From 7937144fce54570b2da543663e6ee5e64b1c3cdb Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Fri, 14 Sep 2012 00:21:03 +0000 Subject: Clean up handling of project_only in network_get There was some funky logic for getting networks to work around the project only decorator. This changes the code to match what we actually want which is: In Flat and FlatDHCP mode non-admins should be able to access networks that belong to their project or networks that have no project_id assigned. In VlanManager, project_id=None projects should not be accessible as this means the project hasn't been assigned yet. The assignment is done with an elevated context. This patch adds some logic to model_query to allow None in the project_only filter and makes network_get_all_by_uuids and network_get use it. fixes bug 1048869 Change-Id: I5377cea87dec8e9d0d9cec84e07128c5c6e8dca3 --- nova/tests/fake_network.py | 6 ++-- nova/tests/image/test_s3.py | 3 +- nova/tests/network/test_manager.py | 66 +++++++++++++++++++------------------- 3 files changed, 38 insertions(+), 37 deletions(-) (limited to 'nova/tests') diff --git a/nova/tests/fake_network.py b/nova/tests/fake_network.py index 25ec5c070..ef256dec0 100644 --- a/nova/tests/fake_network.py +++ b/nova/tests/fake_network.py @@ -118,7 +118,7 @@ class FakeNetworkManager(network_manager.NetworkManager): fakenet['id'] = 999 return fakenet - def network_get(self, context, network_id): + def network_get(self, context, network_id, project_only="allow_none"): return {'cidr_v6': '2001:db8:69:%x::/64' % network_id} def network_get_by_uuid(self, context, network_uuid): @@ -127,7 +127,7 @@ class FakeNetworkManager(network_manager.NetworkManager): def network_get_all(self, context): raise exception.NoNetworksFound() - def network_get_all_by_uuids(self, context): + def network_get_all_by_uuids(self, context, project_only="allow_none"): raise exception.NoNetworksFound() def network_disassociate(self, context, network_id): @@ -294,7 +294,7 @@ def fake_get_instance_nw_info(stubs, num_networks=1, ips_per_vif=2, 'network': None, 'instance_uuid': 0} - def network_get_fake(context, network_id): + def network_get_fake(context, network_id, project_only='allow_none'): nets = [n for n in networks if n['id'] == network_id] if not nets: raise exception.NetworkNotFound(network_id=network_id) diff --git a/nova/tests/image/test_s3.py b/nova/tests/image/test_s3.py index 5002be16f..3c92ffb2e 100644 --- a/nova/tests/image/test_s3.py +++ b/nova/tests/image/test_s3.py @@ -187,7 +187,8 @@ class TestS3ImageService(test.TestCase): img = self.image_service._s3_create(self.context, metadata) eventlet.sleep() - translated = self.image_service._translate_id_to_uuid(context, img) + translated = self.image_service._translate_id_to_uuid(self.context, + img) uuid = translated['id'] image_service = fake.FakeImageService() updated_image = image_service.update(self.context, uuid, diff --git a/nova/tests/network/test_manager.py b/nova/tests/network/test_manager.py index 31b600b16..8ef37fe95 100644 --- a/nova/tests/network/test_manager.py +++ b/nova/tests/network/test_manager.py @@ -62,7 +62,7 @@ networks = [{'id': 0, 'project_id': 'fake_project', 'vpn_public_address': '192.168.0.2'}, {'id': 1, - 'uuid': "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", + 'uuid': 'bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb', 'label': 'test1', 'injected': False, 'multi_host': False, @@ -83,14 +83,14 @@ networks = [{'id': 0, 'vpn_public_address': '192.168.1.2'}] fixed_ips = [{'id': 0, - 'network_id': 0, + 'network_id': FAKEUUID, 'address': '192.168.0.100', 'instance_uuid': 0, 'allocated': False, 'virtual_interface_id': 0, 'floating_ips': []}, {'id': 0, - 'network_id': 1, + 'network_id': 'bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb', 'address': '192.168.1.100', 'instance_uuid': 0, 'allocated': False, @@ -202,10 +202,11 @@ class FlatNetworkTestCase(test.TestCase): requested_networks = [('bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb', '192.168.1.100')] - db.network_get_all_by_uuids(mox.IgnoreArg(), - mox.IgnoreArg()).AndReturn(networks) + db.network_get_all_by_uuids(mox.IgnoreArg(), mox.IgnoreArg(), + project_only=mox.IgnoreArg()).AndReturn(networks) db.network_get(mox.IgnoreArg(), - mox.IgnoreArg()).AndReturn(networks[1]) + mox.IgnoreArg(), + project_only=mox.IgnoreArg()).AndReturn(networks[1]) ip = fixed_ips[1].copy() ip['instance_uuid'] = None @@ -238,8 +239,8 @@ class FlatNetworkTestCase(test.TestCase): def test_validate_networks_invalid_fixed_ip(self): self.mox.StubOutWithMock(db, 'network_get_all_by_uuids') requested_networks = [(1, "192.168.0.100.1")] - db.network_get_all_by_uuids(mox.IgnoreArg(), - mox.IgnoreArg()).AndReturn(networks) + db.network_get_all_by_uuids(mox.IgnoreArg(), mox.IgnoreArg(), + project_only=mox.IgnoreArg()).AndReturn(networks) self.mox.ReplayAll() self.assertRaises(exception.FixedIpInvalid, @@ -250,8 +251,8 @@ class FlatNetworkTestCase(test.TestCase): self.mox.StubOutWithMock(db, 'network_get_all_by_uuids') requested_networks = [(1, "")] - db.network_get_all_by_uuids(mox.IgnoreArg(), - mox.IgnoreArg()).AndReturn(networks) + db.network_get_all_by_uuids(mox.IgnoreArg(), mox.IgnoreArg(), + project_only=mox.IgnoreArg()).AndReturn(networks) self.mox.ReplayAll() self.assertRaises(exception.FixedIpInvalid, @@ -262,8 +263,8 @@ class FlatNetworkTestCase(test.TestCase): self.mox.StubOutWithMock(db, 'network_get_all_by_uuids') requested_networks = [(1, None)] - db.network_get_all_by_uuids(mox.IgnoreArg(), - mox.IgnoreArg()).AndReturn(networks) + db.network_get_all_by_uuids(mox.IgnoreArg(), mox.IgnoreArg(), + project_only=mox.IgnoreArg()).AndReturn(networks) self.mox.ReplayAll() self.network.validate_networks(self.context, requested_networks) @@ -293,7 +294,8 @@ class FlatNetworkTestCase(test.TestCase): mox.IgnoreArg(), mox.IgnoreArg()).AndReturn('192.168.0.101') db.network_get(mox.IgnoreArg(), - mox.IgnoreArg()).AndReturn(networks[0]) + mox.IgnoreArg(), + project_only=mox.IgnoreArg()).AndReturn(networks[0]) db.network_update(mox.IgnoreArg(), mox.IgnoreArg(), mox.IgnoreArg()) self.mox.ReplayAll() self.network.add_fixed_ip_to_instance(self.context, 1, HOST, @@ -391,7 +393,8 @@ class FlatNetworkTestCase(test.TestCase): mox.IgnoreArg(), mox.IgnoreArg()).AndReturn(fixedip) db.network_get(mox.IgnoreArg(), - mox.IgnoreArg()).AndReturn(networks[0]) + mox.IgnoreArg(), + project_only=mox.IgnoreArg()).AndReturn(networks[0]) db.network_update(mox.IgnoreArg(), mox.IgnoreArg(), mox.IgnoreArg()) self.mox.ReplayAll() @@ -491,7 +494,7 @@ class VlanNetworkTestCase(test.TestCase): cidr='192.168.0.1/24', network_size=100) def test_validate_networks(self): - def network_get(_context, network_id): + def network_get(_context, network_id, project_only='allow_none'): return networks[network_id] self.stubs.Set(db, 'network_get', network_get) @@ -500,9 +503,8 @@ class VlanNetworkTestCase(test.TestCase): requested_networks = [("bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", "192.168.1.100")] - db.network_get_all_by_uuids(mox.IgnoreArg(), - mox.IgnoreArg(), - mox.IgnoreArg()).AndReturn(networks) + db.network_get_all_by_uuids(mox.IgnoreArg(), mox.IgnoreArg(), + project_only=mox.IgnoreArg()).AndReturn(networks) fixed_ips[1]['network_id'] = networks[1]['id'] fixed_ips[1]['instance_uuid'] = None @@ -524,9 +526,8 @@ class VlanNetworkTestCase(test.TestCase): def test_validate_networks_invalid_fixed_ip(self): self.mox.StubOutWithMock(db, 'network_get_all_by_uuids') requested_networks = [(1, "192.168.0.100.1")] - db.network_get_all_by_uuids(mox.IgnoreArg(), - mox.IgnoreArg(), - mox.IgnoreArg()).AndReturn(networks) + db.network_get_all_by_uuids(mox.IgnoreArg(), mox.IgnoreArg(), + project_only=mox.IgnoreArg()).AndReturn(networks) self.mox.ReplayAll() self.assertRaises(exception.FixedIpInvalid, @@ -537,9 +538,8 @@ class VlanNetworkTestCase(test.TestCase): self.mox.StubOutWithMock(db, 'network_get_all_by_uuids') requested_networks = [(1, "")] - db.network_get_all_by_uuids(mox.IgnoreArg(), - mox.IgnoreArg(), - mox.IgnoreArg()).AndReturn(networks) + db.network_get_all_by_uuids(mox.IgnoreArg(), mox.IgnoreArg(), + project_only=mox.IgnoreArg()).AndReturn(networks) self.mox.ReplayAll() self.assertRaises(exception.FixedIpInvalid, @@ -550,9 +550,8 @@ class VlanNetworkTestCase(test.TestCase): self.mox.StubOutWithMock(db, 'network_get_all_by_uuids') requested_networks = [(1, None)] - db.network_get_all_by_uuids(mox.IgnoreArg(), - mox.IgnoreArg(), - mox.IgnoreArg()).AndReturn(networks) + db.network_get_all_by_uuids(mox.IgnoreArg(), mox.IgnoreArg(), + project_only=mox.IgnoreArg()).AndReturn(networks) self.mox.ReplayAll() self.network.validate_networks(self.context, requested_networks) @@ -879,7 +878,8 @@ class VlanNetworkTestCase(test.TestCase): mox.IgnoreArg(), mox.IgnoreArg()).AndReturn('192.168.0.101') db.network_get(mox.IgnoreArg(), - mox.IgnoreArg()).AndReturn(networks[0]) + mox.IgnoreArg(), + project_only=mox.IgnoreArg()).AndReturn(networks[0]) self.mox.ReplayAll() self.network.add_fixed_ip_to_instance(self.context, 1, HOST, networks[0]['id']) @@ -888,7 +888,7 @@ class VlanNetworkTestCase(test.TestCase): """Makes sure that we cannot deallocaate or disassociate a public ip of other project""" - def network_get(_context, network_id): + def network_get(_context, network_id, project_only="allow_none"): return networks[network_id] self.stubs.Set(db, 'network_get', network_get) @@ -941,7 +941,7 @@ class VlanNetworkTestCase(test.TestCase): Ensures https://bugs.launchpad.net/nova/+bug/973442 doesn't return""" - def network_get(_context, network_id): + def network_get(_context, network_id, project_only="allow_none"): return networks[network_id] self.stubs.Set(db, 'network_get', network_get) @@ -974,7 +974,7 @@ class VlanNetworkTestCase(test.TestCase): def test_deallocate_fixed_deleted(self): """Verify doesn't deallocate deleted fixed_ip from deleted network""" - def network_get(_context, network_id): + def network_get(_context, network_id, project_only="allow_none"): return networks[network_id] def teardown_network_on_host(_context, network): @@ -1012,7 +1012,7 @@ class VlanNetworkTestCase(test.TestCase): Ensures https://bugs.launchpad.net/nova/+bug/968457 doesn't return""" - def network_get(_context, network_id): + def network_get(_context, network_id, project_only="allow_none"): return networks[network_id] self.stubs.Set(db, 'network_get', network_get) @@ -1037,7 +1037,7 @@ class VlanNetworkTestCase(test.TestCase): def test_fixed_ip_cleanup_fail(self): """Verify IP is not deallocated if the security group refresh fails.""" - def network_get(_context, network_id): + def network_get(_context, network_id, project_only="allow_none"): return networks[network_id] self.stubs.Set(db, 'network_get', network_get) -- cgit