NSX|V3: Restrict update of LB port with fixed IP

Setting a fixed IP on the LB port should be avoided, restricting and sending a message to the user. Change-Id: I90567591e269b356af03d1abe854c08829e8d954 Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2018-09-13 14:31:12 +03:00 · 2018-09-13 14:31:12 +03:00 · 5724c77254
parent e2c939c2c0
commit 5724c77254
2 changed files with 26 additions and 3 deletions
--- a/vmware_nsx/plugins/common/plugin.py
+++ b/vmware_nsx/plugins/common/plugin.py
@ -478,6 +478,12 @@ class NsxPluginBase(db_base_plugin_v2.NeutronDbPluginV2,
            msg = _('Can not update/delete VPNaaS port %s') % port_data['id']
            raise n_exc.InvalidInput(error_message=msg)

+    def _assert_on_lb_port_fixed_ip_change(self, port_data, orig_dev_own):
+        if orig_dev_own == constants.DEVICE_OWNER_LOADBALANCERV2:
+            if "fixed_ips" in port_data and port_data["fixed_ips"]:
+                msg = _('Can not update Loadbalancer port with fixed IP')
+                raise n_exc.InvalidInput(error_message=msg)
+
    def _assert_on_device_owner_change(self, port_data, orig_dev_own):
        """Prevent illegal device owner modifications
        """
@ -551,14 +557,14 @@ class NsxPluginBase(db_base_plugin_v2.NeutronDbPluginV2,
            self._assert_on_external_net_with_compute(port_data)

        # Device owner validations:
-        self._assert_on_device_owner_change(
-            port_data, original_port.get('device_owner'))
+        orig_dev_owner = original_port.get('device_owner')
+        self._assert_on_device_owner_change(port_data, orig_dev_owner)
        self._assert_on_port_admin_state(port_data, device_owner)
        self._assert_on_port_sec_change(port_data, device_owner)
        self._validate_max_ips_per_port(
            port_data.get('fixed_ips', []), device_owner)
-
        self._assert_on_vpn_port_change(original_port)
+        self._assert_on_lb_port_fixed_ip_change(port_data, orig_dev_owner)

    def _process_extra_attr_router_create(self, context, router_db, r):
        for extra_attr in l3_attrs_db.get_attr_info().keys():
--- a/vmware_nsx/tests/unit/nsx_v3/test_plugin.py
+++ b/vmware_nsx/tests/unit/nsx_v3/test_plugin.py
@ -997,6 +997,23 @@ class TestPortsV2(test_plugin.TestPortsV2, NsxV3PluginTestCaseMixin,
                n_exc.InvalidInput,
                self.plugin.update_port, self.ctx, port['id'], data)

+    def test_fail_update_lb_port_with_fixed_ip(self):
+        with self.network() as network:
+            data = {'port': {
+                        'network_id': network['network']['id'],
+                        'tenant_id': self._tenant_id,
+                        'name': 'pair_port',
+                        'admin_state_up': True,
+                        'device_id': 'fake_device',
+                        'device_owner': constants.DEVICE_OWNER_LOADBALANCERV2,
+                        'fixed_ips': []}
+                    }
+            port = self.plugin.create_port(self.ctx, data)
+            data['port']['fixed_ips'] = '10.0.0.1'
+            self.assertRaises(
+                n_exc.InvalidInput,
+                self.plugin.update_port, self.ctx, port['id'], data)
+
    def test_create_port_with_qos(self):
        with self.network() as network:
            policy_id = uuidutils.generate_uuid()