self.assertEqual(1, pre.call_count) @@ -262,7 +266,7 @@ class TestSubnetPool(Ml2PlusPluginV2TestCase): self.plugin.get_subnetpool) with mock.patch.object(mech_logger.LoggerPlusMechanismDriver, 'delete_subnetpool_postcommit') as post: - self._delete('subnetpools', subnetpool['id']) + self._delete('subnetpools', subnetpool['id'], as_admin=True) self.assertEqual(1, pre.call_count) self.assertEqual('sp1', @@ -303,7 +307,7 @@ class TestAddressScope(Ml2PlusPluginV2TestCase): with mock.patch.object(mech_logger.LoggerPlusMechanismDriver, 'update_address_scope_postcommit') as post: res = self._update('address-scopes', address_scope['id'], - data)['address_scope'] + data, as_admin=True)['address_scope'] self.assertEqual('newnameforaddress_scope', res['name']) self.assertEqual(1, pre.call_count) @@ -326,7 +330,8 @@ class TestAddressScope(Ml2PlusPluginV2TestCase): pre.side_effect = self.exist_checker(self.plugin.get_address_scope) with mock.patch.object(mech_logger.LoggerPlusMechanismDriver, 'delete_address_scope_postcommit') as post: - self._delete('address-scopes', address_scope['id']) + self._delete('address-scopes', address_scope['id'], + as_admin=True) self.assertEqual(1, pre.call_count) self.assertEqual('as1', diff --git a/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_mapping_driver.py b/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_mapping_driver.py index e06318167..6fb3d3548 100644 --- a/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_mapping_driver.py +++ b/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_mapping_driver.py @@ -225,7 +225,7 @@ class AIMBaseTestCase(test_nr_base.CommonNeutronBaseTestCase, extn_attr = ('router:external', DN, 'apic:nat_type', 'apic:snat_host_pool') - net = self._make_network(self.fmt, name, True, + net = self._make_network(self.fmt, name, True, as_admin=True, arg_list=extn_attr, **kwargs)['network'] subnet = self._make_subnet( @@ -259,11 +259,9 @@ class AIMBaseTestCase(test_nr_base.CommonNeutronBaseTestCase, attrs.update(kwargs) req = self.new_create_request('address-scopes', - {'address_scope': attrs}, self.fmt) - if not admin: - neutron_context = nctx.Context('', kwargs.get('tenant_id', - self._tenant_id)) - req.environ['neutron.context'] = neutron_context + {'address_scope': attrs}, self.fmt, + tenant_id=kwargs.get('tenant_id', + self._tenant_id), as_admin=admin) res = req.get_response(self.ext_api) if expected_status: @@ -323,7 +321,7 @@ class AIMBaseTestCase(test_nr_base.CommonNeutronBaseTestCase, req.get_response(self.api))['subnet'] def _show_port(self, id): - req = self.new_show_request('ports', id, fmt=self.fmt) + req = self.new_show_request('ports', id, fmt=self.fmt, as_admin=True) return self.deserialize(self.fmt, req.get_response(self.api))['port'] def _show_network(self, id): @@ -332,7 +330,7 @@ class AIMBaseTestCase(test_nr_base.CommonNeutronBaseTestCase, req.get_response(self.api))['network'] def _show_subnetpool(self, id): - req = self.new_show_request('subnetpools', id, fmt=self.fmt) + req = self.new_show_request('subnetpools', id, as_admin=True) return self.deserialize(self.fmt, req.get_response(self.api))['subnetpool'] @@ -593,7 +591,8 @@ class AIMBaseTestCase(test_nr_base.CommonNeutronBaseTestCase, for version in subnetpools_versions: sp_id = l3p[version][0] subpool = self._show_subnetpool(sp_id) - req = self.new_show_request('subnetpools', sp_id, fmt=self.fmt) + req = self.new_show_request('subnetpools', sp_id, fmt=self.fmt, + as_admin=True) res = self.deserialize(self.fmt, req.get_response(self.api)) subpool = res['subnetpool'] self.assertIn(subpool['prefixes'][0], l3p['ip_pool']) @@ -629,7 +628,8 @@ class AIMBaseTestCase(test_nr_base.CommonNeutronBaseTestCase, self.assertEqual(webob.exc.HTTPNoContent.code, res.status_int) for version in subnetpools_versions: sp_id = l3p[version][0] - req = self.new_show_request('subnetpools', sp_id, fmt=self.fmt) + req = self.new_show_request('subnetpools', sp_id, fmt=self.fmt, + as_admin=True) res = req.get_response(self.api) if explicit_subnetpool or ( version == 'subnetpools_v4' and v4_default) or ( @@ -681,7 +681,7 @@ class AIMBaseTestCase(test_nr_base.CommonNeutronBaseTestCase, if tenant_id: kwargs['tenant_id'] = tenant_id - net = self._make_network(self.fmt, network_name, True, + net = self._make_network(self.fmt, network_name, True, as_admin=True, arg_list=self.extension_attributes, **kwargs)['network'] gw = str(netaddr.IPAddress(netaddr.IPNetwork(cidr).first + 1)) @@ -3353,7 +3353,7 @@ class TestPolicyTarget(AIMBaseTestCase, kwargs[DN] = {EXTERNAL_NETWORK: dn} extn_attr = ('router:external', DN) - net = self._make_network(self.fmt, name, True, + net = self._make_network(self.fmt, name, True, as_admin=True, arg_list=extn_attr, **kwargs)['network'] subnet = self._make_subnet( @@ -5688,29 +5688,34 @@ class TestNeutronPortOperation(AIMBaseTestCase): device_owner='compute:', fixed_ips=[{'subnet_id': t2sub1['id']}, {'subnet_id': t2sub2['id']}], - allowed_address_pairs=allow_addr_active_aap) + allowed_address_pairs=allow_addr_active_aap, + as_admin=True) # create 2 ports configured with the same allowed-addresses p1 = self._make_port(self.fmt, net['network']['id'], arg_list=('allowed_address_pairs',), device_owner='compute:', fixed_ips=[{'subnet_id': sub1['id']}], - allowed_address_pairs=allow_addr)['port'] + allowed_address_pairs=allow_addr, + as_admin=True)['port'] t2p1 = self._make_port(self.fmt, t2net['network']['id'], arg_list=('allowed_address_pairs',), device_owner='compute:', fixed_ips=[{'subnet_id': t2sub1['id']}], - allowed_address_pairs=allow_addr)['port'] + allowed_address_pairs=allow_addr, + as_admin=True)['port'] p2 = self._make_port(self.fmt, net['network']['id'], arg_list=('allowed_address_pairs',), device_owner='compute:', fixed_ips=[{'subnet_id': sub1['id']}], - allowed_address_pairs=allow_addr)['port'] + allowed_address_pairs=allow_addr, + as_admin=True)['port'] t2p2 = self._make_port(self.fmt, t2net['network']['id'], arg_list=('allowed_address_pairs',), device_owner='compute:', fixed_ips=[{'subnet_id': t2sub1['id']}], - allowed_address_pairs=allow_addr)['port'] + allowed_address_pairs=allow_addr, + as_admin=True)['port'] self._bind_port_to_host(p1['id'], 'h1') self._bind_port_to_host(t2p1['id'], 'h1') self._bind_port_to_host(p_active_aap['id'], 'h1') @@ -5721,8 +5726,8 @@ class TestNeutronPortOperation(AIMBaseTestCase): # belong to a different active_acitve_aap mode. self._update('ports', p_active_aap['id'], {'port': {'allowed_address_pairs': allow_addr}}, - neutron_context=self._neutron_admin_context, - expected_code=webob.exc.HTTPBadRequest.code) + expected_code=webob.exc.HTTPBadRequest.code, + as_admin=True) # Call agent => plugin RPC to get the details for each port. The # results should only have the configured AAPs, with none of them @@ -5824,19 +5829,23 @@ class TestNeutronPortOperation(AIMBaseTestCase): p3 = self._make_port(self.fmt, net['network']['id'], device_owner='compute:', fixed_ips=[{'subnet_id': sub2['id'], - 'ip_address': '1.2.3.250'}])['port'] + 'ip_address': '1.2.3.250'}], + as_admin=True)['port'] t2p3 = self._make_port(self.fmt, t2net['network']['id'], device_owner='compute:', fixed_ips=[{'subnet_id': t2sub2['id'], - 'ip_address': '1.2.3.250'}])['port'] + 'ip_address': '1.2.3.250'}], + as_admin=True)['port'] p4 = self._make_port(self.fmt, net['network']['id'], device_owner='compute:', fixed_ips=[{'subnet_id': sub2['id'], - 'ip_address': '1.2.3.251'}])['port'] + 'ip_address': '1.2.3.251'}], + as_admin=True)['port'] t2p4 = self._make_port(self.fmt, t2net['network']['id'], device_owner='compute:', fixed_ips=[{'subnet_id': t2sub2['id'], - 'ip_address': '1.2.3.251'}])['port'] + 'ip_address': '1.2.3.251'}], + as_admin=True)['port'] self.l3_plugin.add_router_interface( self._neutron_admin_context, rtr['id'], {'subnet_id': sub1['id']}) self.l3_plugin.add_router_interface( @@ -5848,9 +5857,11 @@ class TestNeutronPortOperation(AIMBaseTestCase): self._neutron_admin_context, t2rtr['id'], {'subnet_id': t2sub2['id']}) fip1 = self._make_floatingip(self.fmt, t2net_ext['id'], - port_id=t2p3['id'])['floatingip'] + port_id=t2p3['id'], + as_admin=True)['floatingip'] fip2 = self._make_floatingip(self.fmt, t2net_ext['id'], - port_id=t2p4['id'])['floatingip'] + port_id=t2p4['id'], + as_admin=True)['floatingip'] details = self.mech_driver.get_gbp_details( self._neutron_admin_context, device='tap%s' % t2p1['id'], host='h1') @@ -5904,7 +5915,7 @@ class TestNeutronPortOperation(AIMBaseTestCase): # from the old pair are removed from the mapping table p1 = self._update('ports', p1['id'], {'port': {'allowed_address_pairs': update_addr}}, - neutron_context=self._neutron_admin_context)['port'] + as_admin=True)['port'] ips = self.mech_driver.get_ha_ipaddresses_for_port(p1['id']) self.assertEqual(ips, []) # Request ownership of the new AAP @@ -5922,7 +5933,7 @@ class TestNeutronPortOperation(AIMBaseTestCase): p2 = self._update('ports', p2['id'], {'port': {'allowed_address_pairs': update_addr}}, - neutron_context=self._neutron_admin_context)['port'] + as_admin=True)['port'] ips = self.mech_driver.get_ha_ipaddresses_for_port(p2['id']) self.assertEqual(ips, []) # Request ownership of the new AAP diff --git a/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_validation.py b/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_validation.py index 1b91f2655..c33b27f17 100644 --- a/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_validation.py +++ b/gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_validation.py @@ -172,7 +172,7 @@ class TestNeutronMapping(AimValidationTestCase): def _test_routed_subnet(self, subnet_id, gw_ip): # Get the AIM Subnet. - subnet = self._show('subnets', subnet_id)['subnet'] + subnet = self._show('subnets', subnet_id, as_admin=True)['subnet'] sn_dn = subnet['apic:distinguished_names'][gw_ip] sn = aim_resource.Subnet.from_dn(sn_dn) @@ -181,7 +181,7 @@ class TestNeutronMapping(AimValidationTestCase): def _test_unscoped_vrf(self, net_id): # Get the network's AIM VRF. - net = self._show('networks', net_id)['network'] + net = self._show('networks', net_id, as_admin=True)['network'] vrf_dn = net['apic:distinguished_names']['VRF'] vrf = aim_resource.VRF.from_dn(vrf_dn) @@ -283,7 +283,7 @@ class TestNeutronMapping(AimValidationTestCase): # Test subnet. subnet = self._make_subnet( self.fmt, net_resp, '10.0.1.1', '10.0.1.0/24', - tenant_id='subnet_proj')['subnet'] + as_admin=True, tenant_id='subnet_proj')['subnet'] self._test_project_resources(subnet['project_id']) # Test port. Since Neutron creates the default SG for the @@ -292,12 +292,12 @@ class TestNeutronMapping(AimValidationTestCase): # resource owned by port_prog. port = self._make_port( self.fmt, net['id'], security_groups=[], - tenant_id='port_proj')['port'] + as_admin=True, tenant_id='port_proj')['port'] sgs = self._list( 'security-groups', - query_params='project_id=port_proj')['security_groups'] + query_params='project_id=port_proj', + as_admin=True)['security_groups'] self.assertEqual(1, len(sgs)) - self._delete('security-groups', sgs[0]['id']) self._test_project_resources(port['project_id']) # Test security group. @@ -319,8 +319,8 @@ class TestNeutronMapping(AimValidationTestCase): # Test floatingip. kwargs = {'router:external': True} ext_net_resp = self._make_network( - self.fmt, 'ext_net', True, arg_list=self.extension_attributes, - **kwargs) + self.fmt, 'ext_net', True, as_admin=True, + arg_list=self.extension_attributes, **kwargs) ext_net = ext_net_resp['network'] self._make_subnet( self.fmt, ext_net_resp, '100.100.100.1', '100.100.100.0/24') @@ -542,8 +542,8 @@ class TestNeutronMapping(AimValidationTestCase): 'apic:distinguished_names': {'ExternalNetwork': 'uni/tn-common/out-l1/instP-n1'}} net_resp = self._make_network( - self.fmt, 'ext_net', True, arg_list=self.extension_attributes, - **kwargs) + self.fmt, 'ext_net', True, as_admin=True, + arg_list=self.extension_attributes, **kwargs) net = net_resp['network'] self._validate() @@ -774,7 +774,8 @@ class TestNeutronMapping(AimValidationTestCase): 'apic:distinguished_names': {'ExternalNetwork': 'uni/tn-common/out-l1/instP-n1'}} ext_net = self._make_network( - self.fmt, 'ext_net', True, arg_list=self.extension_attributes, + self.fmt, 'ext_net', True, as_admin=True, + arg_list=self.extension_attributes, **kwargs)['network'] # Create extra external network to test CloneL3Out record below. @@ -782,7 +783,7 @@ class TestNeutronMapping(AimValidationTestCase): 'apic:distinguished_names': {'ExternalNetwork': 'uni/tn-common/out-l2/instP-n2'}} self._make_network( - self.fmt, 'extra_ext_net', True, + self.fmt, 'extra_ext_net', True, as_admin=True, arg_list=self.extension_attributes, **kwargs) # Create router as tenant_2. @@ -860,7 +861,8 @@ class TestNeutronMapping(AimValidationTestCase): def test_unscoped_routing(self): # Create shared network and unscoped subnet as tenant_1. net_resp = self._make_network( - self.fmt, 'net1', True, tenant_id='tenant_1', shared=True) + self.fmt, 'net1', True, tenant_id='tenant_1', + as_admin=True, shared=True) net1_id = net_resp['network']['id'] subnet = self._make_subnet( self.fmt, net_resp, '10.0.1.1', '10.0.1.0/24', @@ -886,8 +888,8 @@ class TestNeutronMapping(AimValidationTestCase): 'apic:distinguished_names': {'ExternalNetwork': 'uni/tn-common/out-l1/instP-n1'}} ext_net = self._make_network( - self.fmt, 'ext_net', True, arg_list=self.extension_attributes, - **kwargs)['network'] + self.fmt, 'ext_net', True, as_admin=True, + arg_list=self.extension_attributes, **kwargs)['network'] # Create router as tenant_2. kwargs = {'apic:external_provided_contracts': ['p1', 'p2'], @@ -1181,7 +1183,6 @@ class TestNeutronMapping(AimValidationTestCase): # delete BridgeDomain. bd = aim_resource.BridgeDomain.from_dn(bd_dn) self.aim_mgr.delete(self.aim_ctx, bd) - # delete EndpointGroup. epg = aim_resource.EndpointGroup.from_dn(epg_dn) self.aim_mgr.delete(self.aim_ctx, epg) @@ -1242,7 +1243,7 @@ class TestNeutronMapping(AimValidationTestCase): sg['id'], 'ingress', 'tcp', '22', '23') rules = {'security_group_rules': [rule1['security_group_rule']]} sg_rule = self._make_security_group_rule( - self.fmt, rules)['security_group_rules'][0] + self.fmt, rules, as_admin=True)['security_group_rules'][0] # Test the AIM SecurityGroup. tenant_name = self.driver.aim_mech_driver.name_mapper.project( @@ -1384,8 +1385,8 @@ class TestGbpMapping(AimValidationTestCase): 'apic:distinguished_names': {'ExternalNetwork': 'uni/tn-common/out-l1/instP-n1'}} net_resp = self._make_network( - self.fmt, 'ext_net', True, arg_list=self.extension_attributes, - **kwargs) + self.fmt, 'ext_net', True, as_admin=True, + arg_list=self.extension_attributes, **kwargs) subnet = self._make_subnet( self.fmt, net_resp, '10.0.0.1', '10.0.0.0/24')['subnet'] diff --git a/gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py b/gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py index b42133908..219b1f9ed 100644 --- a/gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py +++ b/gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py @@ -1324,7 +1324,8 @@ class TestPolicyTargetGroup(ResourceMappingTestCase): data = {'policy_target_group': {'l2_policy_id': l2p_id, 'tenant_id': 'admin'}} - req = self.new_create_request('policy_target_groups', data) + req = self.new_create_request('policy_target_groups', + data, as_admin=True) data = self.deserialize(self.fmt, req.get_response(self.ext_api)) self.assertEqual('CrossTenantPolicyTargetGroupL2PolicyNotSupported', data['NeutronError']['type']) @@ -1452,7 +1453,7 @@ class TestL2Policy(ResourceMappingTestCase): def _test_explicit_network_lifecycle(self, shared=False): # Create L2 policy with explicit network. - with self.network(shared=shared) as network: + with self.network(shared=shared, as_admin=True) as network: network_id = network['network']['id'] l2p = self.create_l2_policy(name="l2p1", network_id=network_id, shared=shared) @@ -1583,10 +1584,11 @@ class TestL3Policy(ResourceMappingTestCase, self.assertEqual(router_id, routers[0]) # Verify deleting L3 policy does not cleanup router. - req = self.new_delete_request('l3_policies', l3p_id) + req = self.new_delete_request('l3_policies', l3p_id, as_admin=True) res = req.get_response(self.ext_api) self.assertEqual(webob.exc.HTTPNoContent.code, res.status_int) - req = self.new_show_request('routers', router_id, fmt=self.fmt) + req = self.new_show_request('routers', router_id, fmt=self.fmt, + as_admin=True) res = req.get_response(self.ext_api) self.assertEqual(webob.exc.HTTPOk.code, res.status_int) @@ -1660,8 +1662,8 @@ class TestL3Policy(ResourceMappingTestCase, def test_create_l3p_es(self): # Simple test to verify l3p created with 1-N ES - with self.network(router__external=True) as net1: - with self.network(router__external=True) as net2: + with self.network(router__external=True, as_admin=True) as net1: + with self.network(router__external=True, as_admin=True) as net2: with self.subnet(cidr='10.10.1.0/24', network=net1) as sub1: with self.subnet(cidr='10.10.2.0/24', network=net2) as sub2: @@ -1688,8 +1690,8 @@ class TestL3Policy(ResourceMappingTestCase, def test_update_l3p_es(self): # Simple test to verify l3p updated with 1-N ES - with self.network(router__external=True) as net1: - with self.network(router__external=True) as net2: + with self.network(router__external=True, as_admin=True) as net1: + with self.network(router__external=True, as_admin=True) as net2: with self.subnet(cidr='10.10.1.0/24', network=net1) as sub1: with self.subnet(cidr='10.10.2.0/24', network=net2) as sub2: @@ -1718,8 +1720,8 @@ class TestL3Policy(ResourceMappingTestCase, res['NeutronError']['type']) def test_es_router_plumbing(self): - with self.network(router__external=True) as net1: - with self.network(router__external=True) as net2: + with self.network(router__external=True, as_admin=True) as net1: + with self.network(router__external=True, as_admin=True) as net2: with self.subnet(cidr='10.10.1.0/24', network=net1) as sub1: with self.subnet(cidr='10.10.2.0/24', network=net2) as sub2: @@ -1775,8 +1777,8 @@ class TestL3Policy(ResourceMappingTestCase, {'destination': '172.0.0.0/16', 'nexthop': '10.10.1.1'}] routes2 = [{'destination': '0.0.0.0/0', 'nexthop': '10.10.2.1'}, {'destination': '172.0.0.0/16', 'nexthop': '10.10.2.1'}] - with self.network(router__external=True) as net1: - with self.network(router__external=True) as net2: + with self.network(router__external=True, as_admin=True) as net1: + with self.network(router__external=True, as_admin=True) as net2: with self.subnet(cidr='10.10.1.0/24', network=net1) as sub1: with self.subnet(cidr='10.10.2.0/24', network=net2) as sub2: @@ -1823,7 +1825,8 @@ class TestL3Policy(ResourceMappingTestCase, res['NeutronError']['type']) def _show_subnetpool(self, id): - req = self.new_show_request('subnetpools', id, fmt=self.fmt) + req = self.new_show_request('subnetpools', id, fmt=self.fmt, + as_admin=True) return self.deserialize(self.fmt, req.get_response(self.api))['subnetpool'] @@ -1874,7 +1877,8 @@ class TestL3Policy(ResourceMappingTestCase, for version in subnetpools_versions: sp_id = l3p[version][0] subpool = self._show_subnetpool(sp_id) - req = self.new_show_request('subnetpools', sp_id, fmt=self.fmt) + req = self.new_show_request('subnetpools', sp_id, fmt=self.fmt, + as_admin=True) res = self.deserialize(self.fmt, req.get_response(self.api)) subpool = res['subnetpool'] self.assertIn(subpool['prefixes'][0], l3p['ip_pool']) @@ -1903,7 +1907,8 @@ class TestL3Policy(ResourceMappingTestCase, self.assertEqual(webob.exc.HTTPNoContent.code, res.status_int) for version in subnetpools_versions: sp_id = l3p[version][0] - req = self.new_show_request('subnetpools', sp_id, fmt=self.fmt) + req = self.new_show_request('subnetpools', sp_id, fmt=self.fmt, + as_admin=True) res = req.get_response(self.api) if explicit_subnetpool or ( version == 'subnetpools_v4' and v4_default) or ( @@ -2581,7 +2586,7 @@ class TestPolicyRuleSet(ResourceMappingTestCase): pr = self._create_ssh_allow_rule() prs = self.create_policy_rule_set( policy_rules=[pr['id']])['policy_rule_set'] - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='10.10.1.0/24', network=net) as sub: es = self.create_external_segment( subnet_id=sub['subnet']['id'], @@ -2795,7 +2800,7 @@ class TestExternalSegment(ResourceMappingTestCase): def test_explicit_subnet_lifecycle(self): - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='10.10.1.0/24', network=net) as sub: es = self.create_external_segment( subnet_id=sub['subnet']['id'])['external_segment'] @@ -2809,7 +2814,7 @@ class TestExternalSegment(ResourceMappingTestCase): es['ip_version']) def test_update(self, proxy_ip_pool1=None, proxy_ip_pool2=None): - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='10.10.1.0/24', network=net) as sub: changes = {'port_address_translation': True} es = self.create_external_segment( @@ -2903,7 +2908,7 @@ class TestExternalSegment(ResourceMappingTestCase): def test_update_different_tenant(self): with self.network(router__external=True, shared=True, - tenant_id='admin') as net: + tenant_id='admin', as_admin=True) as net: with self.subnet(cidr='10.10.1.0/24', network=net) as sub: es = self.create_external_segment( subnet_id=sub['subnet']['id'], @@ -2931,7 +2936,7 @@ class TestExternalSegment(ResourceMappingTestCase): self._verify_prs_rules(prs['id']) def test_implicit_es(self): - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: es = self.create_external_segment( name="default", @@ -2952,7 +2957,8 @@ class TestExternalSegment(ResourceMappingTestCase): expected_res_status=200) def test_implicit_es_shared(self): - with self.network(router__external=True, shared=True) as net: + with self.network(router__external=True, shared=True, + as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: es = self.create_external_segment( shared=True, @@ -2974,7 +2980,8 @@ class TestExternalSegment(ResourceMappingTestCase): expected_res_status=200) def test_delete(self): - with self.network(router__external=True, shared=True) as net: + with self.network(router__external=True, shared=True, + as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: es = self.create_external_segment( name="default", @@ -2983,7 +2990,8 @@ class TestExternalSegment(ResourceMappingTestCase): self.show_external_segment(es['id'], expected_res_status=404) def test_delete_in_use(self): - with self.network(router__external=True, shared=True) as net: + with self.network(router__external=True, shared=True, + as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: es = self.create_external_segment( name="default", @@ -2997,7 +3005,8 @@ class TestExternalSegment(ResourceMappingTestCase): self.show_external_segment(es['id'], expected_res_status=200) def test_update_l3p_remove_es(self): - with self.network(router__external=True, shared=True) as net: + with self.network(router__external=True, shared=True, + as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: self.create_external_segment( name="default", subnet_id=sub['subnet']['id']) @@ -3011,7 +3020,7 @@ class TestExternalSegment(ResourceMappingTestCase): class TestExternalPolicy(ResourceMappingTestCase): def test_create(self): - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='10.10.1.0/24', network=net) as sub1: with self.subnet(cidr='10.10.2.0/24', network=net) as sub2: es1 = self.create_external_segment( @@ -3046,7 +3055,7 @@ class TestExternalPolicy(ResourceMappingTestCase): res['NeutronError']['type']) def test_update(self): - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='10.10.1.0/24', network=net) as sub1: with self.subnet(cidr='10.10.2.0/24', network=net) as sub2: route = {'destination': '172.0.0.0/8', 'nexthop': None} @@ -3245,7 +3254,7 @@ class TestNetworkServicePolicy(ResourceMappingTestCase): def test_create_nsp_ip_pool_multiple_ptgs(self): routes = [{'destination': '0.0.0.0/0', 'nexthop': None}] - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: es = self.create_external_segment( name="default", @@ -3308,7 +3317,7 @@ class TestNetworkServicePolicy(ResourceMappingTestCase): def test_nsp_fip_single(self): routes = [{'destination': '0.0.0.0/0', 'nexthop': None}] - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: es = self.create_external_segment( name="default", @@ -3353,7 +3362,7 @@ class TestNetworkServicePolicy(ResourceMappingTestCase): def test_nsp_fip_single_different_pool(self): routes = [{'destination': '0.0.0.0/0', 'nexthop': None}] - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: es = self.create_external_segment( name="default", @@ -3408,7 +3417,7 @@ class TestNetworkServicePolicy(ResourceMappingTestCase): def test_nsp_rejected_without_nat_pool(self): routes = [{'destination': '0.0.0.0/0', 'nexthop': None}] - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: self.create_external_segment( name="default", @@ -3467,8 +3476,8 @@ class TestNetworkServicePolicy(ResourceMappingTestCase): "name": "test"}], expected_res_status=webob.exc.HTTPCreated.code)[ 'network_service_policy'] - with self.network(router__external=True) as net1: - with self.network(router__external=True) as net2: + with self.network(router__external=True, as_admin=True) as net1: + with self.network(router__external=True, as_admin=True) as net2: with self.subnet(cidr='192.168.1.0/24', network=net1) as sub1: with self.subnet( cidr='192.168.2.0/24', network=net2) as sub2: @@ -3500,7 +3509,7 @@ class TestNetworkServicePolicy(ResourceMappingTestCase): def test_nsp_delete_nat_pool_rejected(self): routes = [{'destination': '0.0.0.0/0', 'nexthop': None}] - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: es = self.create_external_segment( name="default", @@ -3526,7 +3535,7 @@ class TestNetworkServicePolicy(ResourceMappingTestCase): def test_update_nsp_nat_pool_after_pt_create(self): routes = [{'destination': '0.0.0.0/0', 'nexthop': None}] - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: es = self.create_external_segment( name="default", @@ -3789,7 +3798,8 @@ class TestNatPool(ResourceMappingTestCase): def _test_overlapping_peer_rejected(self, shared1=False, shared2=False): shared_net = shared1 or shared2 routes = [{'destination': '0.0.0.0/0', 'nexthop': None}] - with self.network(router__external=True, shared=shared_net) as net: + with self.network(router__external=True, shared=shared_net, + as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: es = self.create_external_segment( name="default", @@ -3825,7 +3835,8 @@ class TestNatPool(ResourceMappingTestCase): def _test_implicit_subnet_created(self, shared=False): routes = [{'destination': '0.0.0.0/0', 'nexthop': None}] - with self.network(router__external=True, shared=shared) as net: + with self.network(router__external=True, shared=shared, + as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: es = self.create_external_segment( name="default", @@ -3850,7 +3861,8 @@ class TestNatPool(ResourceMappingTestCase): def _test_partially_overlapping_subnets_rejected(self, shared=False): routes = [{'destination': '0.0.0.0/0', 'nexthop': None}] - with self.network(router__external=True, shared=shared) as net: + with self.network(router__external=True, shared=shared, + as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: with self.subnet(cidr='192.168.1.0/28', network=net): es = self.create_external_segment( @@ -3875,7 +3887,8 @@ class TestNatPool(ResourceMappingTestCase): def _test_overlapping_subnets(self, shared=False): routes = [{'destination': '0.0.0.0/0', 'nexthop': None}] - with self.network(router__external=True, shared=shared) as net: + with self.network(router__external=True, shared=shared, + as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: with self.subnet(cidr='192.168.1.0/24', network=net) as sub2: es = self.create_external_segment( @@ -3901,7 +3914,7 @@ class TestNatPool(ResourceMappingTestCase): def _test_subnet_swap(self, owned=True): routes = [{'destination': '0.0.0.0/0', 'nexthop': None}] - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='192.168.0.0/24', network=net) as sub: es = self.create_external_segment( name="default", subnet_id=sub['subnet']['id'], @@ -3932,7 +3945,8 @@ class TestNatPool(ResourceMappingTestCase): ip_version=4, ip_pool=ip_pool, expected_res_status=webob.exc.HTTPCreated.code)['nat_pool'] sub_id = nat_pool['subnet_id'] - with self.network(router__external=True) as net2: + with self.network(router__external=True, + as_admin=True) as net2: with self.subnet(cidr='192.167.0.0/24', network=net2) as sub2: es2 = self.create_external_segment( @@ -3973,7 +3987,7 @@ class TestNatPool(ResourceMappingTestCase): result['NeutronError']['type']) def test_delete_with_fip_allocated(self): - with self.network(router__external=True) as net: + with self.network(router__external=True, as_admin=True) as net: with self.subnet(cidr='192.168.0.0/30', enable_dhcp=False, network=net) as sub: es = self.create_external_segment( diff --git a/gbpservice/neutron/tests/unit/services/qos/test_aim_qos_driver.py b/gbpservice/neutron/tests/unit/services/qos/test_aim_qos_driver.py index 3bb7bd26e..920ff0a20 100644 --- a/gbpservice/neutron/tests/unit/services/qos/test_aim_qos_driver.py +++ b/gbpservice/neutron/tests/unit/services/qos/test_aim_qos_driver.py @@ -211,7 +211,8 @@ class TestQosPolicy(TestAIMQosBase): kwargs['qos_policy_id'] = net_qos_id resp = self._create_network( - self.fmt, 'net', True, arg_list=tuple(list(kwargs.keys())), + self.fmt, 'net', True, as_admin=True, + arg_list=tuple(list(kwargs.keys())), **kwargs) result = self.deserialize(self.fmt, resp) self.assertEqual( diff --git a/gbpservice/neutron/tests/unit/services/sfc/test_aim_sfc_driver.py b/gbpservice/neutron/tests/unit/services/sfc/test_aim_sfc_driver.py index 5031deb0a..24c28efa3 100644 --- a/gbpservice/neutron/tests/unit/services/sfc/test_aim_sfc_driver.py +++ b/gbpservice/neutron/tests/unit/services/sfc/test_aim_sfc_driver.py @@ -746,12 +746,12 @@ class TestPortPairOpflexAgent(TestAIMServiceFunctionChainingBase): def test_port_pair_with_opflex_agent_vlan_nets(self): # Correct work flow with both nets of type vlan. kwargs = {'provider:network_type': 'vlan'} - net1 = self._make_network(self.fmt, 'net1', True, + net1 = self._make_network(self.fmt, 'net1', True, as_admin=True, arg_list=tuple(list(kwargs.keys())), **kwargs) self._make_subnet(self.fmt, net1, '192.168.0.1', '192.168.0.0/24') p1 = self._make_port(self.fmt, net1['network']['id'])['port'] - net2 = self._make_network(self.fmt, 'net2', True, + net2 = self._make_network(self.fmt, 'net2', True, as_admin=True, arg_list=tuple(list(kwargs.keys())), **kwargs) self._make_subnet(self.fmt, net2, '192.168.1.1', '192.168.1.0/24') p2 = self._make_port(self.fmt, net2['network']['id'])['port'] @@ -766,7 +766,7 @@ class TestPortPairOpflexAgent(TestAIMServiceFunctionChainingBase): def test_port_pair_invalid_with_opflex_agent_opflex_nets(self): # Validate that opflex type nets are invalid. kwargs = {'provider:network_type': 'vlan'} - net1 = self._make_network(self.fmt, 'net1', True, + net1 = self._make_network(self.fmt, 'net1', True, as_admin=True, arg_list=tuple(list(kwargs.keys())), **kwargs) self._make_subnet(self.fmt, net1, '192.168.0.1', '192.168.0.0/24') p1 = self._make_port(self.fmt, net1['network']['id'])['port'] diff --git a/test-requirements.txt b/test-requirements.txt index bbd6d0413..3d5e1a3f3 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -4,19 +4,19 @@ hacking>=6.0.1 # Apache-2.0 # Since version numbers for these are specified in -# https://releases.openstack.org/constraints/upper/2023.1, they cannot be +# https://releases.openstack.org/constraints/upper/2023.2, they cannot be # referenced as GIT URLs. neutron python-heatclient python-keystoneclient --e git+https://opendev.org/openstack/networking-sfc.git@stable/2023.1#egg=networking-sfc +-e git+https://opendev.org/openstack/networking-sfc.git@stable/2023.2#egg=networking-sfc -e git+https://github.com/noironetworks/apicapi.git@master#egg=apicapi --e git+https://github.com/noironetworks/python-opflex-agent.git@stable/2023.1#egg=neutron-opflex-agent +-e git+https://github.com/noironetworks/python-opflex-agent.git@stable/2023.2#egg=neutron-opflex-agent --e git+https://opendev.org/x/python-group-based-policy-client.git@stable/2023.1#egg=python-group-based-policy-client +-e git+https://opendev.org/x/python-group-based-policy-client.git@stable/2023.2#egg=python-group-based-policy-client coverage!=4.4,>=4.0 # Apache-2.0 flake8-import-order==0.12 # LGPLv3 diff --git a/tox.ini b/tox.ini index 0407251be..f860f9f74 100644 --- a/tox.ini +++ b/tox.ini @@ -1,5 +1,5 @@ [tox] -envlist = py38,py39,py310,pep8 +envlist = py38,py39,py310,py311,pep8 minversion = 3.18.0 skipsdist = False ignore_basepython_conflict = True @@ -24,7 +24,7 @@ usedevelop = True install_command = pip install {opts} {packages} deps = - -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/2023.1} + -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/2023.2} -r{toxinidir}/requirements.txt -r{toxinidir}/test-requirements.txt whitelist_externals = sh