Prevent deletion of NAT pool having floating IP

If the subnet corresponding to a NAT pool is being used
by ports/floating-IPs, then the subnet deletion will
eventually fail leaving behind stale objects. This change
prevents the deletion.

Closes-Bug: 1542076

Change-Id: I8dc4876c01c24078bb7d88318b4086855b04a50b
Signed-off-by: Amit Bose <bose@noironetworks.com>

gbpservice/neutron/services/grouppolicy/common/exceptions.py

@@ -313,3 +313,8 @@ class PolicyTargetInUse(GroupPolicyBadRequest):
 
 class InvalidClusterPtg(GroupPolicyBadRequest):
     message = _("Inter PTG clustering disallowed.")
+
+
+class NatPoolInUseByPort(exceptions.InUse, GroupPolicyException):
+    message = _("Ports or floating IP addresses are using the subnet "
+                "corresponding to Nat Pool.")

gbpservice/neutron/services/grouppolicy/drivers/resource_mapping.py

@@ -1175,6 +1175,8 @@ class ResourceMappingDriver(api.PolicyDriver, local_api.LocalAPI,
         nsps_using_nat_pool = self._get_nsps_using_nat_pool(context)
         if nsps_using_nat_pool:
             raise exc.NatPoolinUseByNSP()
+        self._check_nat_pool_subnet_in_use(context._plugin_context,
+                                           context.current)
 
     def delete_nat_pool_postcommit(self, context):
         if context.current['subnet_id']:
@@ -2570,4 +2572,14 @@ class ResourceMappingDriver(api.PolicyDriver, local_api.LocalAPI,
     def _get_l3p_allocated_subnets(self, context, l3p_id):
         ptgs = context._plugin._get_l3p_ptgs(
             context._plugin_context.elevated(), l3p_id)
-        return self._get_ptg_cidrs(context, None, ptg_dicts=ptgs)
+        return self._get_ptg_cidrs(context, None, ptg_dicts=ptgs)
+
+    def _check_nat_pool_subnet_in_use(self, plugin_context, nat_pool):
+        if not self._subnet_is_owned(plugin_context.session,
+                                     nat_pool['subnet_id']):
+            return
+        # check if there are any ports with an address in nat-pool subnet
+        ports = self._get_ports(plugin_context.elevated(),
+            filters={'fixed_ips': {'subnet_id': [nat_pool['subnet_id']]}})
+        if ports:
+            raise exc.NatPoolInUseByPort()

gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py

@@ -4297,6 +4297,27 @@ class TestNatPool(ResourceMappingTestCase):
         self.assertEqual('ESSubnetRequiredForNatPool',
                          result['NeutronError']['type'])
 
+    def test_delete_with_fip_allocated(self):
+        with self.network(router__external=True) as net:
+            with self.subnet(cidr='192.168.0.0/31', enable_dhcp=False,
+                             network=net) as sub:
+                es = self.create_external_segment(
+                    name="default",
+                    subnet_id=sub['subnet']['id'])['external_segment']
+                nat_pool = self.create_nat_pool(
+                    external_segment_id=es['id'],
+                    ip_version=4, ip_pool='192.168.1.0/24')['nat_pool']
+                fip_data = {'floatingip': {
+                                'tenant_id': net['network']['tenant_id'],
+                                'floating_network_id': net['network']['id']}}
+                for i in range(2):
+                    self._l3_plugin.create_floatingip(
+                        nctx.get_admin_context(), fip_data)
+                res = self.delete_nat_pool(nat_pool['id'],
+                    expected_res_status=409)
+                self.assertEqual('NatPoolInUseByPort',
+                                 res['NeutronError']['type'])
+
 
 class TestFloatingIpMonkeyPatch(ResourceMappingTestCase,
                                 test_l3.L3NatTestCaseMixin):