From 0aadfa6f72e7836cdd3360fa43f4c2ef61658bd2 Mon Sep 17 00:00:00 2001 From: Gary Kotton Date: Sun, 6 Jan 2013 06:49:57 +0000 Subject: [PATCH] Enable the user to enforce validity of the gateway IP Fixes bug 1096532 A new configuration variable is added to enable the user to indicate if the gateway should be validated on the subnet. For backward compatibility this is set as False by default. Change-Id: Ieadd60a945d34703bfee7576aa3b2ff7da3143d4 --- etc/quantum.conf | 3 +++ quantum/common/config.py | 3 ++- quantum/db/db_base_plugin_v2.py | 5 +++++ quantum/tests/unit/test_db_plugin.py | 9 +++++++++ 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/etc/quantum.conf b/etc/quantum.conf index a57e507941..2032341caa 100644 --- a/etc/quantum.conf +++ b/etc/quantum.conf @@ -70,6 +70,9 @@ api_paste_config = api-paste.ini # Attention: the following parameter MUST be set to False if Quantum is # being used in conjunction with nova security groups and/or metadata service. # allow_overlapping_ips = False +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + # RPC configuration options. Defined in rpc __init__ # The messaging module to use, defaults to kombu. diff --git a/quantum/common/config.py b/quantum/common/config.py index 25e8e058a3..fb273b465b 100644 --- a/quantum/common/config.py +++ b/quantum/common/config.py @@ -54,7 +54,8 @@ core_opts = [ default='quantum', help='AMQP exchange to connect to if using RabbitMQ or Qpid'), cfg.StrOpt('host', default=utils.get_hostname()), - + cfg.BoolOpt('force_gateway_on_subnet', default=False, + help=_("Ensure that configured gateway is on subnet")), ] # Register the configuration options diff --git a/quantum/db/db_base_plugin_v2.py b/quantum/db/db_base_plugin_v2.py index 66b72e6e5d..a332f842f3 100644 --- a/quantum/db/db_base_plugin_v2.py +++ b/quantum/db/db_base_plugin_v2.py @@ -1014,6 +1014,11 @@ class QuantumDbPluginV2(quantum_plugin_base_v2.QuantumPluginBaseV2): s['gateway_ip'] and s['gateway_ip'] != attributes.ATTR_NOT_SPECIFIED): self._validate_ip_version(ip_ver, s['gateway_ip'], 'gateway_ip') + if (cfg.CONF.force_gateway_on_subnet and + not QuantumDbPluginV2._check_subnet_ip(s['cidr'], + s['gateway_ip'])): + error_message = _("Gateway is not valid on subnet") + raise q_exc.InvalidInput(error_message=error_message) if ('dns_nameservers' in s and s['dns_nameservers'] != attributes.ATTR_NOT_SPECIFIED): diff --git a/quantum/tests/unit/test_db_plugin.py b/quantum/tests/unit/test_db_plugin.py index c6ec469471..57eca29548 100644 --- a/quantum/tests/unit/test_db_plugin.py +++ b/quantum/tests/unit/test_db_plugin.py @@ -2227,6 +2227,15 @@ class TestSubnetsV2(QuantumDbPluginV2TestCase): subnet = self._test_create_subnet(expected=expected, gateway_ip=gateway) + def test_create_force_subnet_gw_values(self): + cfg.CONF.set_override('force_gateway_on_subnet', True) + with self.network() as network: + self._create_subnet('json', + network['network']['id'], + '10.0.0.0/24', + 400, + gateway_ip='100.0.0.1') + def test_create_subnet_with_allocation_pool(self): gateway_ip = '10.0.0.1' cidr = '10.0.0.0/24'