Merge "Deny changes ip_ranges without meta.notation"

2016-09-23 08:29:25 +00:00 · 2016-09-23 08:29:25 +00:00 · 0579f36876
parent 1d2e012713 55dd7c77d8
commit 0579f36876
3 changed files with 51 additions and 7 deletions
--- a/nailgun/nailgun/extensions/network_manager/tests/test_network_configuration.py
+++ b/nailgun/nailgun/extensions/network_manager/tests/test_network_configuration.py
@ -459,6 +459,7 @@ class TestNeutronNetworkConfigurationHandler(BaseIntegrationTest):
            net_template = '99.61.{0}'.format(idx)
            ng_data['cidr'] = net_template + '.0/24'
            ng_data['gateway'] = net_template + '.1'
+            ng_data['meta']['use_gateway'] = True
            ng_data['meta']['notation'] = consts.NETWORK_NOTATION.ip_ranges
            ng_data['ip_ranges'] = [
                [net_template + '.11', net_template + '.33'],
@ -484,6 +485,7 @@ class TestNeutronNetworkConfigurationHandler(BaseIntegrationTest):
            net for net in netconfig['networks']
            if net['name'] == consts.NETWORKS.storage))
        storage['ip_ranges'] = [["172.16.0.19", "172.16.0.19"]]
+        storage['meta']['notation'] = consts.NETWORK_NOTATION.ip_ranges
        self.env.neutron_networks_put(self.cluster.id, netconfig)

    def test_admin_public_untagged_others_tagged(self):
--- a/nailgun/nailgun/extensions/network_manager/tests/test_network_configuration_validator.py
+++ b/nailgun/nailgun/extensions/network_manager/tests/test_network_configuration_validator.py
@ -409,6 +409,26 @@ class TestNetworkConfigurationValidator(base.BaseIntegrationTest):
        result = validator._check_ips_out_of_ip_ranges(mgmt_db, nm, ranges)
        self.assertTrue(result)

+    def test_validate_network_with_new_ip_ranges_and_cidr_notation(self):
+        mgmt = self.find_net_by_name(consts.NETWORKS.management)
+        mgmt['meta']['notation'] = consts.NETWORK_NOTATION.cidr
+        mgmt['ip_ranges'] = [['10.101.0.1', '10.101.0.255']]
+        self.db.flush()
+        self.assertRaisesInvalidData(
+            "ip_ranges for network '{0}' (Network IDs: '{1}') cannot be "
+            "changed with 'cidr' notation, change notation to"
+            " 'ip_ranges'".format(mgmt['name'], mgmt['id']))
+
+    def test_validate_network_with_new_gateway(self):
+        mgmt = self.find_net_by_name(consts.NETWORKS.management)
+        mgmt['meta']['use_gateway'] = False
+        mgmt['gateway'] = '10.101.0.0'
+        self.db.flush()
+        self.assertRaisesInvalidData(
+            "Gateway for network '{0}' (Network IDs: '{1}') cannot be "
+            "changed while 'use_gateway' is False".format(
+                mgmt['name'], mgmt['id']))
+

 class TestNovaNetworkConfigurationValidatorProtocol(
    BaseNetworkConfigurationValidatorProtocolTest
--- a/nailgun/nailgun/extensions/network_manager/validators/network.py
+++ b/nailgun/nailgun/extensions/network_manager/validators/network.py
@ -70,25 +70,47 @@ class NetworkConfigurationValidator(BasicValidator):
        :return:             ng_data
        :raises:             errors.InvalidData
        """
-        cidr = ng_data.get('cidr', ng_db.cidr)
-        ip_ranges = ng_data.get(
-            'ip_ranges',
-            [(r.first, r.last) for r in ng_db.ip_ranges])
-
+        ip_ranges_from_db = [[r.first, r.last] for r in ng_db.ip_ranges]
+        ip_ranges = ng_data.get('ip_ranges', ip_ranges_from_db)
        release = ng_data.get('release', ng_db.get('release'))
        if release != ng_db.get('release'):
            raise errors.InvalidData('Network release could not be changed.')

        # values are always taken either from request or from DB
        meta = ng_data.get('meta', {})
-        notation = meta.get('notation', ng_db.meta.get('notation'))
        use_gateway = meta.get('use_gateway',
                               ng_db.meta.get('use_gateway', False))
-        gateway = ng_data.get('gateway', ng_db.get('gateway'))
+        gateway = ng_data.get('gateway')
+        gateway_from_db = ng_db.get('gateway')

+        if not gateway and use_gateway:
+            # Take value from db if use_gateway is True
+            gateway = gateway_from_db
        if use_gateway and not gateway:
            raise errors.InvalidData(
                "Flag 'use_gateway' cannot be provided without gateway")
+        if not use_gateway and gateway != gateway_from_db:
+            # raise exception if use_gateway is False and gateway was changed.
+            raise errors.InvalidData(
+                "Gateway for network '{0}' (Network IDs: '{1}') cannot be "
+                "changed while 'use_gateway' is False".format(
+                    ng_data['name'], ng_data['id']))
+
+        new_ip_ranges = sorted(ip_ranges) != sorted(ip_ranges_from_db)
+        notation_from_db = ng_db.meta.get('notation')
+        notation = meta.get('notation', notation_from_db)
+        cidr = ng_data.get('cidr', ng_db.cidr)
+        new_cidr = cidr != ng_db.cidr
+        # Deny ip ranges change without setting ip_ranges notation. Allow
+        # changing ip_ranges with cidr notation, when notation changed from
+        # ip ranges to cidr as well or if cidr changed
+        if (new_ip_ranges and notation == consts.NETWORK_NOTATION.cidr and
+                not new_cidr and
+                notation_from_db != consts.NETWORK_NOTATION.ip_ranges):
+            raise errors.InvalidData(
+                "ip_ranges for network '{0}' (Network IDs: '{1}') cannot be "
+                "changed with 'cidr' notation, change notation to "
+                "'ip_ranges'".format(ng_data['name'], ng_data['id']))

        # Depending on notation required parameters must be either in
        # the request or DB