Merge "Create default-network-ipam with permissions to link to all ot…

…her objects. Without this, subnet and VN in non-default projectis who use default network ipam will not not able to use it" into R3.0

src/config/api-server/tests/test_perms2.py

@@ -1152,6 +1152,13 @@ def fake_static_file(*args, **kwargs):
         status_code, result = alice.vnc_lib._http_get('/virtual-networks')
         self.assertThat(status_code, Equals(401))
 
+    def test_default_ipam_perms(self):
+        " test default-domain:default-project:default-network-ipam allows global linking by default"
+
+        ipam_fq_name = ['default-domain', 'default-project', 'default-network-ipam']
+        ipam = vnc_read_obj(self.admin.vnc_lib, 'network-ipam', name = ipam_fq_name)
+        self.assertEquals(ipam.get_perms2().global_access, PERMS_X)
+
     def tearDown(self):
         super(TestPermissions, self).tearDown()
     # end tearDown

src/config/api-server/vnc_cfg_api_server.py

@@ -26,6 +26,7 @@
 import re
 import socket
 from cfgm_common import jsonutils as json
+from provision_defaults import *
 import uuid
 import copy
 from pprint import pformat
@@ -2749,6 +2750,15 @@ def _db_init_entries(self):
         except Exception as e:
             err_msg = cfgm_common.utils.detailed_traceback()
             self.config_log(err_msg, level=SandeshLevel.SYS_ERR)
+
+        # make default ipam available across tenants for backward compatability
+        obj_type = 'network_ipam'
+        fq_name = ['default-domain', 'default-project', 'default-network-ipam']
+        obj_uuid = self._db_conn.fq_name_to_uuid(obj_type, fq_name)
+        (ok, obj_dict) = self._db_conn.dbe_read(obj_type, {'uuid':obj_uuid},
+                              obj_fields=['perms2'])
+        obj_dict['perms2']['global_access'] = PERMS_X
+        self._db_conn.dbe_update(obj_type, {'uuid': obj_uuid}, obj_dict)
     # end _db_init_entries
 
     # generate default rbac group rule