diff --git a/openstackclient/network/v2/network.py b/openstackclient/network/v2/network.py index 00cb782b73..3f579b6d52 100644 --- a/openstackclient/network/v2/network.py +++ b/openstackclient/network/v2/network.py @@ -16,6 +16,7 @@ from cliff import columns as cliff_columns from osc_lib.cli import format_columns from osc_lib.command import command +from osc_lib import exceptions from osc_lib import utils from osc_lib.utils import tags as _tag @@ -125,6 +126,9 @@ def _get_attrs_network(client_manager, parsed_args): attrs['is_default'] = False if parsed_args.default: attrs['is_default'] = True + if attrs.get('is_default') and not attrs.get('router:external'): + msg = _("Cannot set default for internal network") + raise exceptions.CommandError(msg) # Update Provider network options if parsed_args.provider_network_type: attrs['provider:network_type'] = parsed_args.provider_network_type @@ -702,7 +706,8 @@ class SetNetwork(command.Command): default_router_grp.add_argument( '--default', action='store_true', - help=_("Set the network as the default external network") + help=_("Set the network as the default external network " + "(cannot be used with internal network).") ) default_router_grp.add_argument( '--no-default', diff --git a/openstackclient/tests/unit/network/v2/test_network.py b/openstackclient/tests/unit/network/v2/test_network.py index 5f8eed6702..45d6008b5b 100644 --- a/openstackclient/tests/unit/network/v2/test_network.py +++ b/openstackclient/tests/unit/network/v2/test_network.py @@ -278,6 +278,24 @@ class TestCreateNetworkIdentityV3(TestNetwork): def test_create_with_no_tag(self): self._test_create_with_tag(add_tags=False) + def test_create_default_internal(self): + arglist = [ + self._network.name, + "--default", + ] + verifylist = [ + ('name', self._network.name), + ('enable', True), + ('share', None), + ('project', None), + ('external', False), + ('default', True), + ] + + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + self.assertRaises(exceptions.CommandError, self.cmd.take_action, + parsed_args) + class TestCreateNetworkIdentityV2(TestNetwork): @@ -1025,6 +1043,21 @@ class TestSetNetwork(TestNetwork): def test_set_with_no_tag(self): self._test_set_tags(with_tags=False) + def test_set_default_internal(self): + arglist = [ + self._network.name, + '--internal', + '--default', + ] + verifylist = [ + ('internal', True), + ('default', True), + ] + + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + self.assertRaises(exceptions.CommandError, self.cmd.take_action, + parsed_args) + class TestShowNetwork(TestNetwork): diff --git a/releasenotes/notes/disallow-setting-default-on-internal-network-824fdea1a900891c.yaml b/releasenotes/notes/disallow-setting-default-on-internal-network-824fdea1a900891c.yaml new file mode 100644 index 0000000000..baf4efe91d --- /dev/null +++ b/releasenotes/notes/disallow-setting-default-on-internal-network-824fdea1a900891c.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + For ``network create`` the + `--default`` option should be only used for external networks. + After this release, we enforce this scenario. If a users attempts + to create an internal default network or update a network to be + internal default, the command will be denied. + [Bug `1745658 `_]