x/group-based-policy
Code Issues Proposed changes

Validate explicit subnet for PTG

Browse Source 
Partial-Bug: 1382143
Change-Id: I2103bb579ba7ecded3b3700c2c8fda94bbe309f6
This commit is contained in:
Krishna Kothapalli 2014-12-15 15:59:29 -08:00
parent ba40c4ce62
commit 5a777a656b
3 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gbp/neutron/services/grouppolicy/common/exceptions.py
View File

@ -81,6 +81,12 @@ class InvalidPortForPTG(GroupPolicyBadRequest):
"%(policy_target_group_id)s.")
class InvalidSubnetForPTG(GroupPolicyBadRequest):
message = _("Subnet %(subnet_id)s does not belong to network "
"%(network_id)s associated with L2P %(l2p_id)s for PTG "
"%(ptg_id)s.")
class OverlappingIPPoolsInSameTenantNotAllowed(GroupPolicyBadRequest):
message = _("IP Pool %(ip_pool)s overlaps with one of the existing L3P "
"for the same tenant %(overlapping_pools)s.")

22
gbp/neutron/services/grouppolicy/drivers/resource_mapping.py
View File

@ -227,11 +227,10 @@ class ResourceMappingDriver(api.PolicyDriver):
@log.log
def create_policy_target_group_precommit(self, context):
self._reject_cross_tenant_ptg_l2p(context)
self._validate_ptg_subnets(context)
@log.log
def create_policy_target_group_postcommit(self, context):
# TODO(rkukura): Validate explicit subnet belongs to L2P's
# network.
subnets = context.current['subnets']
if subnets:
l2p_id = context.current['l2_policy_id']
@ -303,6 +302,9 @@ class ResourceMappingDriver(api.PolicyDriver):
def update_policy_target_group_precommit(self, context):
if set(context.original['subnets']) - set(context.current['subnets']):
raise exc.PolicyTargetGroupSubnetRemovalNotSupported()
new_subnets = list(set(context.current['subnets']) -
set(context.original['subnets']))
self._validate_ptg_subnets(context, new_subnets)
self._reject_cross_tenant_ptg_l2p(context)
@log.log
@ -1938,3 +1940,19 @@ class ResourceMappingDriver(api.PolicyDriver):
self._update_router(context._plugin_context,
context.current['routers'][0],
{'routes': [x for x in routes if x['nexthop']]})
def _validate_ptg_subnets(self, context, subnets=None):
if subnets or context.current['subnets']:
l2p_id = context.current['l2_policy_id']
l2p = context._plugin.get_l2_policy(context._plugin_context,
l2p_id)
# Validate explicit subnet belongs to L2P's network
network_id = l2p['network_id']
network = self._core_plugin.get_network(context._plugin_context,
network_id)
for subnet_id in subnets or context.current['subnets']:
if subnet_id not in network['subnets']:
raise exc.InvalidSubnetForPTG(subnet_id=subnet_id,
network_id=network_id,
l2p_id=l2p['id'],
ptg_id=context.current['id'])

24
gbp/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py
View File

@ -374,6 +374,30 @@ class TestPolicyTargetGroup(ResourceMappingTestCase):
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPOk.code)
def test_add_subnet_negative(self):
# Create L2P
l2p = self.create_l2_policy()['l2_policy']
with self.network() as net:
with self.subnet(network=net) as sub:
# Asserted just for clarity
self.assertNotEqual(net['network']['id'], l2p['network_id'])
res = self.create_policy_target_group(
l2_policy_id=l2p['id'], subnets=[sub['subnet']['id']],
expected_res_status=400)
self.assertEqual('InvalidSubnetForPTG',
res['NeutronError']['type'])
# Create valid PTG
ptg = self.create_policy_target_group(
l2_policy_id=l2p['id'],
expected_res_status=201)['policy_target_group']
res = self._update_gbp_resource_full_response(
ptg['id'], 'policy_target_group', 'policy_target_groups',
expected_res_status=400,
subnets=ptg['subnets'] + [sub['subnet']['id']])
self.assertEqual('InvalidSubnetForPTG',
res['NeutronError']['type'])
def test_remove_subnet_rejected(self):
# Create L3 policy.
l3p = self.create_l3_policy(name="l3p1", ip_pool='10.0.0.0/8')