From e68c57edca5afc70585217c419747981b9e9e3f3 Mon Sep 17 00:00:00 2001 From: Adit Sarfaty Date: Sun, 12 Nov 2017 08:25:22 +0200 Subject: [PATCH] NSX|V: use elevated context to get external net for router gw Commit I04e155cb92be65f4d5e8e9a4c21e6ca736aff82c broke our plugins Change-Id: I7b8376dcaeb38a759cc732a19797b36de096ade9 --- vmware_nsx/plugins/common/plugin.py | 27 +++++++++++++++++++++ vmware_nsx/plugins/nsx_v/plugin.py | 25 ------------------- vmware_nsx/plugins/nsx_v3/plugin.py | 19 --------------- vmware_nsx/tests/unit/nsx_v3/test_plugin.py | 11 +++++++++ 4 files changed, 38 insertions(+), 44 deletions(-) diff --git a/vmware_nsx/plugins/common/plugin.py b/vmware_nsx/plugins/common/plugin.py index f26147b58a..441c5c5ad6 100644 --- a/vmware_nsx/plugins/common/plugin.py +++ b/vmware_nsx/plugins/common/plugin.py @@ -27,6 +27,7 @@ from neutron_lib.api.definitions import network as net_def from neutron_lib.api.definitions import port as port_def from neutron_lib.api.definitions import subnet as subnet_def from neutron_lib.api import validators +from neutron_lib import constants from neutron_lib import context as n_context from neutron_lib import exceptions as n_exc from neutron_lib.plugins import directory @@ -281,3 +282,29 @@ class NsxPluginBase(db_base_plugin_v2.NeutronDbPluginV2, if validators.is_attr_set(fixed_ip_list) and len(fixed_ip_list) > 1: msg = _('Exceeded maximum amount of fixed ips per port') raise n_exc.InvalidInput(error_message=msg) + + def _extract_external_gw(self, context, router, is_extract=True): + r = router['router'] + gw_info = constants.ATTR_NOT_SPECIFIED + # First extract the gateway info in case of updating + # gateway before edge is deployed. + if 'external_gateway_info' in r: + gw_info = r.get('external_gateway_info', {}) + if is_extract: + del r['external_gateway_info'] + network_id = (gw_info.get('network_id') if gw_info + else None) + if network_id: + ext_net = self._get_network(context.elevated(), network_id) + if not ext_net.external: + msg = (_("Network '%s' is not a valid external network") % + network_id) + raise n_exc.BadRequest(resource='router', msg=msg) + + subnets = self._get_subnets_by_network(context.elevated(), + network_id) + if not subnets: + msg = _("Cannot update gateway on Network '%s' " + "with no subnet") % network_id + raise n_exc.BadRequest(resource='router', msg=msg) + return gw_info diff --git a/vmware_nsx/plugins/nsx_v/plugin.py b/vmware_nsx/plugins/nsx_v/plugin.py index 50912927c5..72f2f816c2 100644 --- a/vmware_nsx/plugins/nsx_v/plugin.py +++ b/vmware_nsx/plugins/nsx_v/plugin.py @@ -2893,31 +2893,6 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, LOG.debug("Update the DHCP address group to %s", address_groups) return address_groups - def _extract_external_gw(self, context, router, is_extract=True): - r = router['router'] - gw_info = constants.ATTR_NOT_SPECIFIED - # First extract the gateway info in case of updating - # gateway before edge is deployed. - if 'external_gateway_info' in r: - gw_info = r['external_gateway_info'] - if is_extract: - del r['external_gateway_info'] - network_id = (gw_info.get('network_id') if gw_info - else None) - if network_id: - ext_net = self._get_network(context, network_id) - if not ext_net.external: - msg = (_("Network '%s' is not a valid external network") % - network_id) - raise n_exc.BadRequest(resource='router', msg=msg) - - subnets = self._get_subnets_by_network(context, network_id) - if not subnets: - msg = _("Cannot update gateway on Network '%s' " - "with no subnet") % network_id - raise n_exc.BadRequest(resource='router', msg=msg) - return gw_info - def _validate_router_size(self, router): # Check if router-size is specified. router-size can only be specified # for an exclusive non-distributed router; else raise a BadRequest diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py index 07a34f51f5..27bd444b6f 100644 --- a/vmware_nsx/plugins/nsx_v3/plugin.py +++ b/vmware_nsx/plugins/nsx_v3/plugin.py @@ -2995,25 +2995,6 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, return (ports if not fields else [db_utils.resource_fields(port, fields) for port in ports]) - def _extract_external_gw(self, context, router, is_extract=True): - r = router['router'] - gw_info = const.ATTR_NOT_SPECIFIED - # First extract the gateway info in case of updating - # gateway before edge is deployed. - if 'external_gateway_info' in r: - gw_info = r.get('external_gateway_info', {}) - if is_extract: - del r['external_gateway_info'] - network_id = (gw_info.get('network_id') if gw_info - else None) - if network_id: - ext_net = self._get_network(context, network_id) - if not ext_net.external: - msg = (_("Network '%s' is not a valid external network") % - network_id) - raise n_exc.BadRequest(resource='router', msg=msg) - return gw_info - def _get_external_attachment_info(self, context, router): gw_port = router.gw_port ipaddress = None diff --git a/vmware_nsx/tests/unit/nsx_v3/test_plugin.py b/vmware_nsx/tests/unit/nsx_v3/test_plugin.py index 65c2629696..b9668c192d 100644 --- a/vmware_nsx/tests/unit/nsx_v3/test_plugin.py +++ b/vmware_nsx/tests/unit/nsx_v3/test_plugin.py @@ -1671,6 +1671,17 @@ class TestL3NatTestCase(L3NatTest, context.get_admin_context(), {'router': {'name': 'rtr'}}) + def test_router_add_gateway_no_subnet_forbidden(self): + with self.router() as r: + with self.network() as n: + self._set_net_external(n['network']['id']) + self._add_external_gateway_to_router( + r['router']['id'], n['network']['id'], + expected_code=exc.HTTPBadRequest.code) + + def test_router_add_gateway_no_subnet(self): + self.skipTest('No support for no subnet gateway set') + class ExtGwModeTestCase(test_ext_gw_mode.ExtGwModeIntTestCase, L3NatTest):