diff --git a/etc/policy.json b/etc/policy.json index 1664c8d7af..4c7f00368b 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -74,6 +74,9 @@ "add_router_interface": "rule:admin_or_owner", "remove_router_interface": "rule:admin_or_owner", + "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only", + "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only", + "create_firewall": "", "get_firewall": "rule:admin_or_owner", "create_firewall:shared": "rule:admin_only", @@ -112,6 +115,7 @@ "get_loadbalancer-pools": "rule:admin_only", "create_floatingip": "rule:regular_user", + "create_floatingip:floating_ip_address": "rule:admin_only", "update_floatingip": "rule:admin_or_owner", "delete_floatingip": "rule:admin_or_owner", "get_floatingip": "rule:admin_or_owner", diff --git a/test-requirements.txt b/test-requirements.txt index f328e166a9..928810dd03 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -2,8 +2,7 @@ # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -# Temporary, till https://review.openstack.org/#/c/143949/ is merged --e git://github.com/gkotton/neutron.git#egg=neutron +-e git://git.openstack.org/openstack/neutron.git#egg=neutron hacking>=0.9.2,<0.10 diff --git a/vmware_nsx/neutron/plugins/vmware/dbexts/nsxv_db.py b/vmware_nsx/neutron/plugins/vmware/dbexts/nsxv_db.py index 0e73ca9318..376f02b564 100644 --- a/vmware_nsx/neutron/plugins/vmware/dbexts/nsxv_db.py +++ b/vmware_nsx/neutron/plugins/vmware/dbexts/nsxv_db.py @@ -296,12 +296,10 @@ def delete_nsxv_internal_edge(session, ext_ip_address): filter_by(ext_ip_address=ext_ip_address).delete()) -def add_neutron_nsx_section_mapping(session, neutron_id, ip_section_id, - mac_section_id=None): +def add_neutron_nsx_section_mapping(session, neutron_id, ip_section_id): with session.begin(subtransactions=True): - mapping = nsxv_models.NsxvSectionMapping( - neutron_id=neutron_id, ip_section_id=ip_section_id, - mac_section_id=mac_section_id) + mapping = nsxv_models.NsxvSecurityGroupSectionMapping( + neutron_id=neutron_id, ip_section_id=ip_section_id) session.add(mapping) return mapping @@ -324,7 +322,7 @@ def add_neutron_nsx_port_vnic_mapping(session, neutron_id, nsx_id): def get_nsx_section(session, neutron_id): try: - mapping = (session.query(nsxv_models.NsxvSectionMapping). + mapping = (session.query(nsxv_models.NsxvSecurityGroupSectionMapping). filter_by(neutron_id=neutron_id). one()) return mapping diff --git a/vmware_nsx/neutron/plugins/vmware/plugins/nsx_v.py b/vmware_nsx/neutron/plugins/vmware/plugins/nsx_v.py index 0ab635f4ff..288c8c7e44 100644 --- a/vmware_nsx/neutron/plugins/vmware/plugins/nsx_v.py +++ b/vmware_nsx/neutron/plugins/vmware/plugins/nsx_v.py @@ -1558,7 +1558,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, if type == 'ip': return mapping['ip_section_id'] else: - return mapping['mac_section_id'] + None def create_security_group(self, context, security_group, default_sg=False): @@ -1658,7 +1658,6 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, # Delete nsx rule sections self._delete_section(section_mapping['ip_section_id']) - self._delete_section(section_mapping['mac_section_id']) # Delete nsx security group self._delete_security_group(nsx_sg_id)