From 2e733a9c9e0166e52c4a052662a39a8ca825d112 Mon Sep 17 00:00:00 2001
From: John Kasperski <jckasper@us.ibm.com>
Date: Wed, 29 Jul 2015 23:52:01 -0500
Subject: [PATCH] Prevent update alloc pool over existing gateway ip

The gateway IP for a subnet is not allowed to be listed in the
allocation pool for that subnet. This restriction is checked and
enforced at subnet-create time.

During subnet-update, it is only partially checked. An
exception is returned if the update request tries to place the gateway
IP in an existing allocation pool OR if both gateway and allocation
pool are being changed and the gateway is located in the new pool.

If only the allocation pool is being updated, no check is made to
verify that the new allocation pool does not contain the existing
gateway IP.

Closes-Bug: #1479514
Change-Id: Id9583d6ad88188955388931cd688ca19bd2c9717
---
 neutron/db/db_base_plugin_v2.py                 |  8 ++++++--
 neutron/tests/unit/db/test_db_base_plugin_v2.py | 15 +++++++++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/neutron/db/db_base_plugin_v2.py b/neutron/db/db_base_plugin_v2.py
index b0d23d261..01fb2fc2d 100644
--- a/neutron/db/db_base_plugin_v2.py
+++ b/neutron/db/db_base_plugin_v2.py
@@ -577,9 +577,13 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
             range_pools = self.ipam.pools_to_ip_range(s['allocation_pools'])
             s['allocation_pools'] = range_pools
 
-        if s.get('gateway_ip') is not None:
+        # If either gateway_ip or allocation_pools were specified
+        gateway_ip = s.get('gateway_ip')
+        if gateway_ip is not None or s.get('allocation_pools') is not None:
+            if gateway_ip is None:
+                gateway_ip = db_subnet.gateway_ip
             pools = range_pools if range_pools is not None else db_pools
-            self.ipam.validate_gw_out_of_pools(s["gateway_ip"], pools)
+            self.ipam.validate_gw_out_of_pools(gateway_ip, pools)
 
         with context.session.begin(subtransactions=True):
             subnet, changes = self.ipam.update_db_subnet(context, id, s,
diff --git a/neutron/tests/unit/db/test_db_base_plugin_v2.py b/neutron/tests/unit/db/test_db_base_plugin_v2.py
index 1a2a9bdca..e1ea43113 100644
--- a/neutron/tests/unit/db/test_db_base_plugin_v2.py
+++ b/neutron/tests/unit/db/test_db_base_plugin_v2.py
@@ -4160,6 +4160,21 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
                 self.assertEqual(res.status_int,
                                  webob.exc.HTTPClientError.code)
 
+    #updating alloc pool on top of existing subnet.gateway_ip
+    def test_update_subnet_allocation_pools_over_gateway_ip_returns_409(self):
+        allocation_pools = [{'start': '10.0.0.2', 'end': '10.0.0.254'}]
+        with self.network() as network:
+            with self.subnet(network=network,
+                             allocation_pools=allocation_pools,
+                             cidr='10.0.0.0/24') as subnet:
+                data = {'subnet': {'allocation_pools': [
+                        {'start': '10.0.0.1', 'end': '10.0.0.254'}]}}
+                req = self.new_update_request('subnets', data,
+                                              subnet['subnet']['id'])
+                res = req.get_response(self.api)
+                self.assertEqual(res.status_int,
+                                 webob.exc.HTTPConflict.code)
+
     def _test_subnet_update_enable_dhcp_no_ip_available_returns_409(
             self, allocation_pools, cidr):
         ip_version = netaddr.IPNetwork(cidr).version
-- 
2.45.2