NSX|P: Use LB get_network_from_subnet carefully

Use elevated context to get the subnet and network and check return code

Change-Id: I93b70609e260294723a3fa14e8e96da54b4c30c0

vmware_nsx/services/lbaas/nsx_p/implementation/loadbalancer_mgr.py

@@ -59,7 +59,7 @@ class EdgeLoadBalancerManagerFromDict(base_mgr.NsxpLoadbalancerBaseManager):
             context, self.core_plugin, lb['vip_subnet_id'])
 
         router_id = self._validate_lb_network(context, lb)
-        if not router_id and not network.get('router:external'):
+        if not router_id and network and not network.get('router:external'):
             completor(success=False)
             msg = (_('Cannot create a loadbalancer %(lb_id)s on subnet. '
                      '%(subnet)s is neither public nor connected to the LB '
@@ -83,7 +83,7 @@ class EdgeLoadBalancerManagerFromDict(base_mgr.NsxpLoadbalancerBaseManager):
 
         service_client = self.core_plugin.nsxpolicy.load_balancer.lb_service
         try:
-            if network.get('router:external'):
+            if network and network.get('router:external'):
                 connectivity_path = None
             else:
                 connectivity_path = self.core_plugin.nsxpolicy.tier1.get_path(

vmware_nsx/services/lbaas/nsx_p/implementation/member_mgr.py

@@ -52,7 +52,7 @@ class EdgeMemberManagerFromDict(base_mgr.NsxpLoadbalancerBaseManager):
         network = lb_utils.get_network_from_subnet(
             context, self.core_plugin, subnet_id)
 
-        if not network.get('router:external'):
+        if network and not network.get('router:external'):
             return
 
         # If VIP is attached to an external network, loadbalancer_mgr might not
@@ -91,12 +91,10 @@ class EdgeMemberManagerFromDict(base_mgr.NsxpLoadbalancerBaseManager):
     @log_helpers.log_method_call
     def create(self, context, member, completor):
         pool_client = self.core_plugin.nsxpolicy.load_balancer.lb_pool
+        self._validate_member_lb_connectivity(context, member, completor)
         network = lb_utils.get_network_from_subnet(
             context, self.core_plugin, member['subnet_id'])
-
-        self._validate_member_lb_connectivity(context, member, completor)
-
-        if network.get('router:external'):
+        if network and network.get('router:external'):
             fixed_ip = self._get_info_from_fip(context, member['address'])
         else:
             fixed_ip = member['address']
@@ -120,7 +118,7 @@ class EdgeMemberManagerFromDict(base_mgr.NsxpLoadbalancerBaseManager):
     def update(self, context, old_member, new_member, completor):
         network = lb_utils.get_network_from_subnet(
             context, self.core_plugin, new_member['subnet_id'])
-        if network.get('router:external'):
+        if network and network.get('router:external'):
             fixed_ip = self._get_info_from_fip(context, new_member['address'])
         else:
             fixed_ip = new_member['address']
@@ -145,7 +143,7 @@ class EdgeMemberManagerFromDict(base_mgr.NsxpLoadbalancerBaseManager):
     def delete(self, context, member, completor):
         network = lb_utils.get_network_from_subnet(
             context, self.core_plugin, member['subnet_id'])
-        if network.get('router:external'):
+        if network and network.get('router:external'):
             fixed_ip = self._get_info_from_fip(context, member['address'])
         else:
             fixed_ip = member['address']

vmware_nsx/services/lbaas/nsx_v3/implementation/lb_utils.py

@@ -45,9 +45,9 @@ def get_tags(plugin, resource_id, resource_type, project_id, project_name):
 
 @log_helpers.log_method_call
 def get_network_from_subnet(context, plugin, subnet_id):
-    subnet = plugin.get_subnet(context, subnet_id)
+    subnet = plugin.get_subnet(context.elevated(), subnet_id)
     if subnet:
-        return plugin.get_network(context, subnet['network_id'])
+        return plugin.get_network(context.elevated(), subnet['network_id'])
 
 
 @log_helpers.log_method_call