Don't pass enable_snat by default in Router
The patch removes the default for enable_snat in the Router resource and removes the value if not specified, to make it possible for non-admin users to create routers: a policy rule in neutron forbids non-admin to pass the enable_snat value. It doesn't break backward compatibility as enable_snat is the default in neutron. Co-Authored-By: ala.rezmerita@cloudwatt.com Closes-Bug: #1306593 Change-Id: Ib9d31f7e0a246bcaa663aaa74755526f8e31df7e
This commit is contained in:
parent
4f7da1b7fc
commit
d7836e9225
|
@ -60,8 +60,9 @@ class Router(neutron.NeutronResource):
|
|||
),
|
||||
EXTERNAL_GATEWAY_ENABLE_SNAT: properties.Schema(
|
||||
properties.Schema.BOOLEAN,
|
||||
_('Enables Source NAT on the router gateway.'),
|
||||
default=True,
|
||||
_('Enables Source NAT on the router gateway. NOTE: The '
|
||||
'default policy setting in Neutron restricts usage of '
|
||||
'this property to administrative users only.'),
|
||||
update_allowed=True
|
||||
),
|
||||
},
|
||||
|
@ -118,6 +119,8 @@ class Router(neutron.NeutronResource):
|
|||
self.neutron(),
|
||||
'network',
|
||||
gateway.pop(self.EXTERNAL_GATEWAY_NETWORK))
|
||||
if gateway[self.EXTERNAL_GATEWAY_ENABLE_SNAT] is None:
|
||||
del gateway[self.EXTERNAL_GATEWAY_ENABLE_SNAT]
|
||||
return props
|
||||
|
||||
def handle_create(self):
|
||||
|
|
|
@ -1426,6 +1426,68 @@ class NeutronRouterTest(HeatTestCase):
|
|||
self.assertTrue(gateway_info.get('enable_snat'))
|
||||
self.m.VerifyAll()
|
||||
|
||||
def test_create_router_gateway_enable_snat(self):
|
||||
clients.OpenStackClients.keystone().AndReturn(
|
||||
fakes.FakeKeystoneClient())
|
||||
|
||||
router.neutronV20.find_resourceid_by_name_or_id(
|
||||
mox.IsA(neutronclient.Client),
|
||||
'network',
|
||||
'public'
|
||||
).AndReturn('fc68ea2c-b60b-4b4f-bd82-94ec81110766')
|
||||
|
||||
neutronclient.Client.create_router({
|
||||
"router": {
|
||||
"name": "Test Router",
|
||||
"external_gateway_info": {
|
||||
'network_id': 'fc68ea2c-b60b-4b4f-bd82-94ec81110766',
|
||||
},
|
||||
"admin_state_up": True,
|
||||
}
|
||||
}).AndReturn({
|
||||
"router": {
|
||||
"status": "BUILD",
|
||||
"external_gateway_info": None,
|
||||
"name": "Test Router",
|
||||
"admin_state_up": True,
|
||||
"tenant_id": "3e21026f2dc94372b105808c0e721661",
|
||||
"id": "3e46229d-8fce-4733-819a-b5fe630550f8"
|
||||
}
|
||||
})
|
||||
|
||||
neutronclient.Client.show_router(
|
||||
'3e46229d-8fce-4733-819a-b5fe630550f8').MultipleTimes().AndReturn({
|
||||
"router": {
|
||||
"status": "ACTIVE",
|
||||
"external_gateway_info": {
|
||||
"network_id":
|
||||
"fc68ea2c-b60b-4b4f-bd82-94ec81110766",
|
||||
"enable_snat": True
|
||||
},
|
||||
"name": "Test Router",
|
||||
"admin_state_up": True,
|
||||
"tenant_id": "3e21026f2dc94372b105808c0e721661",
|
||||
"routes": [],
|
||||
"id": "3e46229d-8fce-4733-819a-b5fe630550f8"
|
||||
}
|
||||
})
|
||||
|
||||
self.m.ReplayAll()
|
||||
t = template_format.parse(neutron_external_gateway_template)
|
||||
t["Resources"]["router"]["Properties"]["external_gateway_info"].pop(
|
||||
"enable_snat")
|
||||
stack = utils.parse_stack(t)
|
||||
rsrc = self.create_router(t, stack, 'router')
|
||||
|
||||
rsrc.validate()
|
||||
|
||||
ref_id = rsrc.FnGetRefId()
|
||||
self.assertEqual('3e46229d-8fce-4733-819a-b5fe630550f8', ref_id)
|
||||
gateway_info = rsrc.FnGetAtt('external_gateway_info')
|
||||
self.assertEqual('fc68ea2c-b60b-4b4f-bd82-94ec81110766',
|
||||
gateway_info.get('network_id'))
|
||||
self.m.VerifyAll()
|
||||
|
||||
def test_update_router_gateway_as_property(self):
|
||||
self._create_router_with_gateway()
|
||||
|
||||
|
|
Loading…
Reference in New Issue