check for port's tenant id when associating a floating ip to a port

Change-Id: I5365f92755b6fa6174b241d749df5b8447672455 Closes-Bug: 1373849
Juniper · Sep 26, 2014 · 32d78bf · 32d78bf
1 parent 4fb7fd8
commit 32d78bf
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 12 deletions.
diff --git a/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py b/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
@@ -1473,7 +1473,7 @@ def _router_vnc_to_neutron(self, rtr_obj, rtr_repr='SHOW'):
         return rtr_q_dict
     #end _router_vnc_to_neutron
 
-    def _floatingip_neutron_to_vnc(self, fip_q, oper):
+    def _floatingip_neutron_to_vnc(self, context, fip_q, oper):
         if oper == CREATE:
             # TODO for now create from default pool, later
             # use first available pool on net
@@ -1497,14 +1497,18 @@ def _floatingip_neutron_to_vnc(self, fip_q, oper):
         else:  # READ/UPDATE/DELETE
             fip_obj = self._vnc_lib.floating_ip_read(id=fip_q['id'])
 
-        if fip_q.get('port_id'):
+        port_id = fip_q.get('port_id')
+        if port_id:
             try:
-                port_obj = self._virtual_machine_interface_read(
-                    port_id=fip_q['port_id'])
+                port_obj = self._virtual_machine_interface_read(port_id=port_id)
+                if context and not context['is_admin']:
+                    port_tenant_id = self._get_obj_tenant_id('port', port_id)
+                    if port_tenant_id != context['tenant']:
+                        raise NoIdError(port_id)
             except NoIdError:
                 self._raise_contrail_exception('PortNotFound',
                                                resource='floatingip',
-                                               port_id=fip_q['port_id'])
+                                               port_id=port_id)
             fip_obj.set_virtual_machine_interface(port_obj)
         else:
             fip_obj.set_virtual_machine_interface_list([])
@@ -3111,9 +3115,9 @@ def remove_router_interface(self, router_id, port_id=None, subnet_id=None):
     # end remove_router_interface
 
     # floatingip api handlers
-    def floatingip_create(self, fip_q):
+    def floatingip_create(self, context, fip_q):
         try:
-            fip_obj = self._floatingip_neutron_to_vnc(fip_q, CREATE)
+            fip_obj = self._floatingip_neutron_to_vnc(context, fip_q, CREATE)
         except Exception, e:
             #logging.exception(e)
             msg = _('Internal error when trying to create floating ip. '
@@ -3141,9 +3145,9 @@ def floatingip_read(self, fip_uuid):
         return self._floatingip_vnc_to_neutron(fip_obj)
     #end floatingip_read
 
-    def floatingip_update(self, fip_id, fip_q):
+    def floatingip_update(self, context, fip_id, fip_q):
         fip_q['id'] = fip_id
-        fip_obj = self._floatingip_neutron_to_vnc(fip_q, UPDATE)
+        fip_obj = self._floatingip_neutron_to_vnc(context, fip_q, UPDATE)
         self._vnc_lib.floating_ip_update(fip_obj)
 
         return self._floatingip_vnc_to_neutron(fip_obj)
@@ -3363,7 +3367,8 @@ def port_delete(self, port_id):
         fip_back_refs = getattr(port_obj, 'floating_ip_back_refs', None)
         if fip_back_refs:
             for fip_back_ref in fip_back_refs:
-                self.floatingip_update(fip_back_ref['uuid'], {'port_id': None})
+                self.floatingip_update(None, fip_back_ref['uuid'],
+                                       {'port_id': None})
 
         tenant_id = self._get_obj_tenant_id('port', port_id)
         self._virtual_machine_interface_delete(port_id=port_id)

diff --git a/src/config/vnc_openstack/vnc_openstack/neutron_plugin_interface.py b/src/config/vnc_openstack/vnc_openstack/neutron_plugin_interface.py
@@ -490,7 +490,7 @@ def plugin_create_floatingip(self, context, floatingip):
 
         try:
             cfgdb = self._get_user_cfgdb(context)
-            net_info = cfgdb.floatingip_create(floatingip['resource'])
+            net_info = cfgdb.floatingip_create(context, floatingip['resource'])
             return net_info
         except Exception as e:
             cgitb.Hook(format="text").handle(sys.exc_info())
@@ -503,7 +503,7 @@ def plugin_update_floatingip(self, context, floatingip):
 
         try:
             cfgdb = self._get_user_cfgdb(context)
-            floatingip_info = cfgdb.floatingip_update(floatingip['id'],
+            floatingip_info = cfgdb.floatingip_update(context, floatingip['id'],
                                                       floatingip['resource'])
             return floatingip_info
         except Exception as e: