From d41d423df3cfdd14d546f36745d33431cc293029 Mon Sep 17 00:00:00 2001 From: John Davidge Date: Wed, 16 Dec 2015 16:42:47 -0800 Subject: [PATCH] Prevent PD subnets with incorrect IPv6 modes This patch prevents the creation of IPv6 Prefix Delegation enabled subnets with any values other than slaac or dhcpv6-stateless for ipv6_ra_mode and ipv6_address_mode. Also includes new tests to prevent future regressions. Change-Id: I2e3cd4dda185e478b0f97eb8511e64ad2b83a2cf Closes-Bug: 1527000 --- neutron/db/db_base_plugin_v2.py | 3 +- .../tests/unit/db/test_db_base_plugin_v2.py | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/neutron/db/db_base_plugin_v2.py b/neutron/db/db_base_plugin_v2.py index aa155048c9c..54b00b5b8c5 100644 --- a/neutron/db/db_base_plugin_v2.py +++ b/neutron/db/db_base_plugin_v2.py @@ -521,8 +521,7 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon, raise n_exc.BadRequest(resource='subnets', msg=reason) mode_list = [constants.IPV6_SLAAC, - constants.DHCPV6_STATELESS, - attributes.ATTR_NOT_SPECIFIED] + constants.DHCPV6_STATELESS] ra_mode = subnet.get('ipv6_ra_mode') if ra_mode not in mode_list: diff --git a/neutron/tests/unit/db/test_db_base_plugin_v2.py b/neutron/tests/unit/db/test_db_base_plugin_v2.py index 3fea278d2db..dca298fb39d 100644 --- a/neutron/tests/unit/db/test_db_base_plugin_v2.py +++ b/neutron/tests/unit/db/test_db_base_plugin_v2.py @@ -3000,6 +3000,38 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase): res = subnet_req.get_response(self.api) self.assertEqual(webob.exc.HTTPClientError.code, res.status_int) + def _test_create_subnet_V6_pd_modes(self, ra_addr_mode, expect_fail=False): + cfg.CONF.set_override('ipv6_pd_enabled', True) + with self.network() as network: + data = {'subnet': {'network_id': network['network']['id'], + 'ip_version': '6', + 'tenant_id': network['network']['tenant_id']}} + if ra_addr_mode: + data['subnet']['ipv6_ra_mode'] = ra_addr_mode + data['subnet']['ipv6_address_mode'] = ra_addr_mode + subnet_req = self.new_create_request('subnets', data) + res = subnet_req.get_response(self.api) + if expect_fail: + self.assertEqual(webob.exc.HTTPClientError.code, + res.status_int) + else: + subnet = self.deserialize(self.fmt, res)['subnet'] + self.assertEqual(constants.IPV6_PD_POOL_ID, + subnet['subnetpool_id']) + + def test_create_subnet_V6_pd_slaac(self): + self._test_create_subnet_V6_pd_modes('slaac') + + def test_create_subnet_V6_pd_stateless(self): + self._test_create_subnet_V6_pd_modes('dhcpv6-stateless') + + def test_create_subnet_V6_pd_statefull(self): + self._test_create_subnet_V6_pd_modes('dhcpv6-statefull', + expect_fail=True) + + def test_create_subnet_V6_pd_no_mode(self): + self._test_create_subnet_V6_pd_modes(None, expect_fail=True) + def test_create_2_subnets_overlapping_cidr_allowed_returns_200(self): cidr_1 = '10.0.0.0/23' cidr_2 = '10.0.0.0/24'