From 25b959bae39aefbd8dec2a1d2541e34a53076546 Mon Sep 17 00:00:00 2001 From: Kobi Samoray Date: Tue, 30 Mar 2021 13:25:02 +0300 Subject: [PATCH] NSXV: Elevate context for router firewall update Edge firewall might contain FW rules which are originated from various sources, e.g FWaaS rules, subnet rules, LB rules etc. When a non-admin user applies a change to the FW config by changing any of the above, the new FW config should still include resources which aren't visible to the user. Therefore the context should be elevated. Change-Id: I8cd3310976708b0bbf1442de7f38ebc06dc8506a --- vmware_nsx/plugins/nsx_v/plugin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vmware_nsx/plugins/nsx_v/plugin.py b/vmware_nsx/plugins/nsx_v/plugin.py index 8820c23b8f..5b434b67c0 100644 --- a/vmware_nsx/plugins/nsx_v/plugin.py +++ b/vmware_nsx/plugins/nsx_v/plugin.py @@ -4248,7 +4248,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, if not router_id: router_id = router_db['id'] - self.update_router_firewall(context, router_id, router_db) + self.update_router_firewall(context.elevated(), router_id, router_db) def _get_firewall_icmpv6_rules(self): # Add ipv6 icmp multicast rule (blocked in Vsphere 7 & up)