From 6e70cd450c8b920a1055af88e000f824f8bea2cf Mon Sep 17 00:00:00 2001 From: Elvira Garcia Date: Tue, 29 Jul 2025 17:42:36 +0200 Subject: [PATCH] [SGL] Use admin context to retrieve log objs Previously we tried to search which log objects existed based on the context of the user who is creating a change on a security group rule. This is not correct as only admin can fetch log objects. Closes-Bug: #2107446 Change-Id: Ia65e06c83ced9cde7618d4d7f3c7b0b3ae48c3fa Signed-off-by: Elvira Garcia --- neutron/services/logapi/common/sg_callback.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/neutron/services/logapi/common/sg_callback.py b/neutron/services/logapi/common/sg_callback.py index 6944894a02d..3593bd1af8d 100644 --- a/neutron/services/logapi/common/sg_callback.py +++ b/neutron/services/logapi/common/sg_callback.py @@ -13,6 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. +from neutron_lib import context as n_context from neutron_lib.services.logapi import constants as log_const from neutron.services.logapi.common import db_api @@ -23,14 +24,16 @@ class SecurityGroupRuleCallBack(manager.ResourceCallBackBase): def handle_event(self, resource, event, trigger, payload): context = payload.context + admin_context = n_context.get_admin_context() sg_rule = payload.latest_state if sg_rule: sg_id = sg_rule.get('security_group_id') else: sg_id = payload.resource_id + # Log resources can only be fetched from admin context. log_resources = db_api.get_logs_bound_sg( - context, sg_id=sg_id, project_id=context.project_id) + admin_context, sg_id=sg_id, project_id=context.project_id) if log_resources: self.resource_push_api( log_const.RESOURCE_UPDATE, context, log_resources)