Enable the user to enforce validity of the gateway IP

Fixes bug 1096532 A new configuration variable is added to enable the user to indicate if the gateway should be validated on the subnet. For backward compatibility this is set as False by default. Change-Id: Ieadd60a945d34703bfee7576aa3b2ff7da3143d4
2013-01-06 06:49:57 +00:00 · 2013-01-06 06:49:57 +00:00 · c3706fa290
parent c2447acb06
commit c3706fa290
4 changed files with 19 additions and 1 deletions
--- a/etc/quantum.conf
+++ b/etc/quantum.conf
@ -70,6 +70,9 @@ api_paste_config = api-paste.ini
 # Attention: the following parameter MUST be set to False if Quantum is
 # being used in conjunction with nova security groups and/or metadata service.
 # allow_overlapping_ips = False
+# Ensure that configured gateway is on subnet
+# force_gateway_on_subnet = False
+

 # RPC configuration options. Defined in rpc __init__
 # The messaging module to use, defaults to kombu.
--- a/quantum/common/config.py
+++ b/quantum/common/config.py
@ -54,7 +54,8 @@ core_opts = [
               default='quantum',
               help='AMQP exchange to connect to if using RabbitMQ or Qpid'),
    cfg.StrOpt('host', default=utils.get_hostname()),
-
+    cfg.BoolOpt('force_gateway_on_subnet', default=False,
+                help=_("Ensure that configured gateway is on subnet")),
 ]

 # Register the configuration options
--- a/quantum/db/db_base_plugin_v2.py
+++ b/quantum/db/db_base_plugin_v2.py
@ -1014,6 +1014,11 @@ class QuantumDbPluginV2(quantum_plugin_base_v2.QuantumPluginBaseV2):
            s['gateway_ip'] and
            s['gateway_ip'] != attributes.ATTR_NOT_SPECIFIED):
            self._validate_ip_version(ip_ver, s['gateway_ip'], 'gateway_ip')
+            if (cfg.CONF.force_gateway_on_subnet and
+                not QuantumDbPluginV2._check_subnet_ip(s['cidr'],
+                                                       s['gateway_ip'])):
+                error_message = _("Gateway is not valid on subnet")
+                raise q_exc.InvalidInput(error_message=error_message)

        if ('dns_nameservers' in s and
            s['dns_nameservers'] != attributes.ATTR_NOT_SPECIFIED):
--- a/quantum/tests/unit/test_db_plugin.py
+++ b/quantum/tests/unit/test_db_plugin.py
@ -2227,6 +2227,15 @@ class TestSubnetsV2(QuantumDbPluginV2TestCase):
        subnet = self._test_create_subnet(expected=expected,
                                          gateway_ip=gateway)

+    def test_create_force_subnet_gw_values(self):
+        cfg.CONF.set_override('force_gateway_on_subnet', True)
+        with self.network() as network:
+            self._create_subnet('json',
+                                network['network']['id'],
+                                '10.0.0.0/24',
+                                400,
+                                gateway_ip='100.0.0.1')
+
    def test_create_subnet_with_allocation_pool(self):
        gateway_ip = '10.0.0.1'
        cidr = '10.0.0.0/24'