Enable the user to enforce validity of the gateway IP

Fixes bug 1096532 A new configuration variable is added to enable the user to indicate if the gateway should be validated on the subnet. For backward compatibility this is set as False by default. Change-Id: Ieadd60a945d34703bfee7576aa3b2ff7da3143d4
openstack · Jan 7, 2013 · 24244c1 · 24244c1
1 parent 166a7aa
commit 24244c1
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 1 deletion.
diff --git a/etc/quantum.conf b/etc/quantum.conf
@@ -48,6 +48,9 @@ api_paste_config = api-paste.ini
 # Attention: the following parameter MUST be set to False if Quantum is
 # being used in conjunction with nova security groups and/or metadata service.
 # allow_overlapping_ips = False
+# Ensure that configured gateway is on subnet
+# force_gateway_on_subnet = False
+
 
 # RPC configuration options. Defined in rpc __init__
 # The messaging module to use, defaults to kombu.

diff --git a/quantum/common/config.py b/quantum/common/config.py
@@ -53,7 +53,9 @@
     cfg.BoolOpt('allow_overlapping_ips', default=False),
     cfg.StrOpt('control_exchange',
                default='quantum',
-               help='AMQP exchange to connect to if using RabbitMQ or Qpid')
+               help='AMQP exchange to connect to if using RabbitMQ or Qpid'),
+    cfg.BoolOpt('force_gateway_on_subnet', default=False,
+                help=_("Ensure that configured gateway is on subnet")),
 ]
 
 # Register the configuration options

diff --git a/quantum/db/db_base_plugin_v2.py b/quantum/db/db_base_plugin_v2.py
@@ -992,6 +992,11 @@ def _validate_subnet(self, s):
             s['gateway_ip'] and
             s['gateway_ip'] != attributes.ATTR_NOT_SPECIFIED):
             self._validate_ip_version(ip_ver, s['gateway_ip'], 'gateway_ip')
+            if (cfg.CONF.force_gateway_on_subnet and
+                not QuantumDbPluginV2._check_subnet_ip(s['cidr'],
+                                                       s['gateway_ip'])):
+                error_message = _("Gateway is not valid on subnet")
+                raise q_exc.InvalidInput(error_message=error_message)
 
         if ('dns_nameservers' in s and
             s['dns_nameservers'] != attributes.ATTR_NOT_SPECIFIED):

diff --git a/quantum/tests/unit/test_db_plugin.py b/quantum/tests/unit/test_db_plugin.py
@@ -2182,6 +2182,15 @@ def test_create_subnet_gw_values(self):
         subnet = self._test_create_subnet(expected=expected,
                                           gateway_ip=gateway)
 
+    def test_create_force_subnet_gw_values(self):
+        cfg.CONF.set_override('force_gateway_on_subnet', True)
+        with self.network() as network:
+            self._create_subnet('json',
+                                network['network']['id'],
+                                '10.0.0.0/24',
+                                400,
+                                gateway_ip='100.0.0.1')
+
     def test_create_subnet_with_allocation_pool(self):
         gateway_ip = '10.0.0.1'
         cidr = '10.0.0.0/24'