Introducing the tenant owenrship checks in the Cisco plugin, changes are

almost identical to those in Bug#942713

Change-Id: Ia320116e73db72090d925796bb2c832f31f878de
This commit is contained in:
Sumit Naiksatam 2012-02-28 22:30:17 -08:00
parent 1215fefa0c
commit c98559eaa3
2 changed files with 27 additions and 0 deletions

View File

@ -139,6 +139,17 @@ def network_destroy(net_id):
raise q_exc.NetworkNotFound(net_id=net_id) raise q_exc.NetworkNotFound(net_id=net_id)
def validate_network_ownership(tenant_id, net_id):
session = get_session()
try:
return session.query(models.Network).\
filter_by(uuid=net_id).\
filter_by(tenant_id=tenant_id).\
one()
except exc.NoResultFound, e:
raise q_exc.NetworkNotFound(net_id=net_id)
def port_create(net_id, state=None): def port_create(net_id, state=None):
# confirm network exists # confirm network exists
network_get(net_id) network_get(net_id)
@ -292,3 +303,8 @@ def port_unset_attachment_by_id(port_id):
session.merge(port) session.merge(port)
session.flush() session.flush()
return port return port
def validate_port_ownership(tenant_id, net_id, port_id, session=None):
validate_network_ownership(tenant_id, net_id)
port_get(port_id, net_id)

View File

@ -97,6 +97,7 @@ class L2Network(QuantumPluginBase):
belonging to the specified tenant. belonging to the specified tenant.
""" """
LOG.debug("delete_network() called\n") LOG.debug("delete_network() called\n")
db.validate_network_ownership(tenant_id, net_id)
net = db.network_get(net_id) net = db.network_get(net_id)
if net: if net:
if len(net[const.NETWORKPORTS]) > 0: if len(net[const.NETWORKPORTS]) > 0:
@ -123,6 +124,7 @@ class L2Network(QuantumPluginBase):
Gets the details of a particular network Gets the details of a particular network
""" """
LOG.debug("get_network_details() called\n") LOG.debug("get_network_details() called\n")
db.validate_network_ownership(tenant_id, net_id)
network = db.network_get(net_id) network = db.network_get(net_id)
self._invoke_device_plugins(self._func_name(), [tenant_id, net_id]) self._invoke_device_plugins(self._func_name(), [tenant_id, net_id])
ports_list = network[const.NETWORKPORTS] ports_list = network[const.NETWORKPORTS]
@ -146,6 +148,7 @@ class L2Network(QuantumPluginBase):
Virtual Network. Virtual Network.
""" """
LOG.debug("update_network() called\n") LOG.debug("update_network() called\n")
db.validate_network_ownership(tenant_id, net_id)
network = db.network_update(net_id, tenant_id, **kwargs) network = db.network_update(net_id, tenant_id, **kwargs)
self._invoke_device_plugins(self._func_name(), [tenant_id, net_id, self._invoke_device_plugins(self._func_name(), [tenant_id, net_id,
kwargs]) kwargs])
@ -160,6 +163,7 @@ class L2Network(QuantumPluginBase):
specified Virtual Network. specified Virtual Network.
""" """
LOG.debug("get_all_ports() called\n") LOG.debug("get_all_ports() called\n")
db.validate_network_ownership(tenant_id, net_id)
network = db.network_get(net_id) network = db.network_get(net_id)
self._invoke_device_plugins(self._func_name(), [tenant_id, net_id]) self._invoke_device_plugins(self._func_name(), [tenant_id, net_id])
ports_list = network[const.NETWORKPORTS] ports_list = network[const.NETWORKPORTS]
@ -179,6 +183,7 @@ class L2Network(QuantumPluginBase):
""" """
LOG.debug("create_port() called\n") LOG.debug("create_port() called\n")
db.validate_network_ownership(tenant_id, net_id)
port = db.port_create(net_id, port_state) port = db.port_create(net_id, port_state)
unique_port_id_string = port[const.UUID] unique_port_id_string = port[const.UUID]
self._invoke_device_plugins(self._func_name(), [tenant_id, net_id, self._invoke_device_plugins(self._func_name(), [tenant_id, net_id,
@ -198,6 +203,7 @@ class L2Network(QuantumPluginBase):
then the port can be deleted. then the port can be deleted.
""" """
LOG.debug("delete_port() called\n") LOG.debug("delete_port() called\n")
db.validate_port_ownership(tenant_id, net_id, port_id)
network = db.network_get(net_id) network = db.network_get(net_id)
port = db.port_get(net_id, port_id) port = db.port_get(net_id, port_id)
attachment_id = port[const.INTERFACEID] attachment_id = port[const.INTERFACEID]
@ -217,6 +223,7 @@ class L2Network(QuantumPluginBase):
Updates the state of a port on the specified Virtual Network. Updates the state of a port on the specified Virtual Network.
""" """
LOG.debug("update_port() called\n") LOG.debug("update_port() called\n")
db.validate_port_ownership(tenant_id, net_id, port_id)
network = db.network_get(net_id) network = db.network_get(net_id)
self._invoke_device_plugins(self._func_name(), [tenant_id, net_id, self._invoke_device_plugins(self._func_name(), [tenant_id, net_id,
port_id, kwargs]) port_id, kwargs])
@ -233,6 +240,7 @@ class L2Network(QuantumPluginBase):
that is attached to this particular port. that is attached to this particular port.
""" """
LOG.debug("get_port_details() called\n") LOG.debug("get_port_details() called\n")
db.validate_port_ownership(tenant_id, net_id, port_id)
network = db.network_get(net_id) network = db.network_get(net_id)
self._invoke_device_plugins(self._func_name(), [tenant_id, net_id, self._invoke_device_plugins(self._func_name(), [tenant_id, net_id,
port_id]) port_id])
@ -250,6 +258,7 @@ class L2Network(QuantumPluginBase):
specified Virtual Network. specified Virtual Network.
""" """
LOG.debug("plug_interface() called\n") LOG.debug("plug_interface() called\n")
db.validate_port_ownership(tenant_id, net_id, port_id)
network = db.network_get(net_id) network = db.network_get(net_id)
port = db.port_get(net_id, port_id) port = db.port_get(net_id, port_id)
attachment_id = port[const.INTERFACEID] attachment_id = port[const.INTERFACEID]
@ -278,6 +287,7 @@ class L2Network(QuantumPluginBase):
specified Virtual Network. specified Virtual Network.
""" """
LOG.debug("unplug_interface() called\n") LOG.debug("unplug_interface() called\n")
db.validate_port_ownership(tenant_id, net_id, port_id)
network = db.network_get(net_id) network = db.network_get(net_id)
port = db.port_get(net_id, port_id) port = db.port_get(net_id, port_id)
attachment_id = port[const.INTERFACEID] attachment_id = port[const.INTERFACEID]
@ -514,6 +524,7 @@ class L2Network(QuantumPluginBase):
ports_dict_list = [] ports_dict_list = []
for net_id in net_id_list: for net_id in net_id_list:
db.validate_network_ownership(tenant_id, net_id)
port = db.port_create(net_id, port_state) port = db.port_create(net_id, port_state)
ports_id_list.append(port[const.UUID]) ports_id_list.append(port[const.UUID])
port_dict = {const.PORT_ID: port[const.UUID]} port_dict = {const.PORT_ID: port[const.UUID]}