From 68d36da1dce9584572eaf6b4850ad37e77a0e206 Mon Sep 17 00:00:00 2001
From: Ignatious Johnson Christopher <ijohnson@juniper.net>
Date: Wed, 24 Feb 2016 12:53:15 -0800
Subject: [PATCH] Do not allow configuring multi_policy_service_chain flag on a
 network if it has external route targets configured either in the
 'import-and-export' table or in both 'import' and 'export' tables.

Change-Id: I34355240bd17cc1c3d21296d00a4bc413671af13
Closes-Bug: 1547751
---
 src/config/api-server/vnc_cfg_types.py | 39 +++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/src/config/api-server/vnc_cfg_types.py b/src/config/api-server/vnc_cfg_types.py
index 7adb7093428..dff5d8ae254 100644
--- a/src/config/api-server/vnc_cfg_types.py
+++ b/src/config/api-server/vnc_cfg_types.py
@@ -6,7 +6,7 @@
 # contains code/hooks at different point during processing a request, specific
 # to type of resource. For eg. allocation of mac/ip-addr for a port during its
 # creation.
-
+import copy
 from cfgm_common import jsonutils as json
 import re
 import itertools
@@ -775,9 +775,41 @@ def _check_provider_details(cls, obj_dict, db_conn, create):
 
         return (True, '')
 
+    @classmethod
+    def _is_multi_policy_service_chain_supported(cls, obj_dict, read_result=None):
+        if not ('multi_policy_service_chains_enabled' in obj_dict or
+                'route_target_list' in obj_dict or
+                'import_route_target_list' in obj_dict or
+                'export_route_target_list' in obj_dict):
+            return (True, '')
+
+        # Create Request
+        if not read_result:
+            read_result = {}
+
+        result_obj_dict = copy.deepcopy(read_result)
+        result_obj_dict.update(obj_dict)
+        if result_obj_dict.get('multi_policy_service_chains_enabled'):
+            import_export_targets = result_obj_dict.get('route_target_list', {})
+            import_targets = result_obj_dict.get('import_route_target_list', {})
+            export_targets = result_obj_dict.get('export_route_target_list', {})
+            import_targets_set = set(import_targets.get('route_target', []))
+            export_targets_set = set(export_targets.get('route_target', []))
+            targets_in_both_import_and_export = \
+                    import_targets_set.intersection(export_targets_set)
+            if (import_export_targets.get('route_target', []) or
+                    targets_in_both_import_and_export):
+                msg = "Multi policy service chains are not supported, "
+                msg += "with both import export external route targets"
+                return (False, (409, msg))
+
+        return (True, '')
 
     @classmethod
     def pre_dbe_create(cls, tenant_name, obj_dict, db_conn):
+        (ok, response) = cls._is_multi_policy_service_chain_supported(obj_dict)
+        if not ok:
+            return (ok, response)
         user_visibility = obj_dict['id_perms'].get('user_visible', True)
         verify_quota_kwargs = {'db_conn': db_conn,
                                'fq_name': obj_dict['fq_name'],
@@ -860,6 +892,11 @@ def pre_dbe_update(cls, id, fq_name, obj_dict, db_conn, **kwargs):
         if not ok:
             return ok, read_result
 
+        (ok, response) = cls._is_multi_policy_service_chain_supported(obj_dict,
+                                                                      read_result)
+        if not ok:
+            return (ok, response)
+
         (ok, result) = cls.addr_mgmt.net_check_subnet(obj_dict)
         if not ok:
             return (ok, (409, result))