Prevent update alloc pool over existing gateway ip

The gateway IP for a subnet is not allowed to be listed in the
allocation pool for that subnet. This restriction is checked and
enforced at subnet-create time.

During subnet-update, it is only partially checked. An
exception is returned if the update request tries to place the gateway
IP in an existing allocation pool OR if both gateway and allocation
pool are being changed and the gateway is located in the new pool.

If only the allocation pool is being updated, no check is made to
verify that the new allocation pool does not contain the existing
gateway IP.

Closes-Bug: #1479514
Change-Id: Id9583d6ad88188955388931cd688ca19bd2c9717

diff --git a/neutron/db/db_base_plugin_v2.py b/neutron/db/db_base_plugin_v2.py
index b0d23d2619910559e955ff4e6aef7b401f436266..01fb2fc2d2958384dc1815a808f35f2db88f7ae8 100644 (file)
--- a/neutron/db/db_base_plugin_v2.py
+++ b/neutron/db/db_base_plugin_v2.py
@@ -577,9 +577,13 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
             range_pools = self.ipam.pools_to_ip_range(s['allocation_pools'])
             s['allocation_pools'] = range_pools
 
-        if s.get('gateway_ip') is not None:
+        # If either gateway_ip or allocation_pools were specified
+        gateway_ip = s.get('gateway_ip')
+        if gateway_ip is not None or s.get('allocation_pools') is not None:
+            if gateway_ip is None:
+                gateway_ip = db_subnet.gateway_ip
             pools = range_pools if range_pools is not None else db_pools
-            self.ipam.validate_gw_out_of_pools(s["gateway_ip"], pools)
+            self.ipam.validate_gw_out_of_pools(gateway_ip, pools)
 
         with context.session.begin(subtransactions=True):
             subnet, changes = self.ipam.update_db_subnet(context, id, s,

diff --git a/neutron/tests/unit/db/test_db_base_plugin_v2.py b/neutron/tests/unit/db/test_db_base_plugin_v2.py
index 1a2a9bdcade670b71c9b14f1e02cb75ccee01ef1..e1ea431132d4826373b6d0c0e80db7651371e9b1 100644 (file)
--- a/neutron/tests/unit/db/test_db_base_plugin_v2.py
+++ b/neutron/tests/unit/db/test_db_base_plugin_v2.py
@@ -4160,6 +4160,21 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
                 self.assertEqual(res.status_int,
                                  webob.exc.HTTPClientError.code)
 
+    #updating alloc pool on top of existing subnet.gateway_ip
+    def test_update_subnet_allocation_pools_over_gateway_ip_returns_409(self):
+        allocation_pools = [{'start': '10.0.0.2', 'end': '10.0.0.254'}]
+        with self.network() as network:
+            with self.subnet(network=network,
+                             allocation_pools=allocation_pools,
+                             cidr='10.0.0.0/24') as subnet:
+                data = {'subnet': {'allocation_pools': [
+                        {'start': '10.0.0.1', 'end': '10.0.0.254'}]}}
+                req = self.new_update_request('subnets', data,
+                                              subnet['subnet']['id'])
+                res = req.get_response(self.api)
+                self.assertEqual(res.status_int,
+                                 webob.exc.HTTPConflict.code)
+
     def _test_subnet_update_enable_dhcp_no_ip_available_returns_409(
             self, allocation_pools, cidr):
         ip_version = netaddr.IPNetwork(cidr).version