NSX|v+v3: Use elevated context for address scopes checks

Change-Id: Ie8f6d676f783681c7eeaae57a0e764eab6f8a1bb
2017-07-06 11:25:39 +03:00 · 2017-07-06 11:25:39 +03:00 · 2687365371
commit 2687365371
parent 9439aa0a76
2 changed files with 8 additions and 8 deletions
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@ -2972,7 +2972,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
            for port in router_ports:
                for fip in port['fixed_ips']:
                    self._validate_address_scope_for_router_interface(
-                        context, router_id,
+                        context.elevated(), router_id,
                        gw_info['network_id'], fip['subnet_id'])

        router_driver = self._find_router_driver(context, router_id)
@ -3296,9 +3296,9 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                # if the subnets address scope is the same as the gateways:
                # no need for SNAT
                gw_address_scope = self._get_network_address_scope(
-                    context, gw_port['network_id'])
+                    context.elevated(), gw_port['network_id'])
                subnet_address_scope = self._get_subnet_address_scope(
-                    context, subnet['id'])
+                    context.elevated(), subnet['id'])
                if (gw_address_scope and
                    gw_address_scope == subnet_address_scope):
                    LOG.info("No need for SNAT rule for router %(router)s "
@ -3344,7 +3344,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
            return

        gw_address_scope = self._get_network_address_scope(
-            context, gw_port['network_id'])
+            context.elevated(), gw_port['network_id'])
        if gw_address_scope is None:
            return

@ -3355,7 +3355,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
            # if the subnets address scope is the same as the gateways:
            # we should add it to the rule
            subnet_address_scope = self._get_subnet_address_scope(
-                context, subnet['id'])
+                context.elevated(), subnet['id'])
            if (gw_address_scope == subnet_address_scope):
                no_nat_cidrs.append(subnet['cidr'])

@ -3430,7 +3430,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
        if snat_disabled and subnet_id:
            gw_network_id = router[l3.EXTERNAL_GW_INFO]['network_id']
            self._validate_address_scope_for_router_interface(
-                context, router_id, gw_network_id, subnet_id)
+                context.elevated(), router_id, gw_network_id, subnet_id)

        router_driver = self._find_router_driver(context, router_id)
        try:
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -2855,7 +2855,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
            for port in router_ports:
                for fip in port['fixed_ips']:
                    self._validate_address_scope_for_router_interface(
-                        context, router_id,
+                        context.elevated(), router_id,
                        gw_info['network_id'], fip['subnet_id'])

        nsx_router_id = None
@ -3025,7 +3025,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
            if not router_db.enable_snat:
                gw_network_id = router_db.gw_port.network_id
                self._validate_address_scope_for_router_interface(
-                    context, router_id, gw_network_id, subnet['id'])
+                    context.elevated(), router_id, gw_network_id, subnet['id'])

            nsx_router_id = nsx_db.get_nsx_router_id(context.session,
                                                     router_id)