def _validate_vpn_cidr(self, context, router_id, vpn_cidr): """Validate the CIDR for a vpn. Verifies the specified CIDR does not overlap with the ones defined for the other subnets specified for the router and othr pptp vpn. """ cidrs = set() core_plugin = manager.NeutronManager.get_plugin() try: rport_qry = context.session.query(models_v2.Port) rports = rport_qry.filter_by(device_id=router_id) for p in rports: for ip in p['fixed_ips']: sub_id = ip['subnet_id'] cidr = core_plugin._get_subnet(context.elevated(), sub_id)['cidr'] cidrs.add(cidr) break except exc.NoResultFound: pass pptps = self.get_pptpconnections(context, {'router_id': [router_id]}) for pptp in pptps: cidrs.add(pptp['vpn_cidr']) openvpns = self.get_openvpnconnections(context, {'router_id': [router_id]}) for openvpn in openvpns: cidrs.add(openvpn['peer_cidr']) vpn_cidr_ipset = netaddr.IPSet([vpn_cidr]) for cidr in cidrs: if (netaddr.IPSet([cidr]) & vpn_cidr_ipset): # don't give out details of the overlapping subnet err_msg = (_("Requested vpn with cidr: %(cidr)s overlaps with" " another subnet or vpn") % { 'cidr': vpn_cidr }) LOG.info( _("Validation for CIDR: %(new_cidr)s failed - " "overlaps with CIDR %(cidr)s " "(CIDR: %(cidr)s)"), { 'new_cidr': vpn_cidr, 'cidr': cidr }) raise n_exc.InvalidInput(error_message=err_msg)
def _validate_vpn_cidr(self, context, router_id, vpn_cidr): """Validate the CIDR for a vpn. Verifies the specified CIDR does not overlap with the ones defined for the other subnets specified for the router and othr pptp vpn. """ cidrs = set() core_plugin = manager.NeutronManager.get_plugin() try: rport_qry = context.session.query(models_v2.Port) rports = rport_qry.filter_by(device_id=router_id) for p in rports: for ip in p['fixed_ips']: sub_id = ip['subnet_id'] cidr = core_plugin._get_subnet(context.elevated(), sub_id)['cidr'] cidrs.add(cidr) break except exc.NoResultFound: pass pptps = self.get_pptpconnections(context, {'router_id': [router_id]}) for pptp in pptps: cidrs.add(pptp['vpn_cidr']) openvpns = self.get_openvpnconnections(context, {'router_id': [router_id]}) for openvpn in openvpns: cidrs.add(openvpn['peer_cidr']) vpn_cidr_ipset = netaddr.IPSet([vpn_cidr]) for cidr in cidrs: if (netaddr.IPSet([cidr]) & vpn_cidr_ipset): # don't give out details of the overlapping subnet err_msg = (_("Requested vpn with cidr: %(cidr)s overlaps with" " another subnet or vpn") % {'cidr': vpn_cidr}) LOG.info(_("Validation for CIDR: %(new_cidr)s failed - " "overlaps with CIDR %(cidr)s " "(CIDR: %(cidr)s)"), {'new_cidr': vpn_cidr, 'cidr': cidr}) raise n_exc.InvalidInput(error_message=err_msg)
def get_router_cidrs(self, context, router_id): """get all cidr of this router to push cidrs to the openvpn's client """ cidrs = set() core_plugin = manager.NeutronManager.get_plugin() try: rport_qry = context.session.query(models_v2.Port) rports = rport_qry.filter_by(device_id=router_id) for p in rports: if p['device_owner'] == l3_constants.DEVICE_OWNER_ROUTER_GW: continue for ip in p['fixed_ips']: sub_id = ip['subnet_id'] cidr = core_plugin._get_subnet(context.elevated(), sub_id)['cidr'] cidrs.add(cidr) break except exc.NoResultFound: pass return cidrs