IP subnet validation fixes

Fixes bug #1067959

Assure prefix length is included in CIDR definition.

Change-Id: I32bb3dd1e5bffb409b3adee03015e21cce71caea

quantum/api/v2/attributes.py

@@ -92,11 +92,14 @@ def _validate_ip_address_or_none(data, valid_values=None):
 def _validate_subnet(data, valid_values=None):
     try:
         netaddr.IPNetwork(data)
-        return
+        if len(data.split('/')) == 2:
+            return
     except Exception:
-        msg = _("%s is not a valid IP subnet") % data
+        pass
-        LOG.debug("validate_subnet: %s", msg)
+
-        return msg
+    msg = _("%s is not a valid IP subnet") % data
+    LOG.debug("validate_subnet: %s", msg)
+    return msg
 
 
 def _validate_regex(data, valid_values=None):

quantum/tests/unit/test_attributes.py

@@ -85,6 +85,46 @@ class TestAttributes(unittest2.TestCase):
         error = '%s is not valid' % base_mac
         self.assertEquals(msg, error)
 
+    def test_cidr(self):
+        # Valid - IPv4
+        cidr = "10.0.2.0/24"
+        msg = attributes._validate_subnet(cidr,
+                                          None)
+        self.assertEquals(msg, None)
+
+        # Valid - IPv6 without final octets
+        cidr = "fe80::/24"
+        msg = attributes._validate_subnet(cidr,
+                                          None)
+        self.assertEquals(msg, None)
+
+        # Valid - IPv6 with final octets
+        cidr = "fe80::0/24"
+        msg = attributes._validate_subnet(cidr,
+                                          None)
+        self.assertEquals(msg, None)
+
+        # Invalid - IPv4 missing mask
+        cidr = "10.0.2.0"
+        msg = attributes._validate_subnet(cidr,
+                                          None)
+        error = "%s is not a valid IP subnet" % cidr
+        self.assertEquals(msg, error)
+
+        # Invalid - IPv6 without final octets, missing mask
+        cidr = "fe80::"
+        msg = attributes._validate_subnet(cidr,
+                                          None)
+        error = "%s is not a valid IP subnet" % cidr
+        self.assertEquals(msg, error)
+
+        # Invalid - IPv6 with final octets, missing mask
+        cidr = "fe80::0"
+        msg = attributes._validate_subnet(cidr,
+                                          None)
+        error = "%s is not a valid IP subnet" % cidr
+        self.assertEquals(msg, error)
+
 
 class TestConvertKvp(unittest2.TestCase):
 

quantum/tests/unit/test_db_plugin.py

@@ -1771,6 +1771,28 @@ class TestSubnetsV2(QuantumDbPluginV2TestCase):
                         pass
                 self.assertEquals(ctx_manager.exception.code, 400)
 
+    def test_create_subnet_bad_V4_cidr(self):
+        with self.network() as network:
+            data = {'subnet': {'network_id': network['network']['id'],
+                    'cidr': '10.0.2.0',
+                    'ip_version': '4',
+                    'tenant_id': network['network']['tenant_id'],
+                    'gateway_ip': '10.0.2.1'}}
+            subnet_req = self.new_create_request('subnets', data)
+            res = subnet_req.get_response(self.api)
+            self.assertEquals(res.status_int, 400)
+
+    def test_create_subnet_bad_V6_cidr(self):
+        with self.network() as network:
+            data = {'subnet': {'network_id': network['network']['id'],
+                    'cidr': 'fe80::',
+                    'ip_version': '6',
+                    'tenant_id': network['network']['tenant_id'],
+                    'gateway_ip': 'fe80::1'}}
+            subnet_req = self.new_create_request('subnets', data)
+            res = subnet_req.get_response(self.api)
+            self.assertEquals(res.status_int, 400)
+
     def test_create_2_subnets_overlapping_cidr_allowed_returns_200(self):
         cidr_1 = '10.0.0.0/23'
         cidr_2 = '10.0.0.0/24'