Removing 'force_gateway_on_subnet' option
With this fix 'force_gateway_on_subnet' configuration option is removed, and gateway outside the subnet is always allowed. Gateway cannot be forced onto to the subnet range. DocImpact: All references of 'force_gateway_on_subnet' configuration option and its description should be removed from the docs. Change-Id: I1a676f35828e46fcedf339235ef7be388341f91e Closes-Bug: #1548193
This commit is contained in:
Sreekumar S
parent
3d6cb95f19
commit
7215168b11
@ -145,13 +145,6 @@ core_opts = [
|
||||
"services running on this machine. All the agents and "
|
||||
"services running on this machine must use the same "
|
||||
"host value.")),
|
||||
cfg.BoolOpt('force_gateway_on_subnet', default=True,
|
||||
deprecated_for_removal=True,
|
||||
help=_("Ensure that configured gateway is on subnet. "
|
||||
"For IPv6, validate only if gateway is not a link "
|
||||
"local address. Deprecated, to be removed during the "
|
||||
"Newton release, at which point the gateway will not "
|
||||
"be forced on to subnet.")),
|
||||
cfg.BoolOpt('notify_nova_on_port_status_changes', default=True,
|
||||
help=_("Send notification to nova when port status changes")),
|
||||
cfg.BoolOpt('notify_nova_on_port_data_changes', default=True,
|
||||
|
||||
@ -466,16 +466,9 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
|
||||
|
||||
if attributes.is_attr_set(s.get('gateway_ip')):
|
||||
self._validate_ip_version(ip_ver, s['gateway_ip'], 'gateway_ip')
|
||||
if cfg.CONF.force_gateway_on_subnet:
|
||||
# TODO(sreesiv) check_gateway_in_subnet() will be
|
||||
# obsolete and should be removed when the option
|
||||
# 'force_gateway_on_subnet' is removed.
|
||||
is_gateway_not_valid = not ipam.utils.check_gateway_in_subnet(
|
||||
s['cidr'], s['gateway_ip'])
|
||||
else:
|
||||
is_gateway_not_valid = (
|
||||
ipam.utils.check_gateway_invalid_in_subnet(
|
||||
s['cidr'], s['gateway_ip']))
|
||||
is_gateway_not_valid = (
|
||||
ipam.utils.check_gateway_invalid_in_subnet(
|
||||
s['cidr'], s['gateway_ip']))
|
||||
if is_gateway_not_valid:
|
||||
error_message = _("Gateway is not valid on subnet")
|
||||
raise n_exc.InvalidInput(error_message=error_message)
|
||||
|
||||
@ -13,7 +13,6 @@
|
||||
import abc
|
||||
|
||||
import netaddr
|
||||
from oslo_config import cfg
|
||||
from oslo_utils import uuidutils
|
||||
import six
|
||||
|
||||
@ -105,15 +104,6 @@ class SubnetRequest(object):
|
||||
return self._allocation_pools
|
||||
|
||||
def _validate_with_subnet(self, subnet_cidr):
|
||||
if self.gateway_ip and cfg.CONF.force_gateway_on_subnet:
|
||||
gw_ip = netaddr.IPAddress(self.gateway_ip)
|
||||
if (gw_ip.version == 4 or (gw_ip.version == 6
|
||||
and not gw_ip.is_link_local())):
|
||||
if self.gateway_ip not in subnet_cidr:
|
||||
raise ipam_exc.IpamValueInvalid(_(
|
||||
"gateway_ip %s is not in the subnet") %
|
||||
self.gateway_ip)
|
||||
|
||||
if self.allocation_pools:
|
||||
if subnet_cidr.version != self.allocation_pools[0].version:
|
||||
raise ipam_exc.IpamValueInvalid(_(
|
||||
|
||||
@ -42,14 +42,6 @@ def check_gateway_invalid_in_subnet(cidr, gateway):
|
||||
(net.version == constants.IP_VERSION_4 and ip == net[-1])))
|
||||
|
||||
|
||||
def check_gateway_in_subnet(cidr, gateway):
|
||||
"""Validate that the gateway is on the subnet."""
|
||||
ip = netaddr.IPAddress(gateway)
|
||||
if ip.version == 4 or (ip.version == 6 and not ip.is_link_local()):
|
||||
return check_subnet_ip(cidr, gateway)
|
||||
return True
|
||||
|
||||
|
||||
def generate_pools(cidr, gateway_ip):
|
||||
"""Create IP allocation pools for a specified subnet
|
||||
|
||||
|
||||
@ -3550,17 +3550,7 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
||||
ipv6_ra_mode=constants.IPV6_SLAAC,
|
||||
ipv6_address_mode=constants.IPV6_SLAAC)
|
||||
|
||||
def test_create_subnet_gw_outside_cidr_returns_400(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', True)
|
||||
with self.network() as network:
|
||||
self._create_subnet(self.fmt,
|
||||
network['network']['id'],
|
||||
'10.0.0.0/24',
|
||||
webob.exc.HTTPClientError.code,
|
||||
gateway_ip='100.0.0.1')
|
||||
|
||||
def test_create_subnet_gw_outside_cidr_returns_201(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', False)
|
||||
with self.network() as network:
|
||||
self._create_subnet(self.fmt,
|
||||
network['network']['id'],
|
||||
@ -3569,7 +3559,6 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
||||
gateway_ip='100.0.0.1')
|
||||
|
||||
def test_create_subnet_gw_is_nw_addr_returns_400(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', False)
|
||||
with self.network() as network:
|
||||
self._create_subnet(self.fmt,
|
||||
network['network']['id'],
|
||||
@ -3578,7 +3567,6 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
||||
gateway_ip='10.0.0.0')
|
||||
|
||||
def test_create_subnet_gw_is_broadcast_addr_returns_400(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', False)
|
||||
with self.network() as network:
|
||||
self._create_subnet(self.fmt,
|
||||
network['network']['id'],
|
||||
@ -3935,23 +3923,7 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
||||
ipv6_ra_mode=ra_mode,
|
||||
ipv6_address_mode=addr_mode)
|
||||
|
||||
def test_create_subnet_ipv6_out_of_cidr_global_returns_400(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', True)
|
||||
gateway_ip = '2000::1'
|
||||
cidr = '2001::/64'
|
||||
|
||||
with testlib_api.ExpectedException(
|
||||
webob.exc.HTTPClientError) as ctx_manager:
|
||||
self._test_create_subnet(
|
||||
gateway_ip=gateway_ip, cidr=cidr,
|
||||
ip_version=constants.IP_VERSION_6,
|
||||
ipv6_ra_mode=constants.DHCPV6_STATEFUL,
|
||||
ipv6_address_mode=constants.DHCPV6_STATEFUL)
|
||||
self.assertEqual(webob.exc.HTTPClientError.code,
|
||||
ctx_manager.exception.code)
|
||||
|
||||
def test_create_subnet_ipv6_out_of_cidr_global(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', False)
|
||||
gateway_ip = '2000::1'
|
||||
cidr = '2001::/64'
|
||||
subnet = self._test_create_subnet(
|
||||
@ -3967,7 +3939,6 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
||||
subnet['subnet']['cidr'])
|
||||
|
||||
def test_create_subnet_ipv6_gw_is_nw_addr_returns_400(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', False)
|
||||
gateway_ip = '2001::0'
|
||||
cidr = '2001::/64'
|
||||
|
||||
@ -3982,7 +3953,6 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
||||
ctx_manager.exception.code)
|
||||
|
||||
def test_create_subnet_ipv6_gw_is_nw_end_addr_returns_201(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', False)
|
||||
gateway_ip = '2001::ffff'
|
||||
cidr = '2001::/112'
|
||||
subnet = self._test_create_subnet(
|
||||
@ -4203,19 +4173,7 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
||||
self.assertEqual(webob.exc.HTTPClientError.code,
|
||||
res.status_int)
|
||||
|
||||
def test_update_subnet_gw_outside_cidr_returns_400(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', True)
|
||||
with self.network() as network:
|
||||
with self.subnet(network=network) as subnet:
|
||||
data = {'subnet': {'gateway_ip': '100.0.0.1'}}
|
||||
req = self.new_update_request('subnets', data,
|
||||
subnet['subnet']['id'])
|
||||
res = req.get_response(self.api)
|
||||
self.assertEqual(webob.exc.HTTPClientError.code,
|
||||
res.status_int)
|
||||
|
||||
def test_update_subnet_gw_outside_cidr_returns_200(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', False)
|
||||
with self.network() as network:
|
||||
with self.subnet(network=network) as subnet:
|
||||
data = {'subnet': {'gateway_ip': '100.0.0.1'}}
|
||||
@ -5477,7 +5435,7 @@ class TestSubnetPoolsV2(NeutronDbPluginV2TestCase):
|
||||
'tenant_id': network['network']['tenant_id']}}
|
||||
req = self.new_create_request('subnets', data)
|
||||
result = req.get_response(self.api)
|
||||
self.assertEqual(409, result.status_int)
|
||||
self.assertEqual(201, result.status_int)
|
||||
|
||||
def test_allocate_any_subnet_with_prefixlen(self):
|
||||
with self.network() as network:
|
||||
|
||||
@ -132,18 +132,7 @@ class TestIpamAnySubnetRequest(IpamSubnetRequestTestCase):
|
||||
constants.IPv6,
|
||||
129)
|
||||
|
||||
def test_subnet_request_bad_gateway(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', True)
|
||||
self.assertRaises(ipam_exc.IpamValueInvalid,
|
||||
ipam_req.AnySubnetRequest,
|
||||
self.tenant_id,
|
||||
self.subnet_id,
|
||||
constants.IPv6,
|
||||
64,
|
||||
gateway_ip='2000::1')
|
||||
|
||||
def test_subnet_request_good_gateway(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', False)
|
||||
def test_subnet_request_gateway(self):
|
||||
request = ipam_req.AnySubnetRequest(self.tenant_id,
|
||||
self.subnet_id,
|
||||
constants.IPv6,
|
||||
@ -183,17 +172,7 @@ class TestIpamSpecificSubnetRequest(IpamSubnetRequestTestCase):
|
||||
self.assertEqual(netaddr.IPAddress('1.2.3.1'), request.gateway_ip)
|
||||
self.assertEqual(netaddr.IPNetwork('1.2.3.0/24'), request.subnet_cidr)
|
||||
|
||||
def test_subnet_request_bad_gateway(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', True)
|
||||
self.assertRaises(ipam_exc.IpamValueInvalid,
|
||||
ipam_req.SpecificSubnetRequest,
|
||||
self.tenant_id,
|
||||
self.subnet_id,
|
||||
'2001::1',
|
||||
gateway_ip='2000::1')
|
||||
|
||||
def test_subnet_request_good_gateway(self):
|
||||
cfg.CONF.set_override('force_gateway_on_subnet', False)
|
||||
def test_subnet_request_gateway(self):
|
||||
request = ipam_req.SpecificSubnetRequest(self.tenant_id,
|
||||
self.subnet_id,
|
||||
'2001::1',
|
||||
|
||||
@ -0,0 +1,11 @@
|
||||
---
|
||||
fixes:
|
||||
- Fixes Bug 1548193, removing 'force_gateway_on_subnet'
|
||||
configuration option. This will always allow adding
|
||||
gateway outside the subnet, and gateway cannot be
|
||||
forced onto the subnet range.
|
||||
other:
|
||||
- The configuration option 'force_gateway_on_subnet'
|
||||
is removed. This will always allow adding gateway
|
||||
outside the subnet, and gateway cannot be forced
|
||||
onto the subnet range.
|
||||
Loading…
Reference in New Issue
Block a user