L3: prevent associating a FIP to a DHCP port
We should not allow a floating IP to be assigned to a DHCP port. Change-Id: I6bf940b6e9195dc7d99e13fbe4454b08488cab0f Closes-bug: #1739071
This commit is contained in:
parent
569b51483b
commit
bab1ae8812
|
@ -204,6 +204,15 @@ def is_dvr_serviced(device_owner):
|
||||||
device_owner in get_other_dvr_serviced_device_owners())
|
device_owner in get_other_dvr_serviced_device_owners())
|
||||||
|
|
||||||
|
|
||||||
|
def is_fip_serviced(device_owner):
|
||||||
|
"""Check if the port can be assigned a floating IP
|
||||||
|
|
||||||
|
Helper function to check the device owner of a
|
||||||
|
port can be assigned a floating IP.
|
||||||
|
"""
|
||||||
|
return device_owner != n_const.DEVICE_OWNER_DHCP
|
||||||
|
|
||||||
|
|
||||||
def ip_to_cidr(ip, prefix=None):
|
def ip_to_cidr(ip, prefix=None):
|
||||||
"""Convert an ip with no prefix to cidr notation
|
"""Convert an ip with no prefix to cidr notation
|
||||||
|
|
||||||
|
|
|
@ -1143,6 +1143,9 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase,
|
||||||
raise n_exc.BadRequest(resource='floatingip', msg=msg)
|
raise n_exc.BadRequest(resource='floatingip', msg=msg)
|
||||||
|
|
||||||
internal_subnet_id = None
|
internal_subnet_id = None
|
||||||
|
if not utils.is_fip_serviced(internal_port.get('device_owner')):
|
||||||
|
msg = _('Port %(id)s is unable to be assigned a floating IP')
|
||||||
|
raise n_exc.BadRequest(resource='floatingip', msg=msg)
|
||||||
if fip.get('fixed_ip_address'):
|
if fip.get('fixed_ip_address'):
|
||||||
internal_ip_address = fip['fixed_ip_address']
|
internal_ip_address = fip['fixed_ip_address']
|
||||||
if netaddr.IPAddress(internal_ip_address).version != 4:
|
if netaddr.IPAddress(internal_ip_address).version != 4:
|
||||||
|
|
|
@ -494,6 +494,24 @@ class TestDvrServices(base.BaseTestCase):
|
||||||
self._test_is_dvr_serviced(constants.DEVICE_OWNER_COMPUTE_PREFIX, True)
|
self._test_is_dvr_serviced(constants.DEVICE_OWNER_COMPUTE_PREFIX, True)
|
||||||
|
|
||||||
|
|
||||||
|
class TestFipServices(base.BaseTestCase):
|
||||||
|
|
||||||
|
def _test_is_fip_serviced(self, device_owner, expected):
|
||||||
|
self.assertEqual(expected, utils.is_fip_serviced(device_owner))
|
||||||
|
|
||||||
|
def test_is_fip_serviced_with_lb_port(self):
|
||||||
|
self._test_is_fip_serviced(constants.DEVICE_OWNER_LOADBALANCER, True)
|
||||||
|
|
||||||
|
def test_is_fip_serviced_with_lbv2_port(self):
|
||||||
|
self._test_is_fip_serviced(constants.DEVICE_OWNER_LOADBALANCERV2, True)
|
||||||
|
|
||||||
|
def test_is_fip_serviced_with_dhcp_port(self):
|
||||||
|
self._test_is_fip_serviced(constants.DEVICE_OWNER_DHCP, False)
|
||||||
|
|
||||||
|
def test_is_fip_serviced_with_vm_port(self):
|
||||||
|
self._test_is_fip_serviced(constants.DEVICE_OWNER_COMPUTE_PREFIX, True)
|
||||||
|
|
||||||
|
|
||||||
class TestIpToCidr(base.BaseTestCase):
|
class TestIpToCidr(base.BaseTestCase):
|
||||||
def test_ip_to_cidr_ipv4_default(self):
|
def test_ip_to_cidr_ipv4_default(self):
|
||||||
self.assertEqual('15.1.2.3/32', utils.ip_to_cidr('15.1.2.3'))
|
self.assertEqual('15.1.2.3/32', utils.ip_to_cidr('15.1.2.3'))
|
||||||
|
|
|
@ -3456,6 +3456,16 @@ class L3NatTestCaseBase(L3NatTestCaseMixin):
|
||||||
self._delete('routers', router['router']['id'],
|
self._delete('routers', router['router']['id'],
|
||||||
exc.HTTPForbidden.code)
|
exc.HTTPForbidden.code)
|
||||||
|
|
||||||
|
def test_associate_to_dhcp_port_fails(self):
|
||||||
|
with self.subnet(cidr="10.0.0.0/24", ip_version=4) as sub:
|
||||||
|
with self.port(subnet=sub,
|
||||||
|
device_owner=lib_constants.DEVICE_OWNER_DHCP) as p:
|
||||||
|
res = self._create_floatingip(
|
||||||
|
self.fmt,
|
||||||
|
sub['subnet']['network_id'],
|
||||||
|
port_id=p['port']['id'])
|
||||||
|
self.assertEqual(exc.HTTPBadRequest.code, res.status_int)
|
||||||
|
|
||||||
|
|
||||||
class L3AgentDbTestCaseBase(L3NatTestCaseMixin):
|
class L3AgentDbTestCaseBase(L3NatTestCaseMixin):
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue