From 77f95d3a54877ccc263c2c4876fe54902fd36b4c Mon Sep 17 00:00:00 2001
From: Yves-Gwenael Bourhis <yves-gwenael.bourhis@cloudwatt.com>
Date: Mon, 8 Jun 2015 09:56:14 +0200
Subject: [PATCH] Allow to attach FIP without a router

The Default Neutron implementation needs a router with a gateway to associate a
FIP. So by default a topology check will be performed by horizon to list only
VM ports attached to a network which is itself attached to a router with an
external gateway. This is to prevent from setting a FIP to a port which will
fail with an error.

Some Neutron vendors do not require it. Some can even attach a FIP to any port
(e.g.: OpenContrail) owned by a tenant.

This patch adds a setting allowing to bypass the topology check in order to let
the user associate a FIP to an instance on a subnet with no router if the
Neutron backend allows it.

Change-Id: I1bf8bd0113a154c5e0bf0f75065b911f15db3e83
Closes-Bug: #1462902
---
 doc/source/topics/settings.rst                 | 18 +++++++++++++++++-
 openstack_dashboard/api/neutron.py             |  3 +++
 .../local/local_settings.py.example            |  1 +
 .../test/api_tests/network_tests.py            |  7 ++++++-
 4 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/doc/source/topics/settings.rst b/doc/source/topics/settings.rst
index 4b28d3e6e8..094ef5414a 100755
--- a/doc/source/topics/settings.rst
+++ b/doc/source/topics/settings.rst
@@ -749,7 +749,8 @@ Default::
             'profile_support': None,
             'supported_provider_types': ["*"],
             'supported_vnic_types': ["*"],
-            'segmentation_id_range': {}
+            'segmentation_id_range': {},
+            'enable_fip_topology_check': True,
         }
 
 A dictionary of settings which can be used to enable optional services provided
@@ -902,6 +903,21 @@ and maximum value will be the default for the provider network type.
 
 Example: ``{'vlan': [1024, 2048], 'gre': [4094, 65536]}``
 
+``enable_fip_topology_check``:
+
+Default: ``True``
+
+The Default Neutron implementation needs a router with a gateway to associate a
+FIP. So by default a topology check will be performed by horizon to list only
+VM ports attached to a network which is itself attached to a router with an
+external gateway. This is to prevent from setting a FIP to a port which will
+fail with an error.
+Some Neutron vendors do not require it. Some can even attach a FIP to any port
+(e.g.: OpenContrail) owned by a tenant.
+Set to False if you want to be able to associate a FIP to an instance on a
+subnet with no router if your Neutron backend allows it.
+
+.. versionadded:: 2015.2(Liberty)
 
 ``OPENSTACK_SSL_CACERT``
 ------------------------
diff --git a/openstack_dashboard/api/neutron.py b/openstack_dashboard/api/neutron.py
index b8a44d9813..20b26529da 100644
--- a/openstack_dashboard/api/neutron.py
+++ b/openstack_dashboard/api/neutron.py
@@ -431,6 +431,9 @@ class FloatingIpManager(network_base.FloatingIpManager):
                                       {'floatingip': update_dict})
 
     def _get_reachable_subnets(self, ports):
+        if not is_enabled_by_config('enable_fip_topology_check', True):
+            # All subnets are reachable from external network
+            return set(p.fixed_ips[0]['subnet_id'] for p in ports)
         # Retrieve subnet list reachable from external network
         ext_net_ids = [ext_net.id for ext_net in self.list_pools()]
         gw_routers = [r.id for r in router_list(self.request)
diff --git a/openstack_dashboard/local/local_settings.py.example b/openstack_dashboard/local/local_settings.py.example
index 9ae6054fd4..612d390353 100644
--- a/openstack_dashboard/local/local_settings.py.example
+++ b/openstack_dashboard/local/local_settings.py.example
@@ -237,6 +237,7 @@ OPENSTACK_NEUTRON_NETWORK = {
     'enable_lb': True,
     'enable_firewall': True,
     'enable_vpn': True,
+    'enable_fip_topology_check': True,
 
     # The profile_support option is used to detect if an external router can be
     # configured via the dashboard. When using specific plugins the
diff --git a/openstack_dashboard/test/api_tests/network_tests.py b/openstack_dashboard/test/api_tests/network_tests.py
index 37b16ba711..7d432147fb 100644
--- a/openstack_dashboard/test/api_tests/network_tests.py
+++ b/openstack_dashboard/test/api_tests/network_tests.py
@@ -691,7 +691,12 @@ class NetworkApiNeutronFloatingIpTests(NetworkApiNeutronTestBase):
     def _subs_from_port(self, port):
         return [ip['subnet_id'] for ip in port['fixed_ips']]
 
-    @override_settings(OPENSTACK_NEUTRON_NETWORK={'enable_lb': True})
+    @override_settings(
+        OPENSTACK_NEUTRON_NETWORK={
+            'enable_lb': True,
+            'enable_fip_topology_check': True,
+        }
+    )
     def test_floating_ip_target_list(self):
         ports = self.api_ports.list()
         # Port on the first subnet is connected to a router