diff --git a/src/config/api-server/tests/test_perms2.py b/src/config/api-server/tests/test_perms2.py index 122273f4d86..f83428e053f 100644 --- a/src/config/api-server/tests/test_perms2.py +++ b/src/config/api-server/tests/test_perms2.py @@ -1152,6 +1152,13 @@ def fake_static_file(*args, **kwargs): status_code, result = alice.vnc_lib._http_get('/virtual-networks') self.assertThat(status_code, Equals(401)) + def test_default_ipam_perms(self): + " test default-domain:default-project:default-network-ipam allows global linking by default" + + ipam_fq_name = ['default-domain', 'default-project', 'default-network-ipam'] + ipam = vnc_read_obj(self.admin.vnc_lib, 'network-ipam', name = ipam_fq_name) + self.assertEquals(ipam.get_perms2().global_access, PERMS_X) + def tearDown(self): super(TestPermissions, self).tearDown() # end tearDown diff --git a/src/config/api-server/vnc_cfg_api_server.py b/src/config/api-server/vnc_cfg_api_server.py index 0ce202cd427..edbcc7f1798 100644 --- a/src/config/api-server/vnc_cfg_api_server.py +++ b/src/config/api-server/vnc_cfg_api_server.py @@ -26,6 +26,7 @@ import re import socket from cfgm_common import jsonutils as json +from provision_defaults import * import uuid import copy from pprint import pformat @@ -2749,6 +2750,15 @@ def _db_init_entries(self): except Exception as e: err_msg = cfgm_common.utils.detailed_traceback() self.config_log(err_msg, level=SandeshLevel.SYS_ERR) + + # make default ipam available across tenants for backward compatability + obj_type = 'network_ipam' + fq_name = ['default-domain', 'default-project', 'default-network-ipam'] + obj_uuid = self._db_conn.fq_name_to_uuid(obj_type, fq_name) + (ok, obj_dict) = self._db_conn.dbe_read(obj_type, {'uuid':obj_uuid}, + obj_fields=['perms2']) + obj_dict['perms2']['global_access'] = PERMS_X + self._db_conn.dbe_update(obj_type, {'uuid': obj_uuid}, obj_dict) # end _db_init_entries # generate default rbac group rule