Add UUID validation for consumer_uuid

When an allocation is created with PUT /allocations/{consumer_uuid} the consumer_uuid is not validated as UUID in the API and the DB schema only checks that is fits into String(36). However the Consumer object stores this value in a UUIDField oslo only raises a warning today. This patch adds a UUID validation for that URL path. Change-Id: Idedd85ca9266f10ce09231c34cab7ca43029a56c Closes-Bug: #1780238
2018-07-05 14:55:43 +02:00 · 2018-07-05 14:55:43 +02:00 · 928746a7bb
parent 6ee633a971
commit 928746a7bb
2 changed files with 27 additions and 18 deletions
--- a/nova/api/openstack/placement/handlers/allocation.py
+++ b/nova/api/openstack/placement/handlers/allocation.py
@ -12,11 +12,13 @@
 """Placement API handlers for setting and deleting allocations."""

 import collections
+import uuid

 from oslo_log import log as logging
 from oslo_serialization import jsonutils
 from oslo_utils import encodeutils
 from oslo_utils import timeutils
+from oslo_utils import uuidutils
 import webob

 from nova.api.openstack.placement import errors
@ -330,6 +332,11 @@ def _set_allocations_for_consumer(req, schema):
    context = req.environ['placement.context']
    context.can(policies.ALLOC_UPDATE)
    consumer_uuid = util.wsgi_path_item(req.environ, 'consumer_uuid')
+    if not uuidutils.is_uuid_like(consumer_uuid):
+        raise webob.exc.HTTPBadRequest(
+            _('Malformed consumer_uuid: %(consumer_uuid)s') %
+            {'consumer_uuid': consumer_uuid})
+    consumer_uuid = str(uuid.UUID(consumer_uuid))
    data = util.extract_json(req.body, schema)
    allocation_data = data['allocations']

--- a/nova/tests/functional/api/openstack/placement/gabbits/allocations.yaml
+++ b/nova/tests/functional/api/openstack/placement/gabbits/allocations.yaml
@ -414,11 +414,7 @@ tests:
            resources:
                DISK_GB: 1
                VCPU: 1
-      # TODO(efried): Due to bug 1758057, this request is actually creating a
-      # *new* consumer; it should actually be replacing the allocations for the
-      # existing consumer with UUID 75d0f5f7-75d9-458c-b204-f90ac91604ec.
-      #      consumer_generation: 3
-      consumer_generation: null
+      consumer_generation: 1
      project_id: 00000000-0000-0000-0000-000000000000
      user_id: 00000000-0000-0000-0000-000000000000
  status: 204
@ -426,21 +422,12 @@ tests:
 - name: get allocations on existing consumer with dashed UUID
  GET: /allocations/75d0f5f7-75d9-458c-b204-f90ac91604ec
  response_json_paths:
-      # TODO(efried): Due to bug 1758057, these are the allocations from
-      # "put allocations on both those providers two". They *should* be from
-      # "put allocations on existing consumer with dashless UUID" instead.
-      #      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].generation: 0
-      #      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].resources.DISK_GB: 1
-      #      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].resources.VCPU: 1
-      #      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].generation: 0
-      #      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].resources.DISK_GB: 1
-      #      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].resources.VCPU: 1
      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].generation: 4
-      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].resources.DISK_GB: 5
-      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].resources.VCPU: 4
+      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].resources.DISK_GB: 1
+      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].resources.VCPU: 1
      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].generation: 4
-      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].resources.DISK_GB: 2
-      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].resources.VCPU: 8
+      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].resources.DISK_GB: 1
+      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].resources.VCPU: 1

 - name: put an allocation for a not existing resource provider
  PUT: /allocations/75d0f5f7-75d9-458c-b204-f90ac91604ec
@ -492,3 +479,18 @@ tests:
  response_forbidden_headers:
      - cache-control
      - last-modified
+
+- name: creating allocation with a non UUID consumer fails
+  PUT: /allocations/not-a-uuid
+  request_headers:
+      content-type: application/json
+  data:
+      allocations:
+          - resource_provider:
+                uuid: fcfa516a-abbe-45d1-8152-d5225d82e596
+            resources:
+                DISK_GB: 1
+                VCPU: 1
+  status: 400
+  response_strings:
+      - Malformed consumer_uuid