From 78aae2093d4d1330de046c469313b19c52c7b8d3 Mon Sep 17 00:00:00 2001
From: Tong Liu <tongl@vmware.com>
Date: Wed, 29 Nov 2017 16:37:28 -0800
Subject: [PATCH] NSXv3: Validate LB router gateway

Add one more validation to check if LB subnet is connected to a
router that already setup gateway on external network.

Change-Id: Ic8e9227534a78f18a57ed18cfebe9b400907a98a
---
 vmware_nsx/services/lbaas/nsx_v3/lb_utils.py        | 13 ++++++++-----
 .../services/lbaas/nsx_v3/loadbalancer_mgr.py       |  8 ++++----
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/vmware_nsx/services/lbaas/nsx_v3/lb_utils.py b/vmware_nsx/services/lbaas/nsx_v3/lb_utils.py
index a0e8e0a3ae..214644b1b6 100644
--- a/vmware_nsx/services/lbaas/nsx_v3/lb_utils.py
+++ b/vmware_nsx/services/lbaas/nsx_v3/lb_utils.py
@@ -45,7 +45,9 @@ def get_router_from_network(context, plugin, subnet_id):
                     'network_id': [network_id]}
     ports = plugin.get_ports(context, filters=port_filters)
     if ports:
-        return ports[0]['device_id']
+        router = plugin.get_router(context, ports[0]['device_id'])
+        if router.get('external_gateway_info'):
+            return True
 
 
 def get_lb_router_id(context, plugin, lb):
@@ -78,8 +80,9 @@ def validate_lb_subnet(context, plugin, subnet_id):
     '''Validate LB subnet before creating loadbalancer on it.
 
     To create a loadbalancer, the network has to be either an external
-    network or private network that connects to a tenant router. It will
-    throw exception if the network doesn't meet this requirement.
+    network or private network that connects to a tenant router. The
+    tenant router needs to connect to gateway. It will throw
+    exception if the network doesn't meet this requirement.
 
     :param context: context
     :param plugin: core plugin
@@ -87,9 +90,9 @@ def validate_lb_subnet(context, plugin, subnet_id):
     :return: True if subnet meet requirement, otherwise return False
     '''
     network = get_network_from_subnet(context, plugin, subnet_id)
-    router_id = get_router_from_network(
+    valid_router = get_router_from_network(
         context, plugin, subnet_id)
-    if network.get('router:external') or router_id:
+    if network.get('router:external') or valid_router:
         return True
     else:
         return False
diff --git a/vmware_nsx/services/lbaas/nsx_v3/loadbalancer_mgr.py b/vmware_nsx/services/lbaas/nsx_v3/loadbalancer_mgr.py
index 79c6934f6b..dffc44518d 100644
--- a/vmware_nsx/services/lbaas/nsx_v3/loadbalancer_mgr.py
+++ b/vmware_nsx/services/lbaas/nsx_v3/loadbalancer_mgr.py
@@ -47,10 +47,10 @@ class EdgeLoadBalancerManager(base_mgr.Nsxv3LoadbalancerBaseManager):
                                        lb.vip_subnet_id):
             self.lbv2_driver.load_balancer.successful_completion(context, lb)
         else:
-            msg = _('Cannot create lb on subnet %(sub)s for '
-                    'loadbalancer %(lb)s as it does not connect '
-                    'to router') % {'sub': lb.vip_subnet_id,
-                                    'lb': lb.id}
+            msg = (_('Cannot create lb on subnet %(sub)s for '
+                     'loadbalancer %(lb)s. The subnet needs to connect a '
+                     'router which is already set gateway.') %
+                   {'sub': lb.vip_subnet_id, 'lb': lb.id})
             raise n_exc.BadRequest(resource='lbaas-subnet', msg=msg)
 
     @log_helpers.log_method_call