Loopback address routing should be invalid

Host route validators should reject loopback CIDRs. Change-Id: Ifa545242224bdc80a934b529e44b25b4492d4e0b CLoses-bug: 1834012
2019-06-24 14:52:29 +03:00 · 2019-06-24 14:52:29 +03:00 · 8417717411
parent d2cabd9ed8
commit 8417717411
3 changed files with 15 additions and 0 deletions
--- a/neutron_lib/api/validators/init.py
+++ b/neutron_lib/api/validators/init.py
@ -680,6 +680,8 @@ def validate_route_cidr(data, valid_values=None):
            msg = _("'%(data)s' is not a recognized CIDR,"
                    " '%(cidr)s' is recommended") % {"data": data,
                                                     "cidr": net.cidr}
+        elif net.is_loopback():
+            msg = _("'%(data)s' is not a routable CIDR") % {"data": data}
        else:
            return
    except Exception:
--- a/neutron_lib/tests/unit/api/validators/test_validators.py
+++ b/neutron_lib/tests/unit/api/validators/test_validators.py
@ -742,6 +742,12 @@ class TestAttributeValidation(base.BaseTestCase):
                                                   "cidr": "192.0.0.0/8"}
        self.assertEqual(error, msg)

+        # Invalid - loopback CIDR
+        cidr = "127.0.0.0/8"
+        msg = validators.validate_route_cidr(cidr, None)
+        error = _("'%(data)s' is not a routable CIDR") % {"data": cidr}
+        self.assertEqual(error, msg)
+
        # Invalid - CIDR format error
        cidr = 'invalid'
        msg = validators.validate_route_cidr(cidr, None)
--- a/releasenotes/notes/validator_check_route_loopback-bc2166b10a754c77.yaml
+++ b/releasenotes/notes/validator_check_route_loopback-bc2166b10a754c77.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Static route validator should verify that routed CIDR isn't a loopback.
+    Loopback addresses should not be routable.
+    Bug: `1834012 <https://bugs.launchpad.net/neutron/+bug/1834012>`_
+