diff options
author | shenjiatong <yshxxsjt715@gmail.com> | 2020-03-20 09:15:05 +0800 |
---|---|---|
committer | norman shen <yshxxsjt715@gmail.com> | 2020-04-27 13:37:33 +0000 |
commit | 096d582d60f18f309e7a985ed4e48e22646a4a6c (patch) | |
tree | 14c62cf53fdec17818258a53502ae81537959a60 | |
parent | 7def65539938ece47e2ba329e19fcb7b8002b49b (diff) | |
download | horizon-096d582d60f18f309e7a985ed4e48e22646a4a6c.tar.gz |
Fix tenant_id for a new port.
To successfully create a port in a shared network which belongs
to a different tenant, the tenant of the new port should be same
as the tenant of a request user.
Closes-bug: #1815461
Change-Id: Ia243f213b23f3f34845de5d97e8eaa5aa6979e76
(cherry picked from commit 3c33f46dc8196809d67301f20c8b920cad03b372)
4 files changed, 73 insertions, 2 deletions
diff --git a/openstack_dashboard/dashboards/admin/networks/ports/tests.py b/openstack_dashboard/dashboards/admin/networks/ports/tests.py index 57676f18f..38837f461 100644 --- a/openstack_dashboard/dashboards/admin/networks/ports/tests.py +++ b/openstack_dashboard/dashboards/admin/networks/ports/tests.py @@ -130,6 +130,40 @@ class NetworkPortTests(test.BaseAdminViewTests): 'binding': 1, 'port-security': 1}) + @test.create_mocks({api.neutron: ('network_get', + 'is_extension_supported', + 'security_group_list',)}) + def test_port_create_on_network_from_different_tenant(self): + network = self.networks.list()[1] + tenant_id = self.request.user.tenant_id + # Ensure the network belongs to a different tenant + self.assertNotEqual(tenant_id, network.tenant_id) + + self.mock_network_get.return_value = network + self.mock_security_group_list.return_value = \ + self.security_groups.list() + self._stub_is_extension_supported( + {'mac-learning': False, + 'binding': False, + 'port-security': True}) + + url = reverse('horizon:admin:networks:addport', + args=[network.id]) + res = self.client.get(url) + + self.assertTemplateUsed(res, views.WorkflowView.template_name) + + self.assert_mock_multiple_calls_with_same_arguments( + self.mock_network_get, 2, + mock.call(test.IsHttpRequest(), network.id)) + # Check the new port belongs to a tenant of the network + self.mock_security_group_list.assert_called_once_with( + test.IsHttpRequest(), tenant_id=network.tenant_id) + self._check_is_extension_supported( + {'mac-learning': 1, + 'binding': 1, + 'port-security': 1}) + def test_port_create_post(self): self._test_port_create_post() diff --git a/openstack_dashboard/dashboards/admin/networks/ports/views.py b/openstack_dashboard/dashboards/admin/networks/ports/views.py index e707bf22b..10de33a64 100644 --- a/openstack_dashboard/dashboards/admin/networks/ports/views.py +++ b/openstack_dashboard/dashboards/admin/networks/ports/views.py @@ -29,6 +29,12 @@ class CreateView(project_views.CreateView): workflow_class = admin_workflows.CreatePort failure_url = 'horizon:admin:networks:detail' + def get_initial(self): + network = self.get_network() + return {"network_id": self.kwargs['network_id'], + "network_name": network.name, + "target_tenant_id": network.tenant_id} + class DetailView(project_views.DetailView): tab_group_class = ports_tabs.PortDetailTabs diff --git a/openstack_dashboard/dashboards/project/networks/ports/tests.py b/openstack_dashboard/dashboards/project/networks/ports/tests.py index 295ac7d5c..a690de901 100644 --- a/openstack_dashboard/dashboards/project/networks/ports/tests.py +++ b/openstack_dashboard/dashboards/project/networks/ports/tests.py @@ -544,6 +544,37 @@ class NetworkPortTests(test.TestCase): self.mock_security_group_list.assert_called_once_with( test.IsHttpRequest(), tenant_id='1') + @test.create_mocks({api.neutron: ('network_get', + 'security_group_list', + 'is_extension_supported')}) + def test_port_create_on_network_from_different_tenant(self): + network = self.networks.list()[1] + tenant_id = self.request.user.tenant_id + # Ensure the network belongs to a different tenant + self.assertNotEqual(tenant_id, network.tenant_id) + + self.mock_network_get.return_value = self.networks.first() + self._stub_is_extension_supported({'binding': False, + 'mac-learning': False, + 'port-security': True}) + self.mock_security_group_list.return_value = \ + self.security_groups.list() + + url = reverse('horizon:project:networks:addport', + args=[network.id]) + res = self.client.get(url) + + self.assertTemplateUsed(res, views.WorkflowView.template_name) + self.assert_mock_multiple_calls_with_same_arguments( + self.mock_network_get, 2, + mock.call(test.IsHttpRequest(), network.id)) + self._check_is_extension_supported({'binding': 1, + 'mac-learning': 1, + 'port-security': 1}) + # Check the new port belongs to a tenant of the login user + self.mock_security_group_list.assert_called_once_with( + test.IsHttpRequest(), tenant_id=tenant_id) + def test_port_create_post(self): self._test_port_create_post() diff --git a/openstack_dashboard/dashboards/project/networks/ports/views.py b/openstack_dashboard/dashboards/project/networks/ports/views.py index bab83cd1b..607c5a4d1 100644 --- a/openstack_dashboard/dashboards/project/networks/ports/views.py +++ b/openstack_dashboard/dashboards/project/networks/ports/views.py @@ -55,7 +55,7 @@ class CreateView(workflows.WorkflowView): network = self.get_network() return {"network_id": self.kwargs['network_id'], "network_name": network.name, - "target_tenant_id": network.tenant_id} + "target_tenant_id": self.request.user.project_id} class DetailView(tabs.TabbedTableView): @@ -175,7 +175,7 @@ class UpdateView(workflows.WorkflowView): 'name': port['name'], 'admin_state': port['admin_state_up'], 'mac_address': port['mac_address'], - 'target_tenant_id': port['tenant_id']} + "target_tenant_id": self.request.user.project_id} if port.get('binding__vnic_type'): initial['binding__vnic_type'] = port['binding__vnic_type'] try: |