LBaaS: Fix healthmonitor disassociation for non-admin

Due to specifics of policy engine, checked object should have tenant_id to be checked by rule admin_or_owner. In 'disassociate' operation neutron API layer works with PoolHealthMonitorAssociation which doesn't have tenant_id field. Need to add it to resulting dict returned by get_pool_health_monitor. Change-Id: I6c58558b09ff34dedd7da30866275de44d3ba993 Closes-bug: 1220668
2013-09-04 22:00:40 +04:00 · 2013-09-04 22:00:40 +04:00 · bba80aac17
commit bba80aac17
parent 3a80ac0984
2 changed files with 20 additions and 3 deletions
--- a/neutron/db/loadbalancer/loadbalancer_db.py
+++ b/neutron/db/loadbalancer/loadbalancer_db.py
@ -608,11 +608,11 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase,

    def delete_pool_health_monitor(self, context, id, pool_id):
        with context.session.begin(subtransactions=True):
-            assoc = self.get_pool_health_monitor(context, id, pool_id)
+            assoc = self._get_pool_health_monitor(context, id, pool_id)
            pool = self._get_resource(context, Pool, pool_id)
            pool.monitors.remove(assoc)

-    def get_pool_health_monitor(self, context, id, pool_id, fields=None):
+    def _get_pool_health_monitor(self, context, id, pool_id):
        try:
            assoc_qry = context.session.query(PoolMonitorAssociation)
            return assoc_qry.filter_by(monitor_id=id, pool_id=pool_id).one()
@ -620,10 +620,21 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase,
            raise loadbalancer.PoolMonitorAssociationNotFound(
                monitor_id=id, pool_id=pool_id)

+    def get_pool_health_monitor(self, context, id, pool_id, fields=None):
+        pool_hm = self._get_pool_health_monitor(context, id, pool_id)
+        # need to add tenant_id for admin_or_owner policy check to pass
+        hm = self.get_health_monitor(context, id)
+        res = {'pool_id': pool_id,
+               'monitor_id': id,
+               'status': pool_hm['status'],
+               'status_description': pool_hm['status_description'],
+               'tenant_id': hm['tenant_id']}
+        return self._fields(res, fields)
+
    def update_pool_health_monitor(self, context, id, pool_id,
                                   status, status_description=None):
        with context.session.begin(subtransactions=True):
-            assoc = self.get_pool_health_monitor(context, id, pool_id)
+            assoc = self._get_pool_health_monitor(context, id, pool_id)
            self.assert_modification_allowed(assoc)
            assoc.status = status
            assoc.status_description = status_description
--- a/neutron/tests/unit/db/loadbalancer/test_db_loadbalancer.py
+++ b/neutron/tests/unit/db/loadbalancer/test_db_loadbalancer.py
@ -1285,6 +1285,12 @@ class TestLoadBalancer(LoadBalancerPluginDbTestCase):
                                   health_mon2['health_monitor']['id']]},
                                 res)

+                res = self.plugin.get_pool_health_monitor(
+                    context.get_admin_context(),
+                    health_mon2['health_monitor']['id'], pool['pool']['id'])
+                self.assertEqual(res['tenant_id'],
+                                 health_mon1['health_monitor']['tenant_id'])
+
    def test_driver_call_create_pool_health_monitor(self):
        with mock.patch.object(self.plugin.drivers['lbaas'],
                               'create_pool_health_monitor') as driver_call: