diff --git a/quantum/plugins/cisco/db/api.py b/quantum/plugins/cisco/db/api.py index ed42f044a6..d59dd8610c 100644 --- a/quantum/plugins/cisco/db/api.py +++ b/quantum/plugins/cisco/db/api.py @@ -139,6 +139,17 @@ def network_destroy(net_id): raise q_exc.NetworkNotFound(net_id=net_id) +def validate_network_ownership(tenant_id, net_id): + session = get_session() + try: + return session.query(models.Network).\ + filter_by(uuid=net_id).\ + filter_by(tenant_id=tenant_id).\ + one() + except exc.NoResultFound, e: + raise q_exc.NetworkNotFound(net_id=net_id) + + def port_create(net_id, state=None): # confirm network exists network_get(net_id) @@ -292,3 +303,8 @@ def port_unset_attachment_by_id(port_id): session.merge(port) session.flush() return port + + +def validate_port_ownership(tenant_id, net_id, port_id, session=None): + validate_network_ownership(tenant_id, net_id) + port_get(port_id, net_id) diff --git a/quantum/plugins/cisco/l2network_plugin.py b/quantum/plugins/cisco/l2network_plugin.py index 25fa514f2b..5e4e39198d 100644 --- a/quantum/plugins/cisco/l2network_plugin.py +++ b/quantum/plugins/cisco/l2network_plugin.py @@ -97,6 +97,7 @@ class L2Network(QuantumPluginBase): belonging to the specified tenant. """ LOG.debug("delete_network() called\n") + db.validate_network_ownership(tenant_id, net_id) net = db.network_get(net_id) if net: if len(net[const.NETWORKPORTS]) > 0: @@ -123,6 +124,7 @@ class L2Network(QuantumPluginBase): Gets the details of a particular network """ LOG.debug("get_network_details() called\n") + db.validate_network_ownership(tenant_id, net_id) network = db.network_get(net_id) self._invoke_device_plugins(self._func_name(), [tenant_id, net_id]) ports_list = network[const.NETWORKPORTS] @@ -146,6 +148,7 @@ class L2Network(QuantumPluginBase): Virtual Network. """ LOG.debug("update_network() called\n") + db.validate_network_ownership(tenant_id, net_id) network = db.network_update(net_id, tenant_id, **kwargs) self._invoke_device_plugins(self._func_name(), [tenant_id, net_id, kwargs]) @@ -160,6 +163,7 @@ class L2Network(QuantumPluginBase): specified Virtual Network. """ LOG.debug("get_all_ports() called\n") + db.validate_network_ownership(tenant_id, net_id) network = db.network_get(net_id) self._invoke_device_plugins(self._func_name(), [tenant_id, net_id]) ports_list = network[const.NETWORKPORTS] @@ -179,6 +183,7 @@ class L2Network(QuantumPluginBase): """ LOG.debug("create_port() called\n") + db.validate_network_ownership(tenant_id, net_id) port = db.port_create(net_id, port_state) unique_port_id_string = port[const.UUID] self._invoke_device_plugins(self._func_name(), [tenant_id, net_id, @@ -198,6 +203,7 @@ class L2Network(QuantumPluginBase): then the port can be deleted. """ LOG.debug("delete_port() called\n") + db.validate_port_ownership(tenant_id, net_id, port_id) network = db.network_get(net_id) port = db.port_get(net_id, port_id) attachment_id = port[const.INTERFACEID] @@ -217,6 +223,7 @@ class L2Network(QuantumPluginBase): Updates the state of a port on the specified Virtual Network. """ LOG.debug("update_port() called\n") + db.validate_port_ownership(tenant_id, net_id, port_id) network = db.network_get(net_id) self._invoke_device_plugins(self._func_name(), [tenant_id, net_id, port_id, kwargs]) @@ -233,6 +240,7 @@ class L2Network(QuantumPluginBase): that is attached to this particular port. """ LOG.debug("get_port_details() called\n") + db.validate_port_ownership(tenant_id, net_id, port_id) network = db.network_get(net_id) self._invoke_device_plugins(self._func_name(), [tenant_id, net_id, port_id]) @@ -250,6 +258,7 @@ class L2Network(QuantumPluginBase): specified Virtual Network. """ LOG.debug("plug_interface() called\n") + db.validate_port_ownership(tenant_id, net_id, port_id) network = db.network_get(net_id) port = db.port_get(net_id, port_id) attachment_id = port[const.INTERFACEID] @@ -278,6 +287,7 @@ class L2Network(QuantumPluginBase): specified Virtual Network. """ LOG.debug("unplug_interface() called\n") + db.validate_port_ownership(tenant_id, net_id, port_id) network = db.network_get(net_id) port = db.port_get(net_id, port_id) attachment_id = port[const.INTERFACEID] @@ -514,6 +524,7 @@ class L2Network(QuantumPluginBase): ports_dict_list = [] for net_id in net_id_list: + db.validate_network_ownership(tenant_id, net_id) port = db.port_create(net_id, port_state) ports_id_list.append(port[const.UUID]) port_dict = {const.PORT_ID: port[const.UUID]}