Merge "Enable the user to enforce validity of the gateway IP" into stable/folsom

2013-01-17 12:14:38 +00:00 · 2013-01-17 12:14:38 +00:00 · 71f7fb7388
parent 23f86a8713 24244c1349
commit 71f7fb7388
4 changed files with 20 additions and 1 deletions
--- a/etc/quantum.conf
+++ b/etc/quantum.conf
@ -48,6 +48,9 @@ api_paste_config = api-paste.ini
 # Attention: the following parameter MUST be set to False if Quantum is
 # being used in conjunction with nova security groups and/or metadata service.
 # allow_overlapping_ips = False
+# Ensure that configured gateway is on subnet
+# force_gateway_on_subnet = False
+

 # RPC configuration options. Defined in rpc __init__
 # The messaging module to use, defaults to kombu.
--- a/quantum/common/config.py
+++ b/quantum/common/config.py
@ -53,7 +53,9 @@ core_opts = [
    cfg.BoolOpt('allow_overlapping_ips', default=False),
    cfg.StrOpt('control_exchange',
               default='quantum',
-               help='AMQP exchange to connect to if using RabbitMQ or Qpid')
+               help='AMQP exchange to connect to if using RabbitMQ or Qpid'),
+    cfg.BoolOpt('force_gateway_on_subnet', default=False,
+                help=_("Ensure that configured gateway is on subnet")),
 ]

 # Register the configuration options
--- a/quantum/db/db_base_plugin_v2.py
+++ b/quantum/db/db_base_plugin_v2.py
@ -992,6 +992,11 @@ class QuantumDbPluginV2(quantum_plugin_base_v2.QuantumPluginBaseV2):
            s['gateway_ip'] and
            s['gateway_ip'] != attributes.ATTR_NOT_SPECIFIED):
            self._validate_ip_version(ip_ver, s['gateway_ip'], 'gateway_ip')
+            if (cfg.CONF.force_gateway_on_subnet and
+                not QuantumDbPluginV2._check_subnet_ip(s['cidr'],
+                                                       s['gateway_ip'])):
+                error_message = _("Gateway is not valid on subnet")
+                raise q_exc.InvalidInput(error_message=error_message)

        if ('dns_nameservers' in s and
            s['dns_nameservers'] != attributes.ATTR_NOT_SPECIFIED):
--- a/quantum/tests/unit/test_db_plugin.py
+++ b/quantum/tests/unit/test_db_plugin.py
@ -2198,6 +2198,15 @@ class TestSubnetsV2(QuantumDbPluginV2TestCase):
        subnet = self._test_create_subnet(expected=expected,
                                          gateway_ip=gateway)

+    def test_create_force_subnet_gw_values(self):
+        cfg.CONF.set_override('force_gateway_on_subnet', True)
+        with self.network() as network:
+            self._create_subnet('json',
+                                network['network']['id'],
+                                '10.0.0.0/24',
+                                400,
+                                gateway_ip='100.0.0.1')
+
    def test_create_subnet_with_allocation_pool(self):
        gateway_ip = '10.0.0.1'
        cidr = '10.0.0.0/24'