Merge "[NSX-P] Ensure DHCP binding are always deleted from backend"

2021-04-16 10:52:53 +00:00 · 2021-04-16 10:52:53 +00:00 · b368dcbc03
commit b368dcbc03
parent 7374b88548 4c051558e0
2 changed files with 23 additions and 2 deletions
--- a/vmware_nsx/plugins/nsx_p/plugin.py
+++ b/vmware_nsx/plugins/nsx_p/plugin.py
@ -1940,10 +1940,13 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
    def _delete_port_policy_dhcp_binding(self, context, port):
        # Do not check device_owner here because Nova may have already
        # deleted that before Neutron's port deletion.
+        # These operations need to performed in elevated context as it is not
+        # possible to guarantee port and network belong to the same tenant
+        ctx_elevated = context.elevated()
        net_id = port['network_id']
-        if not self._is_dhcp_network(context, net_id):
+        if not self._is_dhcp_network(ctx_elevated, net_id):
            return
-        segment_id = self._get_network_nsx_segment_id(context, net_id)
+        segment_id = self._get_network_nsx_segment_id(ctx_elevated, net_id)

        v4_dhcp = v6_dhcp = False
        for fixed_ip in port['fixed_ips']:
--- a/vmware_nsx/tests/unit/nsx_p/test_plugin.py
+++ b/vmware_nsx/tests/unit/nsx_p/test_plugin.py
@ -1066,6 +1066,24 @@ class NsxPTestPorts(common_v3.NsxV3TestPorts,
    def test_requested_invalid_fixed_ip_address_v6_slaac(self):
        self.skipTest("NSX subnet GW validation")

+    def test_delete_port_shared_network_with_dhcp_sub(self):
+        with mock.patch.object(
+            self.plugin.nsxpolicy.segment_dhcp_static_bindings,
+            'delete') as mock_delete_binding:
+            with self.network(shared=True) as network:
+                with self.subnet(network):
+                    port_res = self._create_port(
+                        self.fmt, network['network']['id'],
+                        exc.HTTPCreated.code,
+                        tenant_id='another_tenant',
+                        set_context=True)
+                    port = self.deserialize(self.fmt, port_res)
+                    self._delete('ports', port['port']['id'])
+                    self._show('ports', port['port']['id'],
+                            expected_code=exc.HTTPNotFound.code)
+                mock_delete_binding.assert_called_once_with(
+                    network['network']['id'], mock.ANY)
+

 class NsxPTestSubnets(common_v3.NsxV3TestSubnets,
                      NsxPPluginTestCaseMixin):