Merge "Properly validate metadef objects"
This commit is contained in:
commit
cc6ef904b3
|
@ -23,6 +23,7 @@ from wsme.rest import json
|
|||
|
||||
from glance.api import policy
|
||||
from glance.api.v2 import metadef_namespaces as namespaces
|
||||
import glance.api.v2.metadef_properties as properties
|
||||
from glance.api.v2.model.metadef_object import MetadefObject
|
||||
from glance.api.v2.model.metadef_object import MetadefObjects
|
||||
from glance.common import exception
|
||||
|
@ -250,6 +251,10 @@ class RequestDeserializer(wsgi.JSONRequestDeserializer):
|
|||
self._check_allowed(body)
|
||||
try:
|
||||
self.schema.validate(body)
|
||||
if 'properties' in body:
|
||||
for propertyname in body['properties']:
|
||||
schema = properties.get_schema(require_name=False)
|
||||
schema.validate(body['properties'][propertyname])
|
||||
except exception.InvalidObject as e:
|
||||
raise webob.exc.HTTPBadRequest(explanation=e.msg)
|
||||
metadata_object = json.fromjson(MetadefObject, body)
|
||||
|
|
|
@ -283,12 +283,13 @@ def _get_base_properties():
|
|||
return base_def['property']['additionalProperties']['properties']
|
||||
|
||||
|
||||
def get_schema():
|
||||
def get_schema(require_name=True):
|
||||
definitions = _get_base_definitions()
|
||||
properties = _get_base_properties()
|
||||
mandatory_attrs = PropertyType.get_mandatory_attrs()
|
||||
# name is required attribute when use as single property type
|
||||
mandatory_attrs.append('name')
|
||||
if require_name:
|
||||
# name is required attribute when use as single property type
|
||||
mandatory_attrs.append('name')
|
||||
schema = glance.schema.Schema(
|
||||
'property',
|
||||
properties,
|
||||
|
|
|
@ -1405,6 +1405,27 @@ class TestMetadefsControllers(base.IsolatedUnitTest):
|
|||
self.assertEqual([], object.required)
|
||||
self.assertEqual({}, object.properties)
|
||||
|
||||
def test_object_create_invalid_properties(self):
|
||||
request = unit_test_utils.get_fake_request('/metadefs/namespaces/'
|
||||
'Namespace3/'
|
||||
'objects')
|
||||
body = {
|
||||
"name": "My Object",
|
||||
"description": "object1 description.",
|
||||
"properties": {
|
||||
"property1": {
|
||||
"type": "integer",
|
||||
"title": "property",
|
||||
"description": "property description",
|
||||
"test-key": "test-value",
|
||||
}
|
||||
}
|
||||
}
|
||||
request.body = jsonutils.dump_as_bytes(body)
|
||||
self.assertRaises(webob.exc.HTTPBadRequest,
|
||||
self.deserializer.create,
|
||||
request)
|
||||
|
||||
def test_object_create_overlimit_name(self):
|
||||
request = unit_test_utils.get_fake_request('/metadefs/namespaces/'
|
||||
'Namespace3/'
|
||||
|
|
Loading…
Reference in New Issue