diff --git a/neutron/common/config.py b/neutron/common/config.py index 24b78b2639b..10e42008ad7 100644 --- a/neutron/common/config.py +++ b/neutron/common/config.py @@ -145,13 +145,6 @@ core_opts = [ "services running on this machine. All the agents and " "services running on this machine must use the same " "host value.")), - cfg.BoolOpt('force_gateway_on_subnet', default=True, - deprecated_for_removal=True, - help=_("Ensure that configured gateway is on subnet. " - "For IPv6, validate only if gateway is not a link " - "local address. Deprecated, to be removed during the " - "Newton release, at which point the gateway will not " - "be forced on to subnet.")), cfg.BoolOpt('notify_nova_on_port_status_changes', default=True, help=_("Send notification to nova when port status changes")), cfg.BoolOpt('notify_nova_on_port_data_changes', default=True, diff --git a/neutron/db/db_base_plugin_v2.py b/neutron/db/db_base_plugin_v2.py index 18c32d45d1b..d5a718a5891 100644 --- a/neutron/db/db_base_plugin_v2.py +++ b/neutron/db/db_base_plugin_v2.py @@ -466,16 +466,9 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon, if attributes.is_attr_set(s.get('gateway_ip')): self._validate_ip_version(ip_ver, s['gateway_ip'], 'gateway_ip') - if cfg.CONF.force_gateway_on_subnet: - # TODO(sreesiv) check_gateway_in_subnet() will be - # obsolete and should be removed when the option - # 'force_gateway_on_subnet' is removed. - is_gateway_not_valid = not ipam.utils.check_gateway_in_subnet( - s['cidr'], s['gateway_ip']) - else: - is_gateway_not_valid = ( - ipam.utils.check_gateway_invalid_in_subnet( - s['cidr'], s['gateway_ip'])) + is_gateway_not_valid = ( + ipam.utils.check_gateway_invalid_in_subnet( + s['cidr'], s['gateway_ip'])) if is_gateway_not_valid: error_message = _("Gateway is not valid on subnet") raise n_exc.InvalidInput(error_message=error_message) diff --git a/neutron/ipam/requests.py b/neutron/ipam/requests.py index 466cb3d4afa..bf5f9d176f7 100644 --- a/neutron/ipam/requests.py +++ b/neutron/ipam/requests.py @@ -13,7 +13,6 @@ import abc import netaddr -from oslo_config import cfg from oslo_utils import uuidutils import six @@ -105,15 +104,6 @@ class SubnetRequest(object): return self._allocation_pools def _validate_with_subnet(self, subnet_cidr): - if self.gateway_ip and cfg.CONF.force_gateway_on_subnet: - gw_ip = netaddr.IPAddress(self.gateway_ip) - if (gw_ip.version == 4 or (gw_ip.version == 6 - and not gw_ip.is_link_local())): - if self.gateway_ip not in subnet_cidr: - raise ipam_exc.IpamValueInvalid(_( - "gateway_ip %s is not in the subnet") % - self.gateway_ip) - if self.allocation_pools: if subnet_cidr.version != self.allocation_pools[0].version: raise ipam_exc.IpamValueInvalid(_( diff --git a/neutron/ipam/utils.py b/neutron/ipam/utils.py index d381570c67d..3c01a8f334e 100644 --- a/neutron/ipam/utils.py +++ b/neutron/ipam/utils.py @@ -42,14 +42,6 @@ def check_gateway_invalid_in_subnet(cidr, gateway): (net.version == constants.IP_VERSION_4 and ip == net[-1]))) -def check_gateway_in_subnet(cidr, gateway): - """Validate that the gateway is on the subnet.""" - ip = netaddr.IPAddress(gateway) - if ip.version == 4 or (ip.version == 6 and not ip.is_link_local()): - return check_subnet_ip(cidr, gateway) - return True - - def generate_pools(cidr, gateway_ip): """Create IP allocation pools for a specified subnet diff --git a/neutron/tests/unit/db/test_db_base_plugin_v2.py b/neutron/tests/unit/db/test_db_base_plugin_v2.py index aaec257c2ea..ab9269bf574 100644 --- a/neutron/tests/unit/db/test_db_base_plugin_v2.py +++ b/neutron/tests/unit/db/test_db_base_plugin_v2.py @@ -3550,17 +3550,7 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase): ipv6_ra_mode=constants.IPV6_SLAAC, ipv6_address_mode=constants.IPV6_SLAAC) - def test_create_subnet_gw_outside_cidr_returns_400(self): - cfg.CONF.set_override('force_gateway_on_subnet', True) - with self.network() as network: - self._create_subnet(self.fmt, - network['network']['id'], - '10.0.0.0/24', - webob.exc.HTTPClientError.code, - gateway_ip='100.0.0.1') - def test_create_subnet_gw_outside_cidr_returns_201(self): - cfg.CONF.set_override('force_gateway_on_subnet', False) with self.network() as network: self._create_subnet(self.fmt, network['network']['id'], @@ -3569,7 +3559,6 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase): gateway_ip='100.0.0.1') def test_create_subnet_gw_is_nw_addr_returns_400(self): - cfg.CONF.set_override('force_gateway_on_subnet', False) with self.network() as network: self._create_subnet(self.fmt, network['network']['id'], @@ -3578,7 +3567,6 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase): gateway_ip='10.0.0.0') def test_create_subnet_gw_is_broadcast_addr_returns_400(self): - cfg.CONF.set_override('force_gateway_on_subnet', False) with self.network() as network: self._create_subnet(self.fmt, network['network']['id'], @@ -3935,23 +3923,7 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase): ipv6_ra_mode=ra_mode, ipv6_address_mode=addr_mode) - def test_create_subnet_ipv6_out_of_cidr_global_returns_400(self): - cfg.CONF.set_override('force_gateway_on_subnet', True) - gateway_ip = '2000::1' - cidr = '2001::/64' - - with testlib_api.ExpectedException( - webob.exc.HTTPClientError) as ctx_manager: - self._test_create_subnet( - gateway_ip=gateway_ip, cidr=cidr, - ip_version=constants.IP_VERSION_6, - ipv6_ra_mode=constants.DHCPV6_STATEFUL, - ipv6_address_mode=constants.DHCPV6_STATEFUL) - self.assertEqual(webob.exc.HTTPClientError.code, - ctx_manager.exception.code) - def test_create_subnet_ipv6_out_of_cidr_global(self): - cfg.CONF.set_override('force_gateway_on_subnet', False) gateway_ip = '2000::1' cidr = '2001::/64' subnet = self._test_create_subnet( @@ -3967,7 +3939,6 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase): subnet['subnet']['cidr']) def test_create_subnet_ipv6_gw_is_nw_addr_returns_400(self): - cfg.CONF.set_override('force_gateway_on_subnet', False) gateway_ip = '2001::0' cidr = '2001::/64' @@ -3982,7 +3953,6 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase): ctx_manager.exception.code) def test_create_subnet_ipv6_gw_is_nw_end_addr_returns_201(self): - cfg.CONF.set_override('force_gateway_on_subnet', False) gateway_ip = '2001::ffff' cidr = '2001::/112' subnet = self._test_create_subnet( @@ -4203,19 +4173,7 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase): self.assertEqual(webob.exc.HTTPClientError.code, res.status_int) - def test_update_subnet_gw_outside_cidr_returns_400(self): - cfg.CONF.set_override('force_gateway_on_subnet', True) - with self.network() as network: - with self.subnet(network=network) as subnet: - data = {'subnet': {'gateway_ip': '100.0.0.1'}} - req = self.new_update_request('subnets', data, - subnet['subnet']['id']) - res = req.get_response(self.api) - self.assertEqual(webob.exc.HTTPClientError.code, - res.status_int) - def test_update_subnet_gw_outside_cidr_returns_200(self): - cfg.CONF.set_override('force_gateway_on_subnet', False) with self.network() as network: with self.subnet(network=network) as subnet: data = {'subnet': {'gateway_ip': '100.0.0.1'}} @@ -5477,7 +5435,7 @@ class TestSubnetPoolsV2(NeutronDbPluginV2TestCase): 'tenant_id': network['network']['tenant_id']}} req = self.new_create_request('subnets', data) result = req.get_response(self.api) - self.assertEqual(409, result.status_int) + self.assertEqual(201, result.status_int) def test_allocate_any_subnet_with_prefixlen(self): with self.network() as network: diff --git a/neutron/tests/unit/ipam/test_requests.py b/neutron/tests/unit/ipam/test_requests.py index 4ed765b8c04..84d71417fe3 100644 --- a/neutron/tests/unit/ipam/test_requests.py +++ b/neutron/tests/unit/ipam/test_requests.py @@ -132,18 +132,7 @@ class TestIpamAnySubnetRequest(IpamSubnetRequestTestCase): constants.IPv6, 129) - def test_subnet_request_bad_gateway(self): - cfg.CONF.set_override('force_gateway_on_subnet', True) - self.assertRaises(ipam_exc.IpamValueInvalid, - ipam_req.AnySubnetRequest, - self.tenant_id, - self.subnet_id, - constants.IPv6, - 64, - gateway_ip='2000::1') - - def test_subnet_request_good_gateway(self): - cfg.CONF.set_override('force_gateway_on_subnet', False) + def test_subnet_request_gateway(self): request = ipam_req.AnySubnetRequest(self.tenant_id, self.subnet_id, constants.IPv6, @@ -183,17 +172,7 @@ class TestIpamSpecificSubnetRequest(IpamSubnetRequestTestCase): self.assertEqual(netaddr.IPAddress('1.2.3.1'), request.gateway_ip) self.assertEqual(netaddr.IPNetwork('1.2.3.0/24'), request.subnet_cidr) - def test_subnet_request_bad_gateway(self): - cfg.CONF.set_override('force_gateway_on_subnet', True) - self.assertRaises(ipam_exc.IpamValueInvalid, - ipam_req.SpecificSubnetRequest, - self.tenant_id, - self.subnet_id, - '2001::1', - gateway_ip='2000::1') - - def test_subnet_request_good_gateway(self): - cfg.CONF.set_override('force_gateway_on_subnet', False) + def test_subnet_request_gateway(self): request = ipam_req.SpecificSubnetRequest(self.tenant_id, self.subnet_id, '2001::1', diff --git a/releasenotes/notes/remove-force_gateway_on_subnet-77cb79f0b35d0c6d.yaml b/releasenotes/notes/remove-force_gateway_on_subnet-77cb79f0b35d0c6d.yaml new file mode 100644 index 00000000000..0bccdd3024c --- /dev/null +++ b/releasenotes/notes/remove-force_gateway_on_subnet-77cb79f0b35d0c6d.yaml @@ -0,0 +1,11 @@ +--- +fixes: + - Fixes Bug 1548193, removing 'force_gateway_on_subnet' + configuration option. This will always allow adding + gateway outside the subnet, and gateway cannot be + forced onto the subnet range. +other: + - The configuration option 'force_gateway_on_subnet' + is removed. This will always allow adding gateway + outside the subnet, and gateway cannot be forced + onto the subnet range.