From ab47969df91e533735c5a763c33a8bd60be65f6b Mon Sep 17 00:00:00 2001
From: Prakash Bailkeri <prakashmb@juniper.net>
Date: Mon, 13 Jul 2015 01:13:21 -0700
Subject: [PATCH] Subnet uuid passed in network-ipam-refs by WebUI/any vnc api
 Client can be invalid.

Reject subnet create(network-update) operation in such cases.

Also, added subnet validation code for POST operation

Change-Id: Iee97cd82c3a94fa183d713af19a0a36cbcc66dd9
Closes-bug: #1473857
(cherry picked from commit 803e4fd42b1bb72c94cb1942a4eefccc58bcfd09)
---
 src/config/api-server/vnc_addr_mgmt.py | 13 ++++++++++++-
 src/config/api-server/vnc_cfg_types.py |  6 +++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/config/api-server/vnc_addr_mgmt.py b/src/config/api-server/vnc_addr_mgmt.py
index 9e9197a13ee..c1379d068a4 100644
--- a/src/config/api-server/vnc_addr_mgmt.py
+++ b/src/config/api-server/vnc_addr_mgmt.py
@@ -3,6 +3,7 @@
 #
 
 import copy
+import uuid
 from netaddr import *
 from vnc_quota import *
 from pprint import pformat
@@ -661,7 +662,7 @@ def net_check_subnet_overlap(self, db_vn_dict, req_vn_dict):
         return True, ""
     # end net_check_subnet_overlap
 
-    def net_check_subnet(self, db_vn_dict, req_vn_dict):
+    def net_check_subnet(self, req_vn_dict):
         ipam_refs = req_vn_dict.get('network_ipam_refs', [])
         for ipam_ref in ipam_refs:
             vnsn_data = ipam_ref['attr']
@@ -674,6 +675,16 @@ def net_check_subnet(self, db_vn_dict, req_vn_dict):
                 subnet_name = subnet_dict['ip_prefix'] + '/' + str(
                     subnet_dict['ip_prefix_len'])
 
+                # check subnet-uuid
+                ipam_cfg_subnet_uuid = ipam_subnet.get('subnet_uuid', None)
+                try:
+                    if ipam_cfg_subnet_uuid:
+                        subnet_uuid = uuid.UUID(ipam_cfg_subnet_uuid)
+                except ValueError:
+                    err_msg = "Invalid subnet-uuid %s in subnet:%s" \
+                        %(ipam_cfg_subnet_uuid, subnet_name)
+                    return False, err_msg
+
                 # check allocation-pool
                 alloc_pools = ipam_subnet.get('allocation_pools', None)
                 for pool in alloc_pools or []:
diff --git a/src/config/api-server/vnc_cfg_types.py b/src/config/api-server/vnc_cfg_types.py
index 793b0c243cb..acb703f20e2 100644
--- a/src/config/api-server/vnc_cfg_types.py
+++ b/src/config/api-server/vnc_cfg_types.py
@@ -492,6 +492,10 @@ def http_post_collection(cls, tenant_name, obj_dict, db_conn):
 
         db_conn.update_subnet_uuid(obj_dict)
 
+        (ok, result) = cls.addr_mgmt.net_check_subnet(obj_dict)
+        if not ok:
+            return (ok, (409, result))
+
         (ok, error) =  cls._check_route_targets(obj_dict, db_conn)
         if not ok:
             return (False, (400, error))
@@ -529,7 +533,7 @@ def http_put(cls, id, fq_name, obj_dict, db_conn):
         if not read_ok:
             return (False, (500, read_result))
 
-        (ok, result) = cls.addr_mgmt.net_check_subnet(read_result, obj_dict)
+        (ok, result) = cls.addr_mgmt.net_check_subnet(obj_dict)
         if not ok:
             return (ok, (409, result))