From 26873653713e35bb68a0fdf44d21e0abc4100861 Mon Sep 17 00:00:00 2001 From: Adit Sarfaty Date: Thu, 6 Jul 2017 11:25:39 +0300 Subject: [PATCH] NSX|v+v3: Use elevated context for address scopes checks Change-Id: Ie8f6d676f783681c7eeaae57a0e764eab6f8a1bb --- vmware_nsx/plugins/nsx_v/plugin.py | 12 ++++++------ vmware_nsx/plugins/nsx_v3/plugin.py | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/vmware_nsx/plugins/nsx_v/plugin.py b/vmware_nsx/plugins/nsx_v/plugin.py index d04f267308..198bc08a77 100644 --- a/vmware_nsx/plugins/nsx_v/plugin.py +++ b/vmware_nsx/plugins/nsx_v/plugin.py @@ -2972,7 +2972,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, for port in router_ports: for fip in port['fixed_ips']: self._validate_address_scope_for_router_interface( - context, router_id, + context.elevated(), router_id, gw_info['network_id'], fip['subnet_id']) router_driver = self._find_router_driver(context, router_id) @@ -3296,9 +3296,9 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, # if the subnets address scope is the same as the gateways: # no need for SNAT gw_address_scope = self._get_network_address_scope( - context, gw_port['network_id']) + context.elevated(), gw_port['network_id']) subnet_address_scope = self._get_subnet_address_scope( - context, subnet['id']) + context.elevated(), subnet['id']) if (gw_address_scope and gw_address_scope == subnet_address_scope): LOG.info("No need for SNAT rule for router %(router)s " @@ -3344,7 +3344,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, return gw_address_scope = self._get_network_address_scope( - context, gw_port['network_id']) + context.elevated(), gw_port['network_id']) if gw_address_scope is None: return @@ -3355,7 +3355,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, # if the subnets address scope is the same as the gateways: # we should add it to the rule subnet_address_scope = self._get_subnet_address_scope( - context, subnet['id']) + context.elevated(), subnet['id']) if (gw_address_scope == subnet_address_scope): no_nat_cidrs.append(subnet['cidr']) @@ -3430,7 +3430,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, if snat_disabled and subnet_id: gw_network_id = router[l3.EXTERNAL_GW_INFO]['network_id'] self._validate_address_scope_for_router_interface( - context, router_id, gw_network_id, subnet_id) + context.elevated(), router_id, gw_network_id, subnet_id) router_driver = self._find_router_driver(context, router_id) try: diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py index 26850e74da..6b4b945ec2 100644 --- a/vmware_nsx/plugins/nsx_v3/plugin.py +++ b/vmware_nsx/plugins/nsx_v3/plugin.py @@ -2855,7 +2855,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, for port in router_ports: for fip in port['fixed_ips']: self._validate_address_scope_for_router_interface( - context, router_id, + context.elevated(), router_id, gw_info['network_id'], fip['subnet_id']) nsx_router_id = None @@ -3025,7 +3025,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, if not router_db.enable_snat: gw_network_id = router_db.gw_port.network_id self._validate_address_scope_for_router_interface( - context, router_id, gw_network_id, subnet['id']) + context.elevated(), router_id, gw_network_id, subnet['id']) nsx_router_id = nsx_db.get_nsx_router_id(context.session, router_id)