Use elevated context to get default SG from database
With new system/project scopes it may happen that project admin
will try to list security groups for different project and during
that call Neutron will ensure that default security group is created.
In such case elevated context needs to be used to get SG object from
the database otherwise, SG will not be found and error 500 will be
returned through the API.
Use of elevated context is fine here as if user don't have access to
the SG, it will be filtered out by policy mechanism and it will not
be returned through API.
Closes-Bug: #1934115
Change-Id: I0ca07d1a1aaf05c1992aea9e29575580d7933324
(cherry picked from commit f6c3747caeac08df9d865312686be8eccb7f0472)
Reviewed: https:/ /review. opendev. org/c/openstack /neutron/ +/803439 /opendev. org/openstack/ neutron/ commit/ 4b8ebdef8d545dd 5df7e5765eccc82 b9136c92b0
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/wallaby
commit 4b8ebdef8d545dd 5df7e5765eccc82 b9136c92b0
Author: Slawek Kaplonski <email address hidden>
Date: Wed Jun 30 11:28:36 2021 +0200
Use elevated context to get default SG from database
With new system/project scopes it may happen that project admin
will try to list security groups for different project and during
that call Neutron will ensure that default security group is created.
In such case elevated context needs to be used to get SG object from
the database otherwise, SG will not be found and error 500 will be
returned through the API.
Use of elevated context is fine here as if user don't have access to
the SG, it will be filtered out by policy mechanism and it will not
be returned through API.
Closes-Bug: #1934115 c1992aea9e29575 580d7933324 f9d865312686be8 eccb7f0472)
Change-Id: I0ca07d1a1aaf05
(cherry picked from commit f6c3747caeac08d