NSX|V: use elevated context to get external net for router gw

Commit I04e155cb92be65f4d5e8e9a4c21e6ca736aff82c broke our plugins

Change-Id: I7b8376dcaeb38a759cc732a19797b36de096ade9

vmware_nsx/plugins/common/plugin.py

@@ -27,6 +27,7 @@ from neutron_lib.api.definitions import network as net_def
 from neutron_lib.api.definitions import port as port_def
 from neutron_lib.api.definitions import subnet as subnet_def
 from neutron_lib.api import validators
+from neutron_lib import constants
 from neutron_lib import context as n_context
 from neutron_lib import exceptions as n_exc
 from neutron_lib.plugins import directory
@@ -281,3 +282,29 @@ class NsxPluginBase(db_base_plugin_v2.NeutronDbPluginV2,
         if validators.is_attr_set(fixed_ip_list) and len(fixed_ip_list) > 1:
             msg = _('Exceeded maximum amount of fixed ips per port')
             raise n_exc.InvalidInput(error_message=msg)
+
+    def _extract_external_gw(self, context, router, is_extract=True):
+        r = router['router']
+        gw_info = constants.ATTR_NOT_SPECIFIED
+        # First extract the gateway info in case of updating
+        # gateway before edge is deployed.
+        if 'external_gateway_info' in r:
+            gw_info = r.get('external_gateway_info', {})
+            if is_extract:
+                del r['external_gateway_info']
+            network_id = (gw_info.get('network_id') if gw_info
+                          else None)
+            if network_id:
+                ext_net = self._get_network(context.elevated(), network_id)
+                if not ext_net.external:
+                    msg = (_("Network '%s' is not a valid external network") %
+                           network_id)
+                    raise n_exc.BadRequest(resource='router', msg=msg)
+
+                subnets = self._get_subnets_by_network(context.elevated(),
+                                                       network_id)
+                if not subnets:
+                    msg = _("Cannot update gateway on Network '%s' "
+                            "with no subnet") % network_id
+                    raise n_exc.BadRequest(resource='router', msg=msg)
+        return gw_info

vmware_nsx/plugins/nsx_v/plugin.py

@@ -2893,31 +2893,6 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
         LOG.debug("Update the DHCP address group to %s", address_groups)
         return address_groups
 
-    def _extract_external_gw(self, context, router, is_extract=True):
-        r = router['router']
-        gw_info = constants.ATTR_NOT_SPECIFIED
-        # First extract the gateway info in case of updating
-        # gateway before edge is deployed.
-        if 'external_gateway_info' in r:
-            gw_info = r['external_gateway_info']
-            if is_extract:
-                del r['external_gateway_info']
-            network_id = (gw_info.get('network_id') if gw_info
-                          else None)
-            if network_id:
-                ext_net = self._get_network(context, network_id)
-                if not ext_net.external:
-                    msg = (_("Network '%s' is not a valid external network") %
-                           network_id)
-                    raise n_exc.BadRequest(resource='router', msg=msg)
-
-                subnets = self._get_subnets_by_network(context, network_id)
-                if not subnets:
-                    msg = _("Cannot update gateway on Network '%s' "
-                            "with no subnet") % network_id
-                    raise n_exc.BadRequest(resource='router', msg=msg)
-        return gw_info
-
     def _validate_router_size(self, router):
         # Check if router-size is specified. router-size can only be specified
         # for an exclusive non-distributed router; else raise a BadRequest

vmware_nsx/plugins/nsx_v3/plugin.py

@@ -2995,25 +2995,6 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
         return (ports if not fields else
                 [db_utils.resource_fields(port, fields) for port in ports])
 
-    def _extract_external_gw(self, context, router, is_extract=True):
-        r = router['router']
-        gw_info = const.ATTR_NOT_SPECIFIED
-        # First extract the gateway info in case of updating
-        # gateway before edge is deployed.
-        if 'external_gateway_info' in r:
-            gw_info = r.get('external_gateway_info', {})
-            if is_extract:
-                del r['external_gateway_info']
-            network_id = (gw_info.get('network_id') if gw_info
-                          else None)
-            if network_id:
-                ext_net = self._get_network(context, network_id)
-                if not ext_net.external:
-                    msg = (_("Network '%s' is not a valid external network") %
-                           network_id)
-                    raise n_exc.BadRequest(resource='router', msg=msg)
-        return gw_info
-
     def _get_external_attachment_info(self, context, router):
         gw_port = router.gw_port
         ipaddress = None

vmware_nsx/tests/unit/nsx_v3/test_plugin.py

@@ -1671,6 +1671,17 @@ class TestL3NatTestCase(L3NatTest,
                           context.get_admin_context(),
                           {'router': {'name': 'rtr'}})
 
+    def test_router_add_gateway_no_subnet_forbidden(self):
+        with self.router() as r:
+            with self.network() as n:
+                self._set_net_external(n['network']['id'])
+                self._add_external_gateway_to_router(
+                    r['router']['id'], n['network']['id'],
+                    expected_code=exc.HTTPBadRequest.code)
+
+    def test_router_add_gateway_no_subnet(self):
+        self.skipTest('No support for no subnet gateway set')
+
 
 class ExtGwModeTestCase(test_ext_gw_mode.ExtGwModeIntTestCase,
                         L3NatTest):