[NSX-P] Ensure DHCP binding are always deleted from backend

Perform operations to check if network has DHCP enabled in elevated
context. In this way info will always be retrieved even if the port
delete operation is performed in a context different than the one
of the network owner.

Also adding unit test to validate the scenario.

Change-Id: I25da68d61afbe85687a040d449869b47e61073d4
This commit is contained in:
Salvatore Orlando 2021-04-16 01:51:38 -07:00
parent 85f4e2b993
commit 4c051558e0
2 changed files with 23 additions and 2 deletions

View File

@ -1940,10 +1940,13 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
def _delete_port_policy_dhcp_binding(self, context, port): def _delete_port_policy_dhcp_binding(self, context, port):
# Do not check device_owner here because Nova may have already # Do not check device_owner here because Nova may have already
# deleted that before Neutron's port deletion. # deleted that before Neutron's port deletion.
# These operations need to performed in elevated context as it is not
# possible to guarantee port and network belong to the same tenant
ctx_elevated = context.elevated()
net_id = port['network_id'] net_id = port['network_id']
if not self._is_dhcp_network(context, net_id): if not self._is_dhcp_network(ctx_elevated, net_id):
return return
segment_id = self._get_network_nsx_segment_id(context, net_id) segment_id = self._get_network_nsx_segment_id(ctx_elevated, net_id)
v4_dhcp = v6_dhcp = False v4_dhcp = v6_dhcp = False
for fixed_ip in port['fixed_ips']: for fixed_ip in port['fixed_ips']:

View File

@ -1066,6 +1066,24 @@ class NsxPTestPorts(common_v3.NsxV3TestPorts,
def test_requested_invalid_fixed_ip_address_v6_slaac(self): def test_requested_invalid_fixed_ip_address_v6_slaac(self):
self.skipTest("NSX subnet GW validation") self.skipTest("NSX subnet GW validation")
def test_delete_port_shared_network_with_dhcp_sub(self):
with mock.patch.object(
self.plugin.nsxpolicy.segment_dhcp_static_bindings,
'delete') as mock_delete_binding:
with self.network(shared=True) as network:
with self.subnet(network):
port_res = self._create_port(
self.fmt, network['network']['id'],
exc.HTTPCreated.code,
tenant_id='another_tenant',
set_context=True)
port = self.deserialize(self.fmt, port_res)
self._delete('ports', port['port']['id'])
self._show('ports', port['port']['id'],
expected_code=exc.HTTPNotFound.code)
mock_delete_binding.assert_called_once_with(
network['network']['id'], mock.ANY)
class NsxPTestSubnets(common_v3.NsxV3TestSubnets, class NsxPTestSubnets(common_v3.NsxV3TestSubnets,
NsxPPluginTestCaseMixin): NsxPPluginTestCaseMixin):