Fix L3 HA network creation to allow user to create router

Update HA Network creation to use an admin context to allow Neutron
to create the tenant-less network required for the HA router when
it does not yet exist and is being created by a non-admin user.

Neutron creates these resources without a tenant so users cannot see
or modify the HA network, ports, etc.  Port creation and association
already use elivated admin contexts to allow their function when
an user attempts to create a HA L3 router.

Change-Id: I36166158a0970b8d08d6702054b11a43fb684281
Closes-Bug: #1388716

diff --git a/neutron/db/l3_hamode_db.py b/neutron/db/l3_hamode_db.py
index 2aa78bdea9bf51e42bc1904901f028d358424d32..a35709eadae8df58b346d7529578d3be07f5e358 100644 (file)
--- a/neutron/db/l3_hamode_db.py
+++ b/neutron/db/l3_hamode_db.py
@@ -224,7 +224,7 @@ class L3_HA_NAT_db_mixin(l3_dvr_db.L3_NAT_with_dvr_db_mixin):
                  'shared': False,
                  'admin_state_up': True,
                  'status': constants.NET_STATUS_ACTIVE}}
-        network = self._core_plugin.create_network(context, args)
+        network = self._core_plugin.create_network(admin_ctx, args)
         try:
             ha_network = self._create_ha_network_tenant_binding(admin_ctx,
                                                                 tenant_id,

diff --git a/neutron/tests/unit/db/test_l3_ha_db.py b/neutron/tests/unit/db/test_l3_ha_db.py
index 807436caa707573fae317562f29e8fd1caaae237..94a66aa1b4e26d7483cebf5d434d88b979f63703 100644 (file)
--- a/neutron/tests/unit/db/test_l3_ha_db.py
+++ b/neutron/tests/unit/db/test_l3_ha_db.py
@@ -54,20 +54,25 @@ class L3HATestFramework(testlib_api.SqlTestCase,
         self.notif_m = notif_p.start()
         cfg.CONF.set_override('allow_overlapping_ips', True)
 
-    def _create_router(self, ha=True, tenant_id='tenant1', distributed=None):
-        self.admin_ctx.tenant_id = tenant_id
+    def _create_router(self, ha=True, tenant_id='tenant1', distributed=None,
+                       ctx=None):
+        if ctx is None:
+            ctx = self.admin_ctx
+        ctx.tenant_id = tenant_id
         router = {'name': 'router1', 'admin_state_up': True}
         if ha is not None:
             router['ha'] = ha
         if distributed is not None:
             router['distributed'] = distributed
-        return self.plugin.create_router(self.admin_ctx, {'router': router})
+        return self.plugin.create_router(ctx, {'router': router})
 
-    def _update_router(self, router_id, ha=True, distributed=None):
+    def _update_router(self, router_id, ha=True, distributed=None, ctx=None):
+        if ctx is None:
+            ctx = self.admin_ctx
         data = {'ha': ha} if ha is not None else {}
         if distributed is not None:
             data['distributed'] = distributed
-        return self.plugin._update_router_db(self.admin_ctx, router_id,
+        return self.plugin._update_router_db(ctx, router_id,
                                              data, None)
 
 
@@ -395,3 +400,22 @@ class L3HATestCase(L3HATestFramework):
 
         routers_after = self.plugin.get_routers(self.admin_ctx)
         self.assertEqual(routers_before, routers_after)
+
+
+class L3HAUserTestCase(L3HATestFramework):
+
+    def setUp(self):
+        super(L3HAUserTestCase, self).setUp()
+        self.user_ctx = context.Context('', _uuid())
+        self.plugin = FakeL3Plugin()
+
+    def test_create_ha_router(self):
+        self._create_router(ctx=self.user_ctx)
+
+    def test_update_router(self):
+        router = self._create_router(ctx=self.user_ctx)
+        self._update_router(router['id'], ha=False, ctx=self.user_ctx)
+
+    def test_delete_router(self):
+        router = self._create_router(ctx=self.user_ctx)
+        self.plugin.delete_router(self.user_ctx, router['id'])