Disable PUT for IPv6 subnet attributes
In Juno we are not ready for allowing the IPv6 attributes on a subnet to be updated after the subnet is created, because: - The implementation for supporting updates is incomplete. - Perceived lack of usefulness, no good use cases known yet. - Allowing updates causes more complexity in the code. - Have not tested that radvd, dhcp, etc. behave OK after update. Therefore, for now, we set 'allow_put' to False for the two IPv6 attributes, ipv6_ra_mode and ipv6_address_mode. This prevents the modes from being updated via the PUT:subnets API. Closes-bug: #1378952 Change-Id: Id6ce894d223c91421b62f82d266cfc15fa63ed0e
This commit is contained in:
parent
2bdb52d98f
commit
88609cd34e
@ -729,11 +729,11 @@ RESOURCE_ATTRIBUTE_MAP = {
|
|||||||
'default': True,
|
'default': True,
|
||||||
'convert_to': convert_to_boolean,
|
'convert_to': convert_to_boolean,
|
||||||
'is_visible': True},
|
'is_visible': True},
|
||||||
'ipv6_ra_mode': {'allow_post': True, 'allow_put': True,
|
'ipv6_ra_mode': {'allow_post': True, 'allow_put': False,
|
||||||
'default': ATTR_NOT_SPECIFIED,
|
'default': ATTR_NOT_SPECIFIED,
|
||||||
'validate': {'type:values': constants.IPV6_MODES},
|
'validate': {'type:values': constants.IPV6_MODES},
|
||||||
'is_visible': True},
|
'is_visible': True},
|
||||||
'ipv6_address_mode': {'allow_post': True, 'allow_put': True,
|
'ipv6_address_mode': {'allow_post': True, 'allow_put': False,
|
||||||
'default': ATTR_NOT_SPECIFIED,
|
'default': ATTR_NOT_SPECIFIED,
|
||||||
'validate': {'type:values':
|
'validate': {'type:values':
|
||||||
constants.IPV6_MODES},
|
constants.IPV6_MODES},
|
||||||
|
@ -740,19 +740,12 @@ class NeutronDbPluginV2(neutron_plugin_base_v2.NeutronPluginBaseV2,
|
|||||||
raise n_exc.InvalidSharedSetting(network=original.name)
|
raise n_exc.InvalidSharedSetting(network=original.name)
|
||||||
|
|
||||||
def _validate_ipv6_attributes(self, subnet, cur_subnet):
|
def _validate_ipv6_attributes(self, subnet, cur_subnet):
|
||||||
|
if cur_subnet:
|
||||||
|
self._validate_ipv6_update_dhcp(subnet, cur_subnet)
|
||||||
|
return
|
||||||
ra_mode_set = attributes.is_attr_set(subnet.get('ipv6_ra_mode'))
|
ra_mode_set = attributes.is_attr_set(subnet.get('ipv6_ra_mode'))
|
||||||
address_mode_set = attributes.is_attr_set(
|
address_mode_set = attributes.is_attr_set(
|
||||||
subnet.get('ipv6_address_mode'))
|
subnet.get('ipv6_address_mode'))
|
||||||
if cur_subnet:
|
|
||||||
ra_mode = (subnet['ipv6_ra_mode'] if ra_mode_set
|
|
||||||
else cur_subnet['ipv6_ra_mode'])
|
|
||||||
addr_mode = (subnet['ipv6_address_mode'] if address_mode_set
|
|
||||||
else cur_subnet['ipv6_address_mode'])
|
|
||||||
if ra_mode_set or address_mode_set:
|
|
||||||
# Check that updated subnet ipv6 attributes do not conflict
|
|
||||||
self._validate_ipv6_combination(ra_mode, addr_mode)
|
|
||||||
self._validate_ipv6_update_dhcp(subnet, cur_subnet)
|
|
||||||
else:
|
|
||||||
self._validate_ipv6_dhcp(ra_mode_set, address_mode_set,
|
self._validate_ipv6_dhcp(ra_mode_set, address_mode_set,
|
||||||
subnet['enable_dhcp'])
|
subnet['enable_dhcp'])
|
||||||
if ra_mode_set and address_mode_set:
|
if ra_mode_set and address_mode_set:
|
||||||
|
@ -15,6 +15,7 @@
|
|||||||
|
|
||||||
import contextlib
|
import contextlib
|
||||||
import copy
|
import copy
|
||||||
|
import itertools
|
||||||
|
|
||||||
import mock
|
import mock
|
||||||
from oslo.config import cfg
|
from oslo.config import cfg
|
||||||
@ -3038,15 +3039,48 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
|||||||
res = subnet_req.get_response(self.api)
|
res = subnet_req.get_response(self.api)
|
||||||
self.assertEqual(res.status_int, webob.exc.HTTPClientError.code)
|
self.assertEqual(res.status_int, webob.exc.HTTPClientError.code)
|
||||||
|
|
||||||
def test_create_subnet_ipv6_attributes(self):
|
def _test_validate_subnet_ipv6_modes(self, cur_subnet=None,
|
||||||
gateway_ip = 'fe80::1'
|
expect_success=True, **modes):
|
||||||
cidr = 'fe80::/64'
|
plugin = manager.NeutronManager.get_plugin()
|
||||||
|
ctx = context.get_admin_context(load_admin_roles=False)
|
||||||
|
new_subnet = {'ip_version': 6,
|
||||||
|
'cidr': 'fe80::/64',
|
||||||
|
'enable_dhcp': True}
|
||||||
|
for mode, value in modes.items():
|
||||||
|
new_subnet[mode] = value
|
||||||
|
if expect_success:
|
||||||
|
plugin._validate_subnet(ctx, new_subnet, cur_subnet)
|
||||||
|
else:
|
||||||
|
self.assertRaises(n_exc.InvalidInput, plugin._validate_subnet,
|
||||||
|
ctx, new_subnet, cur_subnet)
|
||||||
|
|
||||||
for mode in constants.IPV6_MODES:
|
def test_create_subnet_ipv6_ra_modes(self):
|
||||||
self._test_create_subnet(gateway_ip=gateway_ip,
|
# Test all RA modes with no address mode specified
|
||||||
cidr=cidr, ip_version=6,
|
for ra_mode in constants.IPV6_MODES:
|
||||||
ipv6_ra_mode=mode,
|
self._test_validate_subnet_ipv6_modes(
|
||||||
ipv6_address_mode=mode)
|
ipv6_ra_mode=ra_mode)
|
||||||
|
|
||||||
|
def test_create_subnet_ipv6_addr_modes(self):
|
||||||
|
# Test all address modes with no RA mode specified
|
||||||
|
for addr_mode in constants.IPV6_MODES:
|
||||||
|
self._test_validate_subnet_ipv6_modes(
|
||||||
|
ipv6_address_mode=addr_mode)
|
||||||
|
|
||||||
|
def test_create_subnet_ipv6_same_ra_and_addr_modes(self):
|
||||||
|
# Test all ipv6 modes with ra_mode==addr_mode
|
||||||
|
for ipv6_mode in constants.IPV6_MODES:
|
||||||
|
self._test_validate_subnet_ipv6_modes(
|
||||||
|
ipv6_ra_mode=ipv6_mode,
|
||||||
|
ipv6_address_mode=ipv6_mode)
|
||||||
|
|
||||||
|
def test_create_subnet_ipv6_different_ra_and_addr_modes(self):
|
||||||
|
# Test all ipv6 modes with ra_mode!=addr_mode
|
||||||
|
for ra_mode, addr_mode in itertools.permutations(
|
||||||
|
constants.IPV6_MODES, 2):
|
||||||
|
self._test_validate_subnet_ipv6_modes(
|
||||||
|
expect_success=not (ra_mode and addr_mode),
|
||||||
|
ipv6_ra_mode=ra_mode,
|
||||||
|
ipv6_address_mode=addr_mode)
|
||||||
|
|
||||||
def test_create_subnet_ipv6_out_of_cidr_global(self):
|
def test_create_subnet_ipv6_out_of_cidr_global(self):
|
||||||
gateway_ip = '2000::1'
|
gateway_ip = '2000::1'
|
||||||
@ -3108,31 +3142,6 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
|||||||
self.assertEqual(ctx_manager.exception.code,
|
self.assertEqual(ctx_manager.exception.code,
|
||||||
webob.exc.HTTPClientError.code)
|
webob.exc.HTTPClientError.code)
|
||||||
|
|
||||||
def test_create_subnet_invalid_ipv6_combination(self):
|
|
||||||
gateway_ip = 'fe80::1'
|
|
||||||
cidr = 'fe80::/80'
|
|
||||||
with testlib_api.ExpectedException(
|
|
||||||
webob.exc.HTTPClientError) as ctx_manager:
|
|
||||||
self._test_create_subnet(gateway_ip=gateway_ip,
|
|
||||||
cidr=cidr, ip_version=6,
|
|
||||||
ipv6_ra_mode='stateful',
|
|
||||||
ipv6_address_mode='stateless')
|
|
||||||
self.assertEqual(ctx_manager.exception.code,
|
|
||||||
webob.exc.HTTPClientError.code)
|
|
||||||
|
|
||||||
def test_create_subnet_ipv6_single_attribute_set(self):
|
|
||||||
gateway_ip = 'fe80::1'
|
|
||||||
cidr = 'fe80::/64'
|
|
||||||
for mode in constants.IPV6_MODES:
|
|
||||||
self._test_create_subnet(gateway_ip=gateway_ip,
|
|
||||||
cidr=cidr, ip_version=6,
|
|
||||||
ipv6_ra_mode=None,
|
|
||||||
ipv6_address_mode=mode)
|
|
||||||
self._test_create_subnet(gateway_ip=gateway_ip,
|
|
||||||
cidr=cidr, ip_version=6,
|
|
||||||
ipv6_ra_mode=mode,
|
|
||||||
ipv6_address_mode=None)
|
|
||||||
|
|
||||||
def test_create_subnet_ipv6_ra_mode_ip_version_4(self):
|
def test_create_subnet_ipv6_ra_mode_ip_version_4(self):
|
||||||
cidr = '10.0.2.0/24'
|
cidr = '10.0.2.0/24'
|
||||||
with testlib_api.ExpectedException(
|
with testlib_api.ExpectedException(
|
||||||
@ -3312,7 +3321,7 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
|||||||
self.assertEqual(res.status_int,
|
self.assertEqual(res.status_int,
|
||||||
webob.exc.HTTPConflict.code)
|
webob.exc.HTTPConflict.code)
|
||||||
|
|
||||||
def test_update_subnet_ipv6_attributes(self):
|
def test_update_subnet_ipv6_attributes_fails(self):
|
||||||
with self.subnet(ip_version=6, cidr='fe80::/64',
|
with self.subnet(ip_version=6, cidr='fe80::/64',
|
||||||
ipv6_ra_mode=constants.IPV6_SLAAC,
|
ipv6_ra_mode=constants.IPV6_SLAAC,
|
||||||
ipv6_address_mode=constants.IPV6_SLAAC) as subnet:
|
ipv6_address_mode=constants.IPV6_SLAAC) as subnet:
|
||||||
@ -3320,16 +3329,13 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
|||||||
'ipv6_address_mode': constants.DHCPV6_STATEFUL}}
|
'ipv6_address_mode': constants.DHCPV6_STATEFUL}}
|
||||||
req = self.new_update_request('subnets', data,
|
req = self.new_update_request('subnets', data,
|
||||||
subnet['subnet']['id'])
|
subnet['subnet']['id'])
|
||||||
res = self.deserialize(self.fmt, req.get_response(self.api))
|
res = req.get_response(self.api)
|
||||||
self.assertEqual(res['subnet']['ipv6_ra_mode'],
|
self.assertEqual(res.status_int,
|
||||||
data['subnet']['ipv6_ra_mode'])
|
webob.exc.HTTPClientError.code)
|
||||||
self.assertEqual(res['subnet']['ipv6_address_mode'],
|
|
||||||
data['subnet']['ipv6_address_mode'])
|
|
||||||
|
|
||||||
def test_update_subnet_ipv6_inconsistent_ra_attribute(self):
|
def test_update_subnet_ipv6_ra_mode_fails(self):
|
||||||
with self.subnet(ip_version=6, cidr='fe80::/64',
|
with self.subnet(ip_version=6, cidr='fe80::/64',
|
||||||
ipv6_ra_mode=constants.IPV6_SLAAC,
|
ipv6_ra_mode=constants.IPV6_SLAAC) as subnet:
|
||||||
ipv6_address_mode=constants.IPV6_SLAAC) as subnet:
|
|
||||||
data = {'subnet': {'ipv6_ra_mode': constants.DHCPV6_STATEFUL}}
|
data = {'subnet': {'ipv6_ra_mode': constants.DHCPV6_STATEFUL}}
|
||||||
req = self.new_update_request('subnets', data,
|
req = self.new_update_request('subnets', data,
|
||||||
subnet['subnet']['id'])
|
subnet['subnet']['id'])
|
||||||
@ -3337,9 +3343,8 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
|||||||
self.assertEqual(res.status_int,
|
self.assertEqual(res.status_int,
|
||||||
webob.exc.HTTPClientError.code)
|
webob.exc.HTTPClientError.code)
|
||||||
|
|
||||||
def test_update_subnet_ipv6_inconsistent_address_attribute(self):
|
def test_update_subnet_ipv6_ra_mode_fails(self):
|
||||||
with self.subnet(ip_version=6, cidr='fe80::/64',
|
with self.subnet(ip_version=6, cidr='fe80::/64',
|
||||||
ipv6_ra_mode=constants.IPV6_SLAAC,
|
|
||||||
ipv6_address_mode=constants.IPV6_SLAAC) as subnet:
|
ipv6_address_mode=constants.IPV6_SLAAC) as subnet:
|
||||||
data = {'subnet': {'ipv6_address_mode': constants.DHCPV6_STATEFUL}}
|
data = {'subnet': {'ipv6_address_mode': constants.DHCPV6_STATEFUL}}
|
||||||
req = self.new_update_request('subnets', data,
|
req = self.new_update_request('subnets', data,
|
||||||
@ -3348,7 +3353,7 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
|
|||||||
self.assertEqual(res.status_int,
|
self.assertEqual(res.status_int,
|
||||||
webob.exc.HTTPClientError.code)
|
webob.exc.HTTPClientError.code)
|
||||||
|
|
||||||
def test_update_subnet_ipv6_inconsistent_enable_dhcp(self):
|
def test_update_subnet_ipv6_cannot_disable_dhcp(self):
|
||||||
with self.subnet(ip_version=6, cidr='fe80::/64',
|
with self.subnet(ip_version=6, cidr='fe80::/64',
|
||||||
ipv6_ra_mode=constants.IPV6_SLAAC,
|
ipv6_ra_mode=constants.IPV6_SLAAC,
|
||||||
ipv6_address_mode=constants.IPV6_SLAAC) as subnet:
|
ipv6_address_mode=constants.IPV6_SLAAC) as subnet:
|
||||||
|
Loading…
x
Reference in New Issue
Block a user