openstack/zun
Code Issues Proposed changes

Use admin context to update ports

Browse Source 
The port might contains security groups created by Kuryr-libnetwork
in service tenant. Therefore, adding security group via port update
needs admin context.

Change-Id: I83b387ee1143374306ed3fbb93a29f8adcd3a54f
This commit is contained in:
Hongbin Lu 2017-11-27 18:21:07 +00:00
parent 819cb77973
commit a966988a8a
2 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
zun/network/kuryr_network.py
View File

@ -329,8 +329,10 @@ class KuryrNetwork(network.Network):
"to port %(port_id)s",
{'security_group_ids': security_group_ids,
'port_id': port['id']})
self.neutron_api.update_port(port['id'],
{'port': updated_port})
admin_context = self.neutron_api.context.elevated()
neutron_api = neutron.NeutronAPI(admin_context)
neutron_api.update_port(port['id'],
{'port': updated_port})
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception("Neutron Error:")

17
zun/tests/unit/network/test_kuryr_network.py
View File

@ -36,7 +36,7 @@ class FakeNeutronClient(object):
pass
def list_ports(self, **kwargs):
return {'ports': [{'id': '1234567'}]}
return {'ports': [{'id': '1234567', 'security_groups': ['sg1']}]}
def delete_port(self, port_id):
pass
@ -164,8 +164,17 @@ class KuryrNetworkTestCase(base.TestCase):
self.network_api.disconnect_container_from_network(container,
network_name)
def test_add_security_groups_to_ports(self):
container = Container(self.context, **utils.get_test_container())
security_group_ids = ['1234567']
@mock.patch('zun.network.neutron.NeutronAPI')
def test_add_security_groups_to_ports(self, mock_neutron_api_cls):
addresses = {'private': [{'port': '1234567'}]}
container = Container(self.context, **utils.get_test_container(
addresses=addresses))
mock_neutron_api = mock.MagicMock()
mock_neutron_api_cls.return_value = mock_neutron_api
self.network_api.neutron_api.context = mock.Mock()
security_group_ids = ['sg2']
self.network_api.add_security_groups_to_ports(container,
security_group_ids)
mock_neutron_api.update_port.assert_called_once_with(
'1234567',
{'port': {'security_groups': ['sg1', 'sg2']}})