def insert_default_ip_policy(self, subnet_db):
cidrs = []
ip_policies.ensure_default_policy(cidrs, [subnet_db])
subnet_db["ip_policy"] = db_api.ip_policy_create(
self.context, exclude=cidrs)
self.context.session.add(subnet_db)
self.context.session.flush()
def test_no_duplicates_in_result_when_called_twice(self):
cidrs = ["192.168.10.10/32"]
subnets = [dict(cidr="192.168.10.0/24")]
self.assertIsNone(ippol.ensure_default_policy(cidrs, subnets))
self.assertEqual(cidrs, ["192.168.10.10/32", "192.168.10.0/32", "192.168.10.255/32"])
cidrs2 = ["192.168.10.10/32"]
self.assertIsNone(ippol.ensure_default_policy(cidrs2, subnets))
self.assertEqual(cidrs, ["192.168.10.10/32", "192.168.10.0/32", "192.168.10.255/32"])
self.assertEqual(subnets, [dict(cidr="192.168.10.0/24")])
def upgrade():
ip_policy = table('quark_ip_policy',
column('id', sa.String(length=36)),
column('tenant_id', sa.String(length=255)),
column('created_at', sa.DateTime()))
ip_policy_cidrs = table('quark_ip_policy_cidrs',
column('id', sa.String(length=36)),
column('created_at', sa.DateTime()),
column('ip_policy_id', sa.String(length=36)),
column('cidr', sa.String(length=64)))
subnets = table('quark_subnets',
column('id', sa.String(length=36)),
column('_cidr', sa.String(length=64)),
column('tenant_id', sa.String(length=255)),
column('ip_policy_id', sa.String(length=36)))
connection = op.get_bind()
# 1. Find all subnets without ip_policy.
data = connection.execute(select([
subnets.c.id, subnets.c._cidr, subnets.c.tenant_id]).where(
subnets.c.ip_policy_id == None)).fetchall() # noqa
if not data:
return
LOG.info("Subnet IDs without IP policies: %s", [d[0] for d in data])
# 2. Insert ip_policy rows with id.
vals = [dict(id=uuidutils.generate_uuid(),
created_at=timeutils.utcnow(),
tenant_id=tenant_id)
for id, cidr, tenant_id in data]
LOG.info("IP Policy IDs to insert: %s", [v["id"] for v in vals])
connection.execute(ip_policy.insert(), *vals)
# 3. Insert default ip_policy_cidrs for those ip_policy's.
vals2 = []
for ((id, cidr, tenant_id), ip_policy) in zip(data, vals):
cidrs = []
ip_policies.ensure_default_policy(cidrs, [dict(cidr=cidr)])
for cidr in cidrs:
vals2.append(dict(id=uuidutils.generate_uuid(),
created_at=timeutils.utcnow(),
ip_policy_id=ip_policy["id"],
cidr=str(cidr)))
LOG.info("IP Policy CIDR IDs to insert: %s", [v["id"] for v in vals2])
connection.execute(ip_policy_cidrs.insert(), *vals2)
# 4. Set ip_policy_id rows in quark_subnets.
for ((id, cidr, tenant_id), ip_policy) in zip(data, vals):
connection.execute(subnets.update().values(
ip_policy_id=ip_policy["id"]).where(
subnets.c.id == id))
def test_no_duplicates_in_result_when_called_twice(self):
cidrs = ["192.168.10.10/32"]
subnets = [dict(cidr="192.168.10.0/24")]
self.assertIsNone(ippol.ensure_default_policy(cidrs, subnets))
self.assertEqual(cidrs, ["192.168.10.10/32", "192.168.10.0/32",
"192.168.10.255/32"])
cidrs2 = ["192.168.10.10/32"]
self.assertIsNone(ippol.ensure_default_policy(cidrs2, subnets))
self.assertEqual(cidrs, ["192.168.10.10/32", "192.168.10.0/32",
"192.168.10.255/32"])
self.assertEqual(subnets, [dict(cidr="192.168.10.0/24")])
def test_cidrs_without_default_cidrs_v4(self):
cidrs = ["192.168.10.20/32", "192.168.10.40/32"]
subnets = [dict(cidr="192.168.10.1/24")]
self.assertIsNone(ippol.ensure_default_policy(cidrs, subnets))
self.assertEqual(cidrs, ["192.168.10.20/32", "192.168.10.40/32",
"192.168.10.0/32", "192.168.10.255/32"])
self.assertEqual(subnets, [dict(cidr="192.168.10.1/24")])
def test_cidrs_without_default_cidrs_v6(self):
cidrs = ["::10/128", "::20/128"]
subnets = [dict(cidr="::/64")]
self.assertIsNone(ippol.ensure_default_policy(cidrs, subnets))
self.assertEqual(cidrs, ["::10/128", "::20/128",
"::/128", "::ffff:ffff:ffff:ffff/128"])
self.assertEqual(subnets, [dict(cidr="::/64")])
def test_cidrs_without_default_cidrs_v6(self):
cidrs = ["::10/128", "::20/128"]
subnets = [dict(cidr="::/64")]
self.assertIsNone(ippol.ensure_default_policy(cidrs, subnets))
self.assertEqual(cidrs, ["::10/128", "::20/128",
"::/128", "::ffff:ffff:ffff:ffff/128"])
self.assertEqual(subnets, [dict(cidr="::/64")])
def test_cidrs_without_default_cidrs_v4(self):
cidrs = ["192.168.10.20/32", "192.168.10.40/32"]
subnets = [dict(cidr="192.168.10.1/24")]
self.assertIsNone(ippol.ensure_default_policy(cidrs, subnets))
self.assertEqual(cidrs, ["192.168.10.20/32", "192.168.10.40/32",
"192.168.10.0/32", "192.168.10.255/32"])
self.assertEqual(subnets, [dict(cidr="192.168.10.1/24")])
def create_subnet(context, subnet):
"""Create a subnet.
Create a subnet which represents a range of IP addresses
that can be allocated to devices
: param context: neutron api request context
: param subnet: dictionary describing the subnet, with keys
as listed in the RESOURCE_ATTRIBUTE_MAP object in
neutron/api/v2/attributes.py. All keys will be populated.
"""
LOG.info("create_subnet for tenant %s" % context.tenant_id)
net_id = subnet["subnet"]["network_id"]
with context.session.begin():
net = db_api.network_find(context, None, None, None, False,
id=net_id, scope=db_api.ONE)
if not net:
raise exceptions.NetworkNotFound(net_id=net_id)
sub_attrs = subnet["subnet"]
always_pop = ["enable_dhcp", "ip_version", "first_ip", "last_ip",
"_cidr"]
admin_only = ["segment_id", "do_not_use", "created_at",
"next_auto_assign_ip"]
utils.filter_body(context, sub_attrs, admin_only, always_pop)
_validate_subnet_cidr(context, net_id, sub_attrs["cidr"])
cidr = netaddr.IPNetwork(sub_attrs["cidr"])
err_vals = {'cidr': sub_attrs["cidr"], 'network_id': net_id}
err = _("Requested subnet with cidr: %(cidr)s for "
"network: %(network_id)s. Prefix is too small, must be a "
"larger subnet. A prefix less than /%(prefix)s is required.")
if cidr.version == 6 and cidr.prefixlen > 64:
err_vals["prefix"] = 65
err_msg = err % err_vals
raise exceptions.InvalidInput(error_message=err_msg)
elif cidr.version == 4 and cidr.prefixlen > 30:
err_vals["prefix"] = 31
err_msg = err % err_vals
raise exceptions.InvalidInput(error_message=err_msg)
# Enforce subnet quotas
net_subnets = get_subnets(context,
filters=dict(network_id=net_id))
if not context.is_admin:
v4_count, v6_count = 0, 0
for subnet in net_subnets:
if netaddr.IPNetwork(subnet['cidr']).version == 6:
v6_count += 1
else:
v4_count += 1
if cidr.version == 6:
tenant_quota_v6 = context.session.query(qdv.Quota).filter_by(
tenant_id=context.tenant_id,
resource='v6_subnets_per_network').first()
if tenant_quota_v6 != -1:
quota.QUOTAS.limit_check(
context, context.tenant_id,
v6_subnets_per_network=v6_count + 1)
else:
tenant_quota_v4 = context.session.query(qdv.Quota).filter_by(
tenant_id=context.tenant_id,
resource='v4_subnets_per_network').first()
if tenant_quota_v4 != -1:
quota.QUOTAS.limit_check(
context, context.tenant_id,
v4_subnets_per_network=v4_count + 1)
# See RM981. The default behavior of setting a gateway unless
# explicitly asked to not is no longer desirable.
gateway_ip = utils.pop_param(sub_attrs, "gateway_ip")
dns_ips = utils.pop_param(sub_attrs, "dns_nameservers", [])
host_routes = utils.pop_param(sub_attrs, "host_routes", [])
allocation_pools = utils.pop_param(sub_attrs, "allocation_pools", None)
sub_attrs["network"] = net
new_subnet = db_api.subnet_create(context, **sub_attrs)
cidrs = []
alloc_pools = allocation_pool.AllocationPools(sub_attrs["cidr"],
allocation_pools)
if isinstance(allocation_pools, list):
cidrs = alloc_pools.get_policy_cidrs()
quota.QUOTAS.limit_check(
context,
context.tenant_id,
alloc_pools_per_subnet=len(alloc_pools))
ip_policies.ensure_default_policy(cidrs, [new_subnet])
new_subnet["ip_policy"] = db_api.ip_policy_create(context,
exclude=cidrs)
quota.QUOTAS.limit_check(context, context.tenant_id,
routes_per_subnet=len(host_routes))
default_route = None
for route in host_routes:
netaddr_route = netaddr.IPNetwork(route["destination"])
if netaddr_route.value == routes.DEFAULT_ROUTE.value:
if default_route:
raise q_exc.DuplicateRouteConflict(
subnet_id=new_subnet["id"])
default_route = route
gateway_ip = default_route["nexthop"]
alloc_pools.validate_gateway_excluded(gateway_ip)
new_subnet["routes"].append(db_api.route_create(
context, cidr=route["destination"], gateway=route["nexthop"]))
quota.QUOTAS.limit_check(context, context.tenant_id,
dns_nameservers_per_subnet=len(dns_ips))
for dns_ip in dns_ips:
new_subnet["dns_nameservers"].append(db_api.dns_create(
context, ip=netaddr.IPAddress(dns_ip)))
# if the gateway_ip is IN the cidr for the subnet and NOT excluded by
# policies, we should raise a 409 conflict
if gateway_ip and default_route is None:
alloc_pools.validate_gateway_excluded(gateway_ip)
new_subnet["routes"].append(db_api.route_create(
context, cidr=str(routes.DEFAULT_ROUTE), gateway=gateway_ip))
subnet_dict = v._make_subnet_dict(new_subnet)
subnet_dict["gateway_ip"] = gateway_ip
n_rpc.get_notifier("network").info(
context,
"ip_block.create",
dict(tenant_id=subnet_dict["tenant_id"],
ip_block_id=subnet_dict["id"],
created_at=new_subnet["created_at"]))
return subnet_dict
def update_subnet(context, id, subnet):
"""Update values of a subnet.
: param context: neutron api request context
: param id: UUID representing the subnet to update.
: param subnet: dictionary with keys indicating fields to update.
valid keys are those that have a value of True for 'allow_put'
as listed in the RESOURCE_ATTRIBUTE_MAP object in
neutron/api/v2/attributes.py.
"""
LOG.info("update_subnet %s for tenant %s" %
(id, context.tenant_id))
with context.session.begin():
subnet_db = db_api.subnet_find(context, None, None, None, False, id=id,
scope=db_api.ONE)
if not subnet_db:
raise exceptions.SubnetNotFound(id=id)
s = subnet["subnet"]
always_pop = ["_cidr", "cidr", "first_ip", "last_ip", "ip_version",
"segment_id", "network_id"]
admin_only = ["do_not_use", "created_at", "tenant_id",
"next_auto_assign_ip", "enable_dhcp"]
utils.filter_body(context, s, admin_only, always_pop)
dns_ips = utils.pop_param(s, "dns_nameservers", [])
host_routes = utils.pop_param(s, "host_routes", [])
gateway_ip = utils.pop_param(s, "gateway_ip", None)
allocation_pools = utils.pop_param(s, "allocation_pools", None)
if not CONF.QUARK.allow_allocation_pool_update:
if allocation_pools:
raise exceptions.BadRequest(
resource="subnets",
msg="Allocation pools cannot be updated.")
alloc_pools = allocation_pool.AllocationPools(
subnet_db["cidr"],
policies=models.IPPolicy.get_ip_policy_cidrs(subnet_db))
else:
alloc_pools = allocation_pool.AllocationPools(subnet_db["cidr"],
allocation_pools)
quota.QUOTAS.limit_check(
context,
context.tenant_id,
alloc_pools_per_subnet=len(alloc_pools))
if gateway_ip:
alloc_pools.validate_gateway_excluded(gateway_ip)
default_route = None
for route in host_routes:
netaddr_route = netaddr.IPNetwork(route["destination"])
if netaddr_route.value == routes.DEFAULT_ROUTE.value:
default_route = route
break
if default_route is None:
route_model = db_api.route_find(
context, cidr=str(routes.DEFAULT_ROUTE), subnet_id=id,
scope=db_api.ONE)
if route_model:
db_api.route_update(context, route_model,
gateway=gateway_ip)
else:
db_api.route_create(context,
cidr=str(routes.DEFAULT_ROUTE),
gateway=gateway_ip, subnet_id=id)
if dns_ips:
subnet_db["dns_nameservers"] = []
quota.QUOTAS.limit_check(context, context.tenant_id,
dns_nameservers_per_subnet=len(dns_ips))
for dns_ip in dns_ips:
subnet_db["dns_nameservers"].append(db_api.dns_create(
context,
ip=netaddr.IPAddress(dns_ip)))
if host_routes:
subnet_db["routes"] = []
quota.QUOTAS.limit_check(context, context.tenant_id,
routes_per_subnet=len(host_routes))
for route in host_routes:
subnet_db["routes"].append(db_api.route_create(
context, cidr=route["destination"], gateway=route["nexthop"]))
if CONF.QUARK.allow_allocation_pool_update:
if isinstance(allocation_pools, list):
cidrs = alloc_pools.get_policy_cidrs()
ip_policies.ensure_default_policy(cidrs, [subnet_db])
subnet_db["ip_policy"] = db_api.ip_policy_update(
context, subnet_db["ip_policy"], exclude=cidrs)
# invalidate the cache
db_api.subnet_update_set_alloc_pool_cache(context, subnet_db)
subnet = db_api.subnet_update(context, subnet_db, **s)
return v._make_subnet_dict(subnet)
def create_subnet(context, subnet):
"""Create a subnet.
Create a subnet which represents a range of IP addresses
that can be allocated to devices
: param context: neutron api request context
: param subnet: dictionary describing the subnet, with keys
as listed in the RESOURCE_ATTRIBUTE_MAP object in
neutron/api/v2/attributes.py. All keys will be populated.
"""
LOG.info("create_subnet for tenant %s" % context.tenant_id)
net_id = subnet["subnet"]["network_id"]
with context.session.begin():
net = db_api.network_find(context,
None,
None,
None,
False,
id=net_id,
scope=db_api.ONE)
if not net:
raise exceptions.NetworkNotFound(net_id=net_id)
sub_attrs = subnet["subnet"]
always_pop = [
"enable_dhcp", "ip_version", "first_ip", "last_ip", "_cidr"
]
admin_only = [
"segment_id", "do_not_use", "created_at", "next_auto_assign_ip"
]
utils.filter_body(context, sub_attrs, admin_only, always_pop)
_validate_subnet_cidr(context, net_id, sub_attrs["cidr"])
cidr = netaddr.IPNetwork(sub_attrs["cidr"])
err_vals = {'cidr': sub_attrs["cidr"], 'network_id': net_id}
err = _("Requested subnet with cidr: %(cidr)s for "
"network: %(network_id)s. Prefix is too small, must be a "
"larger subnet. A prefix less than /%(prefix)s is required.")
if cidr.version == 6 and cidr.prefixlen > 64:
err_vals["prefix"] = 65
err_msg = err % err_vals
raise exceptions.InvalidInput(error_message=err_msg)
elif cidr.version == 4 and cidr.prefixlen > 30:
err_vals["prefix"] = 31
err_msg = err % err_vals
raise exceptions.InvalidInput(error_message=err_msg)
# Enforce subnet quotas
net_subnets = get_subnets(context, filters=dict(network_id=net_id))
if not context.is_admin:
v4_count, v6_count = 0, 0
for subnet in net_subnets:
if netaddr.IPNetwork(subnet['cidr']).version == 6:
v6_count += 1
else:
v4_count += 1
if cidr.version == 6:
tenant_quota_v6 = context.session.query(qdv.Quota).filter_by(
tenant_id=context.tenant_id,
resource='v6_subnets_per_network').first()
if tenant_quota_v6 != -1:
quota.QUOTAS.limit_check(context,
context.tenant_id,
v6_subnets_per_network=v6_count +
1)
else:
tenant_quota_v4 = context.session.query(qdv.Quota).filter_by(
tenant_id=context.tenant_id,
resource='v4_subnets_per_network').first()
if tenant_quota_v4 != -1:
quota.QUOTAS.limit_check(context,
context.tenant_id,
v4_subnets_per_network=v4_count +
1)
# See RM981. The default behavior of setting a gateway unless
# explicitly asked to not is no longer desirable.
gateway_ip = utils.pop_param(sub_attrs, "gateway_ip")
dns_ips = utils.pop_param(sub_attrs, "dns_nameservers", [])
host_routes = utils.pop_param(sub_attrs, "host_routes", [])
allocation_pools = utils.pop_param(sub_attrs, "allocation_pools", None)
sub_attrs["network"] = net
new_subnet = db_api.subnet_create(context, **sub_attrs)
cidrs = []
alloc_pools = allocation_pool.AllocationPools(sub_attrs["cidr"],
allocation_pools)
if isinstance(allocation_pools, list):
cidrs = alloc_pools.get_policy_cidrs()
quota.QUOTAS.limit_check(context,
context.tenant_id,
alloc_pools_per_subnet=len(alloc_pools))
ip_policies.ensure_default_policy(cidrs, [new_subnet])
new_subnet["ip_policy"] = db_api.ip_policy_create(context,
exclude=cidrs)
quota.QUOTAS.limit_check(context,
context.tenant_id,
routes_per_subnet=len(host_routes))
default_route = None
for route in host_routes:
netaddr_route = netaddr.IPNetwork(route["destination"])
if netaddr_route.value == routes.DEFAULT_ROUTE.value:
if default_route:
raise q_exc.DuplicateRouteConflict(
subnet_id=new_subnet["id"])
default_route = route
gateway_ip = default_route["nexthop"]
alloc_pools.validate_gateway_excluded(gateway_ip)
new_subnet["routes"].append(
db_api.route_create(context,
cidr=route["destination"],
gateway=route["nexthop"]))
quota.QUOTAS.limit_check(context,
context.tenant_id,
dns_nameservers_per_subnet=len(dns_ips))
for dns_ip in dns_ips:
new_subnet["dns_nameservers"].append(
db_api.dns_create(context, ip=netaddr.IPAddress(dns_ip)))
# if the gateway_ip is IN the cidr for the subnet and NOT excluded by
# policies, we should raise a 409 conflict
if gateway_ip and default_route is None:
alloc_pools.validate_gateway_excluded(gateway_ip)
new_subnet["routes"].append(
db_api.route_create(context,
cidr=str(routes.DEFAULT_ROUTE),
gateway=gateway_ip))
subnet_dict = v._make_subnet_dict(new_subnet)
subnet_dict["gateway_ip"] = gateway_ip
n_rpc.get_notifier("network").info(
context, "ip_block.create",
dict(tenant_id=subnet_dict["tenant_id"],
ip_block_id=subnet_dict["id"],
created_at=new_subnet["created_at"]))
return subnet_dict
def update_subnet(context, id, subnet):
"""Update values of a subnet.
: param context: neutron api request context
: param id: UUID representing the subnet to update.
: param subnet: dictionary with keys indicating fields to update.
valid keys are those that have a value of True for 'allow_put'
as listed in the RESOURCE_ATTRIBUTE_MAP object in
neutron/api/v2/attributes.py.
"""
LOG.info("update_subnet %s for tenant %s" % (id, context.tenant_id))
with context.session.begin():
subnet_db = db_api.subnet_find(context,
None,
None,
None,
False,
id=id,
scope=db_api.ONE)
if not subnet_db:
raise exceptions.SubnetNotFound(id=id)
s = subnet["subnet"]
always_pop = [
"_cidr", "cidr", "first_ip", "last_ip", "ip_version", "segment_id",
"network_id"
]
admin_only = [
"do_not_use", "created_at", "tenant_id", "next_auto_assign_ip",
"enable_dhcp"
]
utils.filter_body(context, s, admin_only, always_pop)
dns_ips = utils.pop_param(s, "dns_nameservers", [])
host_routes = utils.pop_param(s, "host_routes", [])
gateway_ip = utils.pop_param(s, "gateway_ip", None)
allocation_pools = utils.pop_param(s, "allocation_pools", None)
if not CONF.QUARK.allow_allocation_pool_update:
if allocation_pools:
raise exceptions.BadRequest(
resource="subnets",
msg="Allocation pools cannot be updated.")
alloc_pools = allocation_pool.AllocationPools(
subnet_db["cidr"],
policies=models.IPPolicy.get_ip_policy_cidrs(subnet_db))
else:
alloc_pools = allocation_pool.AllocationPools(
subnet_db["cidr"], allocation_pools)
quota.QUOTAS.limit_check(context,
context.tenant_id,
alloc_pools_per_subnet=len(alloc_pools))
if gateway_ip:
alloc_pools.validate_gateway_excluded(gateway_ip)
default_route = None
for route in host_routes:
netaddr_route = netaddr.IPNetwork(route["destination"])
if netaddr_route.value == routes.DEFAULT_ROUTE.value:
default_route = route
break
if default_route is None:
route_model = db_api.route_find(context,
cidr=str(routes.DEFAULT_ROUTE),
subnet_id=id,
scope=db_api.ONE)
if route_model:
db_api.route_update(context,
route_model,
gateway=gateway_ip)
else:
db_api.route_create(context,
cidr=str(routes.DEFAULT_ROUTE),
gateway=gateway_ip,
subnet_id=id)
if dns_ips:
subnet_db["dns_nameservers"] = []
quota.QUOTAS.limit_check(context,
context.tenant_id,
dns_nameservers_per_subnet=len(dns_ips))
for dns_ip in dns_ips:
subnet_db["dns_nameservers"].append(
db_api.dns_create(context, ip=netaddr.IPAddress(dns_ip)))
if host_routes:
subnet_db["routes"] = []
quota.QUOTAS.limit_check(context,
context.tenant_id,
routes_per_subnet=len(host_routes))
for route in host_routes:
subnet_db["routes"].append(
db_api.route_create(context,
cidr=route["destination"],
gateway=route["nexthop"]))
if CONF.QUARK.allow_allocation_pool_update:
if isinstance(allocation_pools, list):
cidrs = alloc_pools.get_policy_cidrs()
ip_policies.ensure_default_policy(cidrs, [subnet_db])
subnet_db["ip_policy"] = db_api.ip_policy_update(
context, subnet_db["ip_policy"], exclude=cidrs)
# invalidate the cache
db_api.subnet_update_set_alloc_pool_cache(context, subnet_db)
subnet = db_api.subnet_update(context, subnet_db, **s)
return v._make_subnet_dict(subnet)
def test_no_cidrs_no_subnets(self):
cidrs = []
subnets = []
self.assertIsNone(ippol.ensure_default_policy(cidrs, subnets))
self.assertEqual(cidrs, [])
self.assertEqual(subnets, [])
def test_no_subnets_v6(self):
cidrs = ["::/128", "::ffff:ffff:ffff:ffff/128"]
subnets = []
self.assertIsNone(ippol.ensure_default_policy(cidrs, subnets))
self.assertEqual(cidrs, ["::/128", "::ffff:ffff:ffff:ffff/128"])
self.assertEqual(subnets, [])
def test_no_subnets_v4(self):
cidrs = ["192.168.10.0/32", "192.168.10.255/32"]
subnets = []
self.assertIsNone(ippol.ensure_default_policy(cidrs, subnets))
self.assertEqual(cidrs, ["192.168.10.0/32", "192.168.10.255/32"])
self.assertEqual(subnets, [])
def test_no_cidrs_no_subnets(self):
cidrs = []
subnets = []
self.assertIsNone(ippol.ensure_default_policy(cidrs, subnets))
self.assertEqual(cidrs, [])
self.assertEqual(subnets, [])
def test_no_subnets_v4(self):
cidrs = ["192.168.10.0/32", "192.168.10.255/32"]
subnets = []
self.assertIsNone(ippol.ensure_default_policy(cidrs, subnets))
self.assertEqual(cidrs, ["192.168.10.0/32", "192.168.10.255/32"])
self.assertEqual(subnets, [])
def test_no_subnets_v6(self):
cidrs = ["::/128", "::ffff:ffff:ffff:ffff/128"]
subnets = []
self.assertIsNone(ippol.ensure_default_policy(cidrs, subnets))
self.assertEqual(cidrs, ["::/128", "::ffff:ffff:ffff:ffff/128"])
self.assertEqual(subnets, [])
