Introducing the tenant owenrship checks in the Cisco plugin, changes are

almost identical to those in Bug#942713

Change-Id: Ia320116e73db72090d925796bb2c832f31f878de

diff --git a/quantum/plugins/cisco/db/api.py b/quantum/plugins/cisco/db/api.py
index ed42f044a68559dd96d0a126e5ca3310e2c84971..d59dd8610cb3725e7d2578cd63e8029733150057 100644 (file)
--- a/quantum/plugins/cisco/db/api.py
+++ b/quantum/plugins/cisco/db/api.py
@@ -139,6 +139,17 @@ def network_destroy(net_id):
         raise q_exc.NetworkNotFound(net_id=net_id)
 
 
+def validate_network_ownership(tenant_id, net_id):
+    session = get_session()
+    try:
+        return  session.query(models.Network).\
+            filter_by(uuid=net_id).\
+            filter_by(tenant_id=tenant_id).\
+            one()
+    except exc.NoResultFound, e:
+        raise q_exc.NetworkNotFound(net_id=net_id)
+
+
 def port_create(net_id, state=None):
     # confirm network exists
     network_get(net_id)
@@ -292,3 +303,8 @@ def port_unset_attachment_by_id(port_id):
     session.merge(port)
     session.flush()
     return port
+
+
+def validate_port_ownership(tenant_id, net_id, port_id, session=None):
+    validate_network_ownership(tenant_id, net_id)
+    port_get(port_id, net_id)

diff --git a/quantum/plugins/cisco/l2network_plugin.py b/quantum/plugins/cisco/l2network_plugin.py
index 25fa514f2bb8adc2b8436ea399eb5a9baee686e0..5e4e39198d6121ea19b67139265b3ef333c2f94f 100644 (file)
--- a/quantum/plugins/cisco/l2network_plugin.py
+++ b/quantum/plugins/cisco/l2network_plugin.py
@@ -97,6 +97,7 @@ class L2Network(QuantumPluginBase):
         belonging to the specified tenant.
         """
         LOG.debug("delete_network() called\n")
+        db.validate_network_ownership(tenant_id, net_id)
         net = db.network_get(net_id)
         if net:
             if len(net[const.NETWORKPORTS]) > 0:
@@ -123,6 +124,7 @@ class L2Network(QuantumPluginBase):
         Gets the details of a particular network
         """
         LOG.debug("get_network_details() called\n")
+        db.validate_network_ownership(tenant_id, net_id)
         network = db.network_get(net_id)
         self._invoke_device_plugins(self._func_name(), [tenant_id, net_id])
         ports_list = network[const.NETWORKPORTS]
@@ -146,6 +148,7 @@ class L2Network(QuantumPluginBase):
         Virtual Network.
         """
         LOG.debug("update_network() called\n")
+        db.validate_network_ownership(tenant_id, net_id)
         network = db.network_update(net_id, tenant_id, **kwargs)
         self._invoke_device_plugins(self._func_name(), [tenant_id, net_id,
                                                      kwargs])
@@ -160,6 +163,7 @@ class L2Network(QuantumPluginBase):
         specified Virtual Network.
         """
         LOG.debug("get_all_ports() called\n")
+        db.validate_network_ownership(tenant_id, net_id)
         network = db.network_get(net_id)
         self._invoke_device_plugins(self._func_name(), [tenant_id, net_id])
         ports_list = network[const.NETWORKPORTS]
@@ -179,6 +183,7 @@ class L2Network(QuantumPluginBase):
         """
         LOG.debug("create_port() called\n")
 
+        db.validate_network_ownership(tenant_id, net_id)
         port = db.port_create(net_id, port_state)
         unique_port_id_string = port[const.UUID]
         self._invoke_device_plugins(self._func_name(), [tenant_id, net_id,
@@ -198,6 +203,7 @@ class L2Network(QuantumPluginBase):
         then the port can be deleted.
         """
         LOG.debug("delete_port() called\n")
+        db.validate_port_ownership(tenant_id, net_id, port_id)
         network = db.network_get(net_id)
         port = db.port_get(net_id, port_id)
         attachment_id = port[const.INTERFACEID]
@@ -217,6 +223,7 @@ class L2Network(QuantumPluginBase):
         Updates the state of a port on the specified Virtual Network.
         """
         LOG.debug("update_port() called\n")
+        db.validate_port_ownership(tenant_id, net_id, port_id)
         network = db.network_get(net_id)
         self._invoke_device_plugins(self._func_name(), [tenant_id, net_id,
                                         port_id, kwargs])
@@ -233,6 +240,7 @@ class L2Network(QuantumPluginBase):
         that is attached to this particular port.
         """
         LOG.debug("get_port_details() called\n")
+        db.validate_port_ownership(tenant_id, net_id, port_id)
         network = db.network_get(net_id)
         self._invoke_device_plugins(self._func_name(), [tenant_id, net_id,
                                                      port_id])
@@ -250,6 +258,7 @@ class L2Network(QuantumPluginBase):
         specified Virtual Network.
         """
         LOG.debug("plug_interface() called\n")
+        db.validate_port_ownership(tenant_id, net_id, port_id)
         network = db.network_get(net_id)
         port = db.port_get(net_id, port_id)
         attachment_id = port[const.INTERFACEID]
@@ -278,6 +287,7 @@ class L2Network(QuantumPluginBase):
         specified Virtual Network.
         """
         LOG.debug("unplug_interface() called\n")
+        db.validate_port_ownership(tenant_id, net_id, port_id)
         network = db.network_get(net_id)
         port = db.port_get(net_id, port_id)
         attachment_id = port[const.INTERFACEID]
@@ -514,6 +524,7 @@ class L2Network(QuantumPluginBase):
         ports_dict_list = []
 
         for net_id in net_id_list:
+            db.validate_network_ownership(tenant_id, net_id)
             port = db.port_create(net_id, port_state)
             ports_id_list.append(port[const.UUID])
             port_dict = {const.PORT_ID: port[const.UUID]}