x/vmware-nsx
Code Issues Proposed changes

NSXV: Elevate context for router firewall update

Browse Source 
Edge firewall might contain FW rules which are originated from various
sources, e.g FWaaS rules, subnet rules, LB rules etc.

When a non-admin user applies a change to the FW config by changing any
of the above, the new FW config should still include resources which
aren't visible to the user. Therefore the context should be elevated.

Change-Id: I8cd3310976708b0bbf1442de7f38ebc06dc8506a
This commit is contained in:
Kobi Samoray 2021-03-30 13:25:02 +03:00
parent 6680d270ed
commit 25b959bae3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
vmware_nsx/plugins/nsx_v/plugin.py
View File

@ -4248,7 +4248,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
if not router_id:
router_id = router_db['id']
self.update_router_firewall(context, router_id, router_db)
self.update_router_firewall(context.elevated(), router_id, router_db)
def _get_firewall_icmpv6_rules(self):
# Add ipv6 icmp multicast rule (blocked in Vsphere 7 & up)