LBaaS: Fix healthmonitor disassociation for non-admin

Due to specifics of policy engine, checked object should have
tenant_id to be checked by rule admin_or_owner.
In 'disassociate' operation neutron API layer works with
PoolHealthMonitorAssociation which doesn't have tenant_id field.
Need to add it to resulting dict returned by get_pool_health_monitor.

Change-Id: I6c58558b09ff34dedd7da30866275de44d3ba993
Closes-bug: 1220668

diff --git a/neutron/db/loadbalancer/loadbalancer_db.py b/neutron/db/loadbalancer/loadbalancer_db.py
index c6e35f5263e42eaeacb1bb64de1bdc4de1995476..02d2a7b15be2ec6e29388d90ada7ff3367ff34ad 100644 (file)
--- a/neutron/db/loadbalancer/loadbalancer_db.py
+++ b/neutron/db/loadbalancer/loadbalancer_db.py
@@ -608,11 +608,11 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase,
 
     def delete_pool_health_monitor(self, context, id, pool_id):
         with context.session.begin(subtransactions=True):
-            assoc = self.get_pool_health_monitor(context, id, pool_id)
+            assoc = self._get_pool_health_monitor(context, id, pool_id)
             pool = self._get_resource(context, Pool, pool_id)
             pool.monitors.remove(assoc)
 
-    def get_pool_health_monitor(self, context, id, pool_id, fields=None):
+    def _get_pool_health_monitor(self, context, id, pool_id):
         try:
             assoc_qry = context.session.query(PoolMonitorAssociation)
             return assoc_qry.filter_by(monitor_id=id, pool_id=pool_id).one()
@@ -620,10 +620,21 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase,
             raise loadbalancer.PoolMonitorAssociationNotFound(
                 monitor_id=id, pool_id=pool_id)
 
+    def get_pool_health_monitor(self, context, id, pool_id, fields=None):
+        pool_hm = self._get_pool_health_monitor(context, id, pool_id)
+        # need to add tenant_id for admin_or_owner policy check to pass
+        hm = self.get_health_monitor(context, id)
+        res = {'pool_id': pool_id,
+               'monitor_id': id,
+               'status': pool_hm['status'],
+               'status_description': pool_hm['status_description'],
+               'tenant_id': hm['tenant_id']}
+        return self._fields(res, fields)
+
     def update_pool_health_monitor(self, context, id, pool_id,
                                    status, status_description=None):
         with context.session.begin(subtransactions=True):
-            assoc = self.get_pool_health_monitor(context, id, pool_id)
+            assoc = self._get_pool_health_monitor(context, id, pool_id)
             self.assert_modification_allowed(assoc)
             assoc.status = status
             assoc.status_description = status_description

diff --git a/neutron/tests/unit/db/loadbalancer/test_db_loadbalancer.py b/neutron/tests/unit/db/loadbalancer/test_db_loadbalancer.py
index 0cbadf5ff8700c9c1d76f614029ce3f067aa00f6..d646afd0f2a088b164481f152786aaad63b46887 100644 (file)
--- a/neutron/tests/unit/db/loadbalancer/test_db_loadbalancer.py
+++ b/neutron/tests/unit/db/loadbalancer/test_db_loadbalancer.py
@@ -1285,6 +1285,12 @@ class TestLoadBalancer(LoadBalancerPluginDbTestCase):
                                    health_mon2['health_monitor']['id']]},
                                  res)
 
+                res = self.plugin.get_pool_health_monitor(
+                    context.get_admin_context(),
+                    health_mon2['health_monitor']['id'], pool['pool']['id'])
+                self.assertEqual(res['tenant_id'],
+                                 health_mon1['health_monitor']['tenant_id'])
+
     def test_driver_call_create_pool_health_monitor(self):
         with mock.patch.object(self.plugin.drivers['lbaas'],
                                'create_pool_health_monitor') as driver_call: