x
/
group-based-policy
Code Issues Proposed changes

L3Policy create should have validity check for IP pool 

Change-Id: I8d3a68b427557da99d1f2d8b778e11f155f470f1
Closes-Bug: 1417210
This commit is contained in:
Krishna Kothapalli 2015-02-22 20:28:11 -08:00
parent 8922c5ffb9
commit 3f185c7f74
4 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
gbpservice/neutron/db/grouppolicy/group_policy_db.py
View File

@ -1029,6 +1029,21 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
value = None
return value
@staticmethod
def validate_ip_pool(ip_pool, ip_version):
attr._validate_subnet(ip_pool)
ip_net = netaddr.IPNetwork(ip_pool, version=ip_version)
if (ip_net.size <= 3):
err_msg = "Too few available IPs in the pool."
raise gpolicy.InvalidIpPoolSize(ip_pool=ip_pool, err_msg=err_msg,
size=ip_net.size)
if (ip_net.prefixlen == 0):
err_msg = "Prefix length of 0 is invalid."
raise gpolicy.InvalidIpPoolPrefixLength(ip_pool=ip_pool,
err_msg=err_msg,
prefixlen=ip_net.prefixlen)
@staticmethod
def validate_subnet_prefix_length(ip_version, new_prefix_length,
ip_pool=None):
@ -1221,6 +1236,7 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
def create_l3_policy(self, context, l3_policy):
l3p = l3_policy['l3_policy']
tenant_id = self._get_tenant_id_for_create(context, l3p)
self.validate_ip_pool(l3p.get('ip_pool', None), l3p['ip_version'])
self.validate_subnet_prefix_length(
l3p['ip_version'], l3p['subnet_prefix_length'],
l3p.get('ip_pool', None))

1
gbpservice/neutron/db/grouppolicy/group_policy_mapping_db.py
View File

@ -244,6 +244,7 @@ class GroupPolicyMappingDbPlugin(gpdb.GroupPolicyDbPlugin):
@log.log
def create_l3_policy(self, context, l3_policy):
l3p = l3_policy['l3_policy']
self.validate_ip_pool(l3p.get('ip_pool', None), l3p['ip_version'])
tenant_id = self._get_tenant_id_for_create(context, l3p)
self.validate_subnet_prefix_length(l3p['ip_version'],
l3p['subnet_prefix_length'],

10
gbpservice/neutron/extensions/group_policy.py
View File

@ -89,6 +89,16 @@ class SubnetPrefixLengthExceedsIpPool(nexc.InvalidInput):
"than subnet mask %(subnet_size)s")
class InvalidIpPoolSize(nexc.InvalidInput):
message = _("IP pool %(ip_pool)s is invalid:%(err_msg)s"
"Pool size=%(size)s")
class InvalidIpPoolPrefixLength(nexc.InvalidInput):
message = _("IP pool %(ip_pool)s is invalid:%(err_msg)s"
"Prefix Length=%(prefixlen)s")
class PolicyClassifierNotFound(nexc.NotFound):
message = _("PolicyClassifier %(policy_classifier_id)s could not be found")

18
gbpservice/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py
View File

@ -426,6 +426,22 @@ class TestGroupResources(GroupPolicyDbTestCase):
self.assertRaises(gpolicy.InvalidDefaultSubnetPrefixLength,
self.plugin.create_l3_policy, ctx, data)
def test_create_l3_policy_with_invalid_ippool(self):
ctx = context.get_admin_context()
data = {'l3_policy': {'name': 'l3p1', 'ip_version': 4,
'description': '', 'ip_pool': '0.0.0.0/0',
'subnet_prefix_length': 26}}
self.assertRaises(gpolicy.InvalidIpPoolPrefixLength,
self.plugin.create_l3_policy, ctx, data)
data = {'l3_policy': {'name': 'l3p1', 'ip_version': 4,
'description': '', 'ip_pool': '1.2.3.0/31',
'subnet_prefix_length': 30}}
self.assertRaises(gpolicy.InvalidIpPoolSize,
self.plugin.create_l3_policy, ctx, data)
def test_create_l3_policy_with_ip_pool_more_than_subnet_mask(self):
ctx = context.get_admin_context()
data = {'l3_policy': {'name': 'l3p1', 'ip_version': 4,
@ -478,7 +494,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
self.plugin.update_l3_policy, ctx,
l3p['l3_policy']['id'], data)
l3p = self.create_l3_policy(ip_version='6')
l3p = self.create_l3_policy(ip_version='4')
for prefix_length in [0, 1, 128]:
data = {'l3_policy': {'subnet_prefix_length': prefix_length}}