Merge "NSX|V3+P: Limit number of subnet static routes per backend"

vmware_nsx/plugins/common_v3/plugin.py

@@ -1780,6 +1780,7 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
         pass
 
     def _create_subnet(self, context, subnet):
+        self._validate_number_of_subnet_static_routes(subnet)
         self._validate_host_routes_input(subnet)
 
         # TODO(berlin): public external subnet announcement
@@ -1958,6 +1959,20 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
         """Should be implemented by each plugin"""
         pass
 
+    def _validate_number_of_subnet_static_routes(self, subnet_input):
+        s = subnet_input['subnet']
+        request_host_routes = (validators.is_attr_set(s.get('host_routes')) and
+                               s['host_routes'])
+        num_allowed_on_backend = nsxlib_consts.MAX_STATIC_ROUTES
+        if request_host_routes:
+            if len(request_host_routes) > num_allowed_on_backend:
+                err_msg = (_(
+                    "Number of static routes is limited at the backend to %("
+                    "backend)s. Requested %(requested)s") %
+                           {'backend': nsxlib_consts.MAX_STATIC_ROUTES,
+                            'requested': len(request_host_routes)})
+                raise n_exc.InvalidInput(error_message=err_msg)
+
     def get_subnets(self, context, filters=None, fields=None, sorts=None,
                     limit=None, marker=None, page_reverse=False):
         filters = filters or {}
@@ -2001,6 +2016,7 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
     def _update_subnet(self, context, subnet_id, subnet):
         updated_subnet = None
         orig_subnet = self.get_subnet(context, subnet_id)
+        self._validate_number_of_subnet_static_routes(subnet)
         self._validate_host_routes_input(
             subnet,
             orig_enable_dhcp=orig_subnet['enable_dhcp'],

vmware_nsx/tests/unit/nsx_v3/test_plugin.py

@@ -927,6 +927,28 @@ class TestSubnetsV2(test_plugin.TestSubnetsV2, NsxV3PluginTestCaseMixin):
                                   self.plugin.create_subnet,
                                   context.get_admin_context(), data)
 
+    def test_fail_create_static_routes_per_subnet_over_limit(self):
+        with self.network() as network:
+            data = {'subnet': {'network_id': network['network']['id'],
+                               'cidr': '10.0.0.0/16',
+                               'name': 'sub1',
+                               'dns_nameservers': None,
+                               'allocation_pools': None,
+                               'tenant_id': 'tenant_one',
+                               'enable_dhcp': False,
+                               'ip_version': 4}}
+            count = 1
+            host_routes = []
+            while count < 28:
+                host_routes.append("'host_routes': [{'destination': "
+                                   "'135.207.0.0/%s', 'nexthop': "
+                                   "'1.2.3.%s'}]" % (count, count))
+                count += 1
+            data['subnet']['host_routes'] = host_routes
+            self.assertRaises(n_exc.InvalidInput,
+                              self.plugin.create_subnet,
+                              context.get_admin_context(), data)
+
     def test_create_subnet_disable_dhcp_with_host_route_fails(self):
         with self.network() as network:
             data = {'subnet': {'network_id': network['network']['id'],