From 55dd7c77d8e568e073323e3b85312d10c4ba47c3 Mon Sep 17 00:00:00 2001 From: nikolay_tymtsiv Date: Wed, 6 Jul 2016 16:23:54 +0300 Subject: [PATCH] Deny changes ip_ranges without meta.notation If ip_ranges value updated in networks.yaml and notation was not changed to 'ip_ranges' from 'cidr' or gatwey was changed but meta.use_gateway is False nailgun will deny this request Closes-Bug: #1514916 Author: ntymtsiv Change-Id: Ic60ffd0ed81a69277577893cb9819adad8741f4a --- .../tests/test_network_configuration.py | 2 ++ .../test_network_configuration_validator.py | 20 +++++++++++ .../network_manager/validators/network.py | 36 +++++++++++++++---- 3 files changed, 51 insertions(+), 7 deletions(-) diff --git a/nailgun/nailgun/extensions/network_manager/tests/test_network_configuration.py b/nailgun/nailgun/extensions/network_manager/tests/test_network_configuration.py index 34c968f89c..ab6f260429 100644 --- a/nailgun/nailgun/extensions/network_manager/tests/test_network_configuration.py +++ b/nailgun/nailgun/extensions/network_manager/tests/test_network_configuration.py @@ -459,6 +459,7 @@ class TestNeutronNetworkConfigurationHandler(BaseIntegrationTest): net_template = '99.61.{0}'.format(idx) ng_data['cidr'] = net_template + '.0/24' ng_data['gateway'] = net_template + '.1' + ng_data['meta']['use_gateway'] = True ng_data['meta']['notation'] = consts.NETWORK_NOTATION.ip_ranges ng_data['ip_ranges'] = [ [net_template + '.11', net_template + '.33'], @@ -484,6 +485,7 @@ class TestNeutronNetworkConfigurationHandler(BaseIntegrationTest): net for net in netconfig['networks'] if net['name'] == consts.NETWORKS.storage)) storage['ip_ranges'] = [["172.16.0.19", "172.16.0.19"]] + storage['meta']['notation'] = consts.NETWORK_NOTATION.ip_ranges self.env.neutron_networks_put(self.cluster.id, netconfig) def test_admin_public_untagged_others_tagged(self): diff --git a/nailgun/nailgun/extensions/network_manager/tests/test_network_configuration_validator.py b/nailgun/nailgun/extensions/network_manager/tests/test_network_configuration_validator.py index cab3d0269d..abe0fa9292 100644 --- a/nailgun/nailgun/extensions/network_manager/tests/test_network_configuration_validator.py +++ b/nailgun/nailgun/extensions/network_manager/tests/test_network_configuration_validator.py @@ -409,6 +409,26 @@ class TestNetworkConfigurationValidator(base.BaseIntegrationTest): result = validator._check_ips_out_of_ip_ranges(mgmt_db, nm, ranges) self.assertTrue(result) + def test_validate_network_with_new_ip_ranges_and_cidr_notation(self): + mgmt = self.find_net_by_name(consts.NETWORKS.management) + mgmt['meta']['notation'] = consts.NETWORK_NOTATION.cidr + mgmt['ip_ranges'] = [['10.101.0.1', '10.101.0.255']] + self.db.flush() + self.assertRaisesInvalidData( + "ip_ranges for network '{0}' (Network IDs: '{1}') cannot be " + "changed with 'cidr' notation, change notation to" + " 'ip_ranges'".format(mgmt['name'], mgmt['id'])) + + def test_validate_network_with_new_gateway(self): + mgmt = self.find_net_by_name(consts.NETWORKS.management) + mgmt['meta']['use_gateway'] = False + mgmt['gateway'] = '10.101.0.0' + self.db.flush() + self.assertRaisesInvalidData( + "Gateway for network '{0}' (Network IDs: '{1}') cannot be " + "changed while 'use_gateway' is False".format( + mgmt['name'], mgmt['id'])) + class TestNovaNetworkConfigurationValidatorProtocol( BaseNetworkConfigurationValidatorProtocolTest diff --git a/nailgun/nailgun/extensions/network_manager/validators/network.py b/nailgun/nailgun/extensions/network_manager/validators/network.py index a7057b2eb5..bc6a78a33d 100644 --- a/nailgun/nailgun/extensions/network_manager/validators/network.py +++ b/nailgun/nailgun/extensions/network_manager/validators/network.py @@ -70,25 +70,47 @@ class NetworkConfigurationValidator(BasicValidator): :return: ng_data :raises: errors.InvalidData """ - cidr = ng_data.get('cidr', ng_db.cidr) - ip_ranges = ng_data.get( - 'ip_ranges', - [(r.first, r.last) for r in ng_db.ip_ranges]) - + ip_ranges_from_db = [[r.first, r.last] for r in ng_db.ip_ranges] + ip_ranges = ng_data.get('ip_ranges', ip_ranges_from_db) release = ng_data.get('release', ng_db.get('release')) if release != ng_db.get('release'): raise errors.InvalidData('Network release could not be changed.') # values are always taken either from request or from DB meta = ng_data.get('meta', {}) - notation = meta.get('notation', ng_db.meta.get('notation')) use_gateway = meta.get('use_gateway', ng_db.meta.get('use_gateway', False)) - gateway = ng_data.get('gateway', ng_db.get('gateway')) + gateway = ng_data.get('gateway') + gateway_from_db = ng_db.get('gateway') + if not gateway and use_gateway: + # Take value from db if use_gateway is True + gateway = gateway_from_db if use_gateway and not gateway: raise errors.InvalidData( "Flag 'use_gateway' cannot be provided without gateway") + if not use_gateway and gateway != gateway_from_db: + # raise exception if use_gateway is False and gateway was changed. + raise errors.InvalidData( + "Gateway for network '{0}' (Network IDs: '{1}') cannot be " + "changed while 'use_gateway' is False".format( + ng_data['name'], ng_data['id'])) + + new_ip_ranges = sorted(ip_ranges) != sorted(ip_ranges_from_db) + notation_from_db = ng_db.meta.get('notation') + notation = meta.get('notation', notation_from_db) + cidr = ng_data.get('cidr', ng_db.cidr) + new_cidr = cidr != ng_db.cidr + # Deny ip ranges change without setting ip_ranges notation. Allow + # changing ip_ranges with cidr notation, when notation changed from + # ip ranges to cidr as well or if cidr changed + if (new_ip_ranges and notation == consts.NETWORK_NOTATION.cidr and + not new_cidr and + notation_from_db != consts.NETWORK_NOTATION.ip_ranges): + raise errors.InvalidData( + "ip_ranges for network '{0}' (Network IDs: '{1}') cannot be " + "changed with 'cidr' notation, change notation to " + "'ip_ranges'".format(ng_data['name'], ng_data['id'])) # Depending on notation required parameters must be either in # the request or DB