Merge pull request #82 from TrimBiggs/ipam-block-size-error

Raise error if IPPool is created with a bad cidr block size
projectcalico · Feb 6, 2016 · 4702169 · 4702169
2 parents 1e4052d + cb043fd
commit 4702169
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 2 deletions.
diff --git a/calico_containers/pycalico/block.py b/calico_containers/pycalico/block.py
@@ -543,3 +543,9 @@ class AddressNotAssignedError(BlockError):
     Tried to query an address that isn't assigned.
     """
     pass
+
+class CidrTooSmallError(BlockError):
+    """
+    Tried to assign a CIDR that is too small to fit in an IP block.
+    """
+    pass
diff --git a/calico_containers/pycalico/datastore_datatypes.py b/calico_containers/pycalico/datastore_datatypes.py
@@ -24,6 +24,7 @@
 
 from pycalico.util import generate_cali_interface_name, validate_characters, \
     validate_ports, validate_icmp_type
+from pycalico.block import CidrTooSmallError, BLOCK_PREFIXLEN
 
 
 IF_PREFIX = "cali"
@@ -126,16 +127,27 @@ class IPPool(object):
     def __init__(self, cidr, ipip=False, masquerade=False, ipam=True):
         """
         Constructor.
-        :param cidr: IPNetwork object (or CIDR string) representing the pool
+        :param cidr: IPNetwork object (or CIDR string) representing the pool.
+            NOTE: When used by Calico IPAM, an IPPool's cidr prefix must have a
+            length equal to or smaller than an IPAM block, such as /24 if the
+            IPAM block size is /26.
         :param ipip: Use IP-IP for this pool.
         :param masquerade: Enable masquerade (outgoing NAT) for this pool.
         :param ipam: Whether this IPPool is used by Calico IPAM.
         """
         # Normalize the CIDR (e.g. 1.2.3.4/16 -> 1.2.0.0/16)
         self.cidr = IPNetwork(cidr).cidr
+        self.ipam = bool(ipam)
+        if self.ipam:
+            if self.cidr.prefixlen > BLOCK_PREFIXLEN[self.cidr.version]:
+                raise CidrTooSmallError("The CIDR block size for an "
+                    "IPv%s pool when using Calico IPAM must have a prefix "
+                    "length of %s or lower. Given: %s" %
+                    (self.cidr.version,
+                     BLOCK_PREFIXLEN[self.cidr.version],
+                     self.cidr.prefixlen))
         self.ipip = bool(ipip)
         self.masquerade = bool(masquerade)
-        self.ipam = bool(ipam)
 
     def to_json(self):
         """

diff --git a/calico_containers/tests/unit/datastore_test.py b/calico_containers/tests/unit/datastore_test.py
@@ -32,6 +32,7 @@
     MultipleEndpointsMatch
 from pycalico.datastore_datatypes import Rules, BGPPeer, IPPool, \
     Endpoint, Profile, Rule
+from pycalico.block import CidrTooSmallError
 
 TEST_HOST = "TEST_HOST"
 TEST_ORCH_ID = "docker"
@@ -490,6 +491,28 @@ def test_str(self):
         assert_equal("1.2.3.0/24",
                       str(IPPool("1.2.3.4/24", ipip=True, masquerade=True)))
 
+    def test_init(self):
+        """
+        Test __init__ allows correct IPPools
+        """
+        bad_cidr1 = "10.10.10.10/32"
+        bad_cidr2 = "172.25.20.0/30"
+        bad_cidr3 = "ffff::/128"
+        good_cidr1 = "10.10.10.10/24"
+        good_cidr2 = "ffff::/120"
+        self.assertRaises(CidrTooSmallError,
+                          IPPool, bad_cidr1, ipam=True)
+        self.assertRaises(CidrTooSmallError,
+                          IPPool, bad_cidr2, ipam=True)
+        self.assertRaises(CidrTooSmallError,
+                          IPPool, bad_cidr3, ipam=True)
+        try:
+            IPPool(good_cidr1, ipam=True)
+            IPPool(good_cidr2, ipam=True)
+            IPPool(bad_cidr1, ipam=False)
+        except CidrTooSmallError:
+            self.fail("Received unexpected AddressRangeNotAllowedError")
+
 
 class TestDatastoreClient(unittest.TestCase):