x/vmware-nsx
Code Issues Proposed changes

Merge "NSX|P+V3: Do not allow external subnets overlapping with uplink cidr"

Browse Source
This commit is contained in:
Zuul 2019-01-22 10:13:52 +00:00 committed by Gerrit Code Review
commit 1dec30d47c
4 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
vmware_nsx/plugins/common_v3/plugin.py
View File

@ -715,7 +715,7 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
"""Should be implemented by each plugin""" """Should be implemented by each plugin"""
pass pass
def _get_tier0_uplink_ips(self, tier0_id): def _get_tier0_uplink_cidrs(self, tier0_id):
"""Should be implemented by each plugin""" """Should be implemented by each plugin"""
pass pass
@ -2248,6 +2248,9 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
return False return False
return True if count == 1 else False return True if count == 1 else False
def _cidrs_overlap(self, cidr0, cidr1):
return cidr0.first <= cidr1.last and cidr1.first <= cidr0.last
def _validate_address_space(self, context, subnet): def _validate_address_space(self, context, subnet):
# Only working for IPv4 at the moment # Only working for IPv4 at the moment
if (subnet['ip_version'] != 4): if (subnet['ip_version'] != 4):
@ -2277,7 +2280,7 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
LOG.error(msg) LOG.error(msg)
raise n_exc.InvalidInput(error_message=msg) raise n_exc.InvalidInput(error_message=msg)
# Ensure that the NSX uplink does not lie on the same subnet as # Ensure that the NSX uplink cidr does not lie on the same subnet as
# the external subnet # the external subnet
filters = {'id': [subnet['network_id']], filters = {'id': [subnet['network_id']],
'router:external': [True]} 'router:external': [True]}
@ -2287,12 +2290,13 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
if ext_net.get(pnet.PHYSICAL_NETWORK)] if ext_net.get(pnet.PHYSICAL_NETWORK)]
for tier0_rtr in set(tier0_routers): for tier0_rtr in set(tier0_routers):
tier0_ips = self._get_tier0_uplink_ips(tier0_rtr) tier0_cidrs = self._get_tier0_uplink_cidrs(tier0_rtr)
for ip_address in tier0_ips: for cidr in tier0_cidrs:
tier0_subnet = netaddr.IPNetwork(cidr).cidr
for subnet_network in subnet_networks: for subnet_network in subnet_networks:
if (netaddr.IPAddress(ip_address) in subnet_network): if self._cidrs_overlap(tier0_subnet, subnet_network):
msg = _("External subnet cannot overlap with T0 " msg = _("External subnet cannot overlap with T0 "
"router address %s") % ip_address "router cidr %s") % cidr
LOG.error(msg) LOG.error(msg)
raise n_exc.InvalidInput(error_message=msg) raise n_exc.InvalidInput(error_message=msg)

5
vmware_nsx/plugins/nsx_p/plugin.py
View File

@ -2042,8 +2042,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
def _has_native_dhcp_metadata(self): def _has_native_dhcp_metadata(self):
return True return True
def _get_tier0_uplink_ips(self, tier0_id): def _get_tier0_uplink_cidrs(self, tier0_id):
return self.nsxpolicy.tier0.get_uplink_ips(tier0_id) # return a list of tier0 uplink ip/prefix addresses
return self.nsxpolicy.tier0.get_uplink_cidrs(tier0_id)
def _is_vlan_router_interface_supported(self): def _is_vlan_router_interface_supported(self):
return True return True

6
vmware_nsx/plugins/nsx_v3/plugin.py
View File

@ -3407,8 +3407,10 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
source_net=subnet['cidr'], source_net=subnet['cidr'],
bypass_firewall=False) bypass_firewall=False)
def _get_tier0_uplink_ips(self, tier0_id): def _get_tier0_uplink_cidrs(self, tier0_id):
return self.nsxlib.logical_router_port.get_tier0_uplink_ips(tier0_id) # return a list of tier0 uplink ip/prefix addresses
return self.nsxlib.logical_router_port.get_tier0_uplink_cidrs(
tier0_id)
def _get_neutron_net_ids_by_nsx_id(self, context, lswitch_id): def _get_neutron_net_ids_by_nsx_id(self, context, lswitch_id):
return nsx_db.get_net_ids(context.session, lswitch_id) return nsx_db.get_net_ids(context.session, lswitch_id)

4
vmware_nsx/tests/unit/nsx_p/test_plugin.py
View File

@ -1084,8 +1084,8 @@ class NsxPTestSubnets(test_db_base_plugin_v2.TestSubnetsV2,
'host_routes': None, 'host_routes': None,
'ip_version': 4}} 'ip_version': 4}}
with mock.patch.object(self.plugin.nsxpolicy.tier0, with mock.patch.object(self.plugin.nsxpolicy.tier0,
'get_uplink_ips', 'get_uplink_cidrs',
return_value=['172.20.1.60']): return_value=['172.20.1.60/24']):
self.assertRaises(n_exc.InvalidInput, self.assertRaises(n_exc.InvalidInput,
self.plugin.create_subnet, self.plugin.create_subnet,
context.get_admin_context(), data) context.get_admin_context(), data)