L3Policy create should have validity check for IP pool
Change-Id: I8d3a68b427557da99d1f2d8b778e11f155f470f1 Closes-Bug: 1417210
This commit is contained in:
parent
8922c5ffb9
commit
3f185c7f74
|
@ -1029,6 +1029,21 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
|
|||
value = None
|
||||
return value
|
||||
|
||||
@staticmethod
|
||||
def validate_ip_pool(ip_pool, ip_version):
|
||||
attr._validate_subnet(ip_pool)
|
||||
ip_net = netaddr.IPNetwork(ip_pool, version=ip_version)
|
||||
if (ip_net.size <= 3):
|
||||
err_msg = "Too few available IPs in the pool."
|
||||
raise gpolicy.InvalidIpPoolSize(ip_pool=ip_pool, err_msg=err_msg,
|
||||
size=ip_net.size)
|
||||
|
||||
if (ip_net.prefixlen == 0):
|
||||
err_msg = "Prefix length of 0 is invalid."
|
||||
raise gpolicy.InvalidIpPoolPrefixLength(ip_pool=ip_pool,
|
||||
err_msg=err_msg,
|
||||
prefixlen=ip_net.prefixlen)
|
||||
|
||||
@staticmethod
|
||||
def validate_subnet_prefix_length(ip_version, new_prefix_length,
|
||||
ip_pool=None):
|
||||
|
@ -1221,6 +1236,7 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
|
|||
def create_l3_policy(self, context, l3_policy):
|
||||
l3p = l3_policy['l3_policy']
|
||||
tenant_id = self._get_tenant_id_for_create(context, l3p)
|
||||
self.validate_ip_pool(l3p.get('ip_pool', None), l3p['ip_version'])
|
||||
self.validate_subnet_prefix_length(
|
||||
l3p['ip_version'], l3p['subnet_prefix_length'],
|
||||
l3p.get('ip_pool', None))
|
||||
|
|
|
@ -244,6 +244,7 @@ class GroupPolicyMappingDbPlugin(gpdb.GroupPolicyDbPlugin):
|
|||
@log.log
|
||||
def create_l3_policy(self, context, l3_policy):
|
||||
l3p = l3_policy['l3_policy']
|
||||
self.validate_ip_pool(l3p.get('ip_pool', None), l3p['ip_version'])
|
||||
tenant_id = self._get_tenant_id_for_create(context, l3p)
|
||||
self.validate_subnet_prefix_length(l3p['ip_version'],
|
||||
l3p['subnet_prefix_length'],
|
||||
|
|
|
@ -89,6 +89,16 @@ class SubnetPrefixLengthExceedsIpPool(nexc.InvalidInput):
|
|||
"than subnet mask %(subnet_size)s")
|
||||
|
||||
|
||||
class InvalidIpPoolSize(nexc.InvalidInput):
|
||||
message = _("IP pool %(ip_pool)s is invalid:%(err_msg)s"
|
||||
"Pool size=%(size)s")
|
||||
|
||||
|
||||
class InvalidIpPoolPrefixLength(nexc.InvalidInput):
|
||||
message = _("IP pool %(ip_pool)s is invalid:%(err_msg)s"
|
||||
"Prefix Length=%(prefixlen)s")
|
||||
|
||||
|
||||
class PolicyClassifierNotFound(nexc.NotFound):
|
||||
message = _("PolicyClassifier %(policy_classifier_id)s could not be found")
|
||||
|
||||
|
|
|
@ -426,6 +426,22 @@ class TestGroupResources(GroupPolicyDbTestCase):
|
|||
self.assertRaises(gpolicy.InvalidDefaultSubnetPrefixLength,
|
||||
self.plugin.create_l3_policy, ctx, data)
|
||||
|
||||
def test_create_l3_policy_with_invalid_ippool(self):
|
||||
ctx = context.get_admin_context()
|
||||
data = {'l3_policy': {'name': 'l3p1', 'ip_version': 4,
|
||||
'description': '', 'ip_pool': '0.0.0.0/0',
|
||||
'subnet_prefix_length': 26}}
|
||||
|
||||
self.assertRaises(gpolicy.InvalidIpPoolPrefixLength,
|
||||
self.plugin.create_l3_policy, ctx, data)
|
||||
|
||||
data = {'l3_policy': {'name': 'l3p1', 'ip_version': 4,
|
||||
'description': '', 'ip_pool': '1.2.3.0/31',
|
||||
'subnet_prefix_length': 30}}
|
||||
|
||||
self.assertRaises(gpolicy.InvalidIpPoolSize,
|
||||
self.plugin.create_l3_policy, ctx, data)
|
||||
|
||||
def test_create_l3_policy_with_ip_pool_more_than_subnet_mask(self):
|
||||
ctx = context.get_admin_context()
|
||||
data = {'l3_policy': {'name': 'l3p1', 'ip_version': 4,
|
||||
|
@ -478,7 +494,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
|
|||
self.plugin.update_l3_policy, ctx,
|
||||
l3p['l3_policy']['id'], data)
|
||||
|
||||
l3p = self.create_l3_policy(ip_version='6')
|
||||
l3p = self.create_l3_policy(ip_version='4')
|
||||
|
||||
for prefix_length in [0, 1, 128]:
|
||||
data = {'l3_policy': {'subnet_prefix_length': prefix_length}}
|
||||
|
|
Loading…
Reference in New Issue