Introducing the tenant owenrship checks in the Cisco plugin, changes are

almost identical to those in Bug#942713 Change-Id: Ia320116e73db72090d925796bb2c832f31f878de
2012-02-28 22:30:17 -08:00 · 2012-02-28 22:30:17 -08:00 · c98559eaa3
commit c98559eaa3
parent 1215fefa0c
2 changed files with 27 additions and 0 deletions
--- a/quantum/plugins/cisco/db/api.py
+++ b/quantum/plugins/cisco/db/api.py
@ -139,6 +139,17 @@ def network_destroy(net_id):
        raise q_exc.NetworkNotFound(net_id=net_id)


+def validate_network_ownership(tenant_id, net_id):
+    session = get_session()
+    try:
+        return  session.query(models.Network).\
+            filter_by(uuid=net_id).\
+            filter_by(tenant_id=tenant_id).\
+            one()
+    except exc.NoResultFound, e:
+        raise q_exc.NetworkNotFound(net_id=net_id)
+
+
 def port_create(net_id, state=None):
    # confirm network exists
    network_get(net_id)
@ -292,3 +303,8 @@ def port_unset_attachment_by_id(port_id):
    session.merge(port)
    session.flush()
    return port
+
+
+def validate_port_ownership(tenant_id, net_id, port_id, session=None):
+    validate_network_ownership(tenant_id, net_id)
+    port_get(port_id, net_id)
--- a/quantum/plugins/cisco/l2network_plugin.py
+++ b/quantum/plugins/cisco/l2network_plugin.py
@ -97,6 +97,7 @@ class L2Network(QuantumPluginBase):
        belonging to the specified tenant.
        """
        LOG.debug("delete_network() called\n")
+        db.validate_network_ownership(tenant_id, net_id)
        net = db.network_get(net_id)
        if net:
            if len(net[const.NETWORKPORTS]) > 0:
@ -123,6 +124,7 @@ class L2Network(QuantumPluginBase):
        Gets the details of a particular network
        """
        LOG.debug("get_network_details() called\n")
+        db.validate_network_ownership(tenant_id, net_id)
        network = db.network_get(net_id)
        self._invoke_device_plugins(self._func_name(), [tenant_id, net_id])
        ports_list = network[const.NETWORKPORTS]
@ -146,6 +148,7 @@ class L2Network(QuantumPluginBase):
        Virtual Network.
        """
        LOG.debug("update_network() called\n")
+        db.validate_network_ownership(tenant_id, net_id)
        network = db.network_update(net_id, tenant_id, **kwargs)
        self._invoke_device_plugins(self._func_name(), [tenant_id, net_id,
                                                     kwargs])
@ -160,6 +163,7 @@ class L2Network(QuantumPluginBase):
        specified Virtual Network.
        """
        LOG.debug("get_all_ports() called\n")
+        db.validate_network_ownership(tenant_id, net_id)
        network = db.network_get(net_id)
        self._invoke_device_plugins(self._func_name(), [tenant_id, net_id])
        ports_list = network[const.NETWORKPORTS]
@ -179,6 +183,7 @@ class L2Network(QuantumPluginBase):
        """
        LOG.debug("create_port() called\n")

+        db.validate_network_ownership(tenant_id, net_id)
        port = db.port_create(net_id, port_state)
        unique_port_id_string = port[const.UUID]
        self._invoke_device_plugins(self._func_name(), [tenant_id, net_id,
@ -198,6 +203,7 @@ class L2Network(QuantumPluginBase):
        then the port can be deleted.
        """
        LOG.debug("delete_port() called\n")
+        db.validate_port_ownership(tenant_id, net_id, port_id)
        network = db.network_get(net_id)
        port = db.port_get(net_id, port_id)
        attachment_id = port[const.INTERFACEID]
@ -217,6 +223,7 @@ class L2Network(QuantumPluginBase):
        Updates the state of a port on the specified Virtual Network.
        """
        LOG.debug("update_port() called\n")
+        db.validate_port_ownership(tenant_id, net_id, port_id)
        network = db.network_get(net_id)
        self._invoke_device_plugins(self._func_name(), [tenant_id, net_id,
                                        port_id, kwargs])
@ -233,6 +240,7 @@ class L2Network(QuantumPluginBase):
        that is attached to this particular port.
        """
        LOG.debug("get_port_details() called\n")
+        db.validate_port_ownership(tenant_id, net_id, port_id)
        network = db.network_get(net_id)
        self._invoke_device_plugins(self._func_name(), [tenant_id, net_id,
                                                     port_id])
@ -250,6 +258,7 @@ class L2Network(QuantumPluginBase):
        specified Virtual Network.
        """
        LOG.debug("plug_interface() called\n")
+        db.validate_port_ownership(tenant_id, net_id, port_id)
        network = db.network_get(net_id)
        port = db.port_get(net_id, port_id)
        attachment_id = port[const.INTERFACEID]
@ -278,6 +287,7 @@ class L2Network(QuantumPluginBase):
        specified Virtual Network.
        """
        LOG.debug("unplug_interface() called\n")
+        db.validate_port_ownership(tenant_id, net_id, port_id)
        network = db.network_get(net_id)
        port = db.port_get(net_id, port_id)
        attachment_id = port[const.INTERFACEID]
@ -514,6 +524,7 @@ class L2Network(QuantumPluginBase):
        ports_dict_list = []

        for net_id in net_id_list:
+            db.validate_network_ownership(tenant_id, net_id)
            port = db.port_create(net_id, port_state)
            ports_id_list.append(port[const.UUID])
            port_dict = {const.PORT_ID: port[const.UUID]}