From e3b7ceeb3b28e4b3b7b96be60bf67350ae8912f6 Mon Sep 17 00:00:00 2001 From: Akihiro Motoki Date: Sat, 15 Mar 2014 07:57:34 +0900 Subject: [PATCH] Ensure to count firewalls in target tenant Previously admin tenant cannot create a firewall if other tenant already created a firewall. We need to count firewalls only in a target tenant. Change-Id: I3e6d151d00d4a487bdd858e94929fab8960511a2 Closes-Bug: #1258438 --- neutron/services/firewall/fwaas_plugin.py | 3 ++- neutron/tests/unit/db/firewall/test_db_firewall.py | 9 ++++++--- .../tests/unit/services/firewall/test_fwaas_plugin.py | 7 +++++++ 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/neutron/services/firewall/fwaas_plugin.py b/neutron/services/firewall/fwaas_plugin.py index 74b889a28c..f52902bcc7 100644 --- a/neutron/services/firewall/fwaas_plugin.py +++ b/neutron/services/firewall/fwaas_plugin.py @@ -225,7 +225,8 @@ class FirewallPlugin(firewall_db.Firewall_db_mixin): LOG.debug(_("create_firewall() called")) tenant_id = self._get_tenant_id_for_create(context, firewall['firewall']) - fw_count = self.get_firewalls_count(context) + fw_count = self.get_firewalls_count(context, + filters={'tenant_id': [tenant_id]}) if fw_count: raise FirewallCountExceeded(tenant_id=tenant_id) firewall['firewall']['status'] = const.PENDING_CREATE diff --git a/neutron/tests/unit/db/firewall/test_db_firewall.py b/neutron/tests/unit/db/firewall/test_db_firewall.py index 010aa9d1ef..372fca4727 100644 --- a/neutron/tests/unit/db/firewall/test_db_firewall.py +++ b/neutron/tests/unit/db/firewall/test_db_firewall.py @@ -153,9 +153,10 @@ class FirewallPluginDbTestCase(test_db_plugin.NeutronDbPluginV2TestCase): def _create_firewall_policy(self, fmt, name, description, shared, firewall_rules, audited, expected_res_status=None, **kwargs): + tenant_id = kwargs.get('tenant_id', self._tenant_id) data = {'firewall_policy': {'name': name, 'description': description, - 'tenant_id': self._tenant_id, + 'tenant_id': tenant_id, 'shared': shared, 'firewall_rules': firewall_rules, 'audited': audited}} @@ -199,8 +200,9 @@ class FirewallPluginDbTestCase(test_db_plugin.NeutronDbPluginV2TestCase): destination_ip_address, source_port, destination_port, action, enabled, expected_res_status=None, **kwargs): + tenant_id = kwargs.get('tenant_id', self._tenant_id) data = {'firewall_rule': {'name': name, - 'tenant_id': self._tenant_id, + 'tenant_id': tenant_id, 'shared': shared, 'protocol': protocol, 'ip_version': ip_version, @@ -248,11 +250,12 @@ class FirewallPluginDbTestCase(test_db_plugin.NeutronDbPluginV2TestCase): def _create_firewall(self, fmt, name, description, firewall_policy_id, admin_state_up=True, expected_res_status=None, **kwargs): + tenant_id = kwargs.get('tenant_id', self._tenant_id) data = {'firewall': {'name': name, 'description': description, 'firewall_policy_id': firewall_policy_id, 'admin_state_up': admin_state_up, - 'tenant_id': self._tenant_id}} + 'tenant_id': tenant_id}} firewall_req = self.new_create_request('firewalls', data, fmt) firewall_res = firewall_req.get_response(self.ext_api) diff --git a/neutron/tests/unit/services/firewall/test_fwaas_plugin.py b/neutron/tests/unit/services/firewall/test_fwaas_plugin.py index d4590e8f0f..840ac9c22d 100644 --- a/neutron/tests/unit/services/firewall/test_fwaas_plugin.py +++ b/neutron/tests/unit/services/firewall/test_fwaas_plugin.py @@ -200,6 +200,13 @@ class TestFirewallPluginBase(test_db_firewall.TestFirewallDBPlugin): firewall_policy_id=None, admin_state_up=True) self.assertEqual(res.status_int, 500) + def test_create_firewall_admin_not_affected_by_other_tenant(self): + # Create fw with admin after creating fw with other tenant + with self.firewall(tenant_id='other-tenant') as fw1: + with self.firewall() as fw2: + self.assertEqual('other-tenant', fw1['firewall']['tenant_id']) + self.assertEqual(self._tenant_id, fw2['firewall']['tenant_id']) + def test_update_firewall(self): ctx = context.get_admin_context() name = "new_firewall1"