From 928746a7bbab829539e532119822e44a932adad8 Mon Sep 17 00:00:00 2001
From: Balazs Gibizer <balazs.gibizer@ericsson.com>
Date: Thu, 5 Jul 2018 14:55:43 +0200
Subject: [PATCH] Add UUID validation for consumer_uuid

When an allocation is created with PUT /allocations/{consumer_uuid} the
consumer_uuid is not validated as UUID in the API and the DB schema only
checks that is fits into String(36). However the Consumer object stores
this value in a UUIDField oslo only raises a warning today.

This patch adds a UUID validation for that URL path.

Change-Id: Idedd85ca9266f10ce09231c34cab7ca43029a56c
Closes-Bug: #1780238
---
 .../placement/handlers/allocation.py          |  7 ++++
 .../placement/gabbits/allocations.yaml        | 38 ++++++++++---------
 2 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/nova/api/openstack/placement/handlers/allocation.py b/nova/api/openstack/placement/handlers/allocation.py
index 7d9077e2f5db..375ec676d94b 100644
--- a/nova/api/openstack/placement/handlers/allocation.py
+++ b/nova/api/openstack/placement/handlers/allocation.py
@@ -12,11 +12,13 @@
 """Placement API handlers for setting and deleting allocations."""
 
 import collections
+import uuid
 
 from oslo_log import log as logging
 from oslo_serialization import jsonutils
 from oslo_utils import encodeutils
 from oslo_utils import timeutils
+from oslo_utils import uuidutils
 import webob
 
 from nova.api.openstack.placement import errors
@@ -330,6 +332,11 @@ def _set_allocations_for_consumer(req, schema):
     context = req.environ['placement.context']
     context.can(policies.ALLOC_UPDATE)
     consumer_uuid = util.wsgi_path_item(req.environ, 'consumer_uuid')
+    if not uuidutils.is_uuid_like(consumer_uuid):
+        raise webob.exc.HTTPBadRequest(
+            _('Malformed consumer_uuid: %(consumer_uuid)s') %
+            {'consumer_uuid': consumer_uuid})
+    consumer_uuid = str(uuid.UUID(consumer_uuid))
     data = util.extract_json(req.body, schema)
     allocation_data = data['allocations']
 
diff --git a/nova/tests/functional/api/openstack/placement/gabbits/allocations.yaml b/nova/tests/functional/api/openstack/placement/gabbits/allocations.yaml
index 6919c3ce923d..003857fa8145 100644
--- a/nova/tests/functional/api/openstack/placement/gabbits/allocations.yaml
+++ b/nova/tests/functional/api/openstack/placement/gabbits/allocations.yaml
@@ -414,11 +414,7 @@ tests:
             resources:
                 DISK_GB: 1
                 VCPU: 1
-      # TODO(efried): Due to bug 1758057, this request is actually creating a
-      # *new* consumer; it should actually be replacing the allocations for the
-      # existing consumer with UUID 75d0f5f7-75d9-458c-b204-f90ac91604ec.
-      #      consumer_generation: 3
-      consumer_generation: null
+      consumer_generation: 1
       project_id: 00000000-0000-0000-0000-000000000000
       user_id: 00000000-0000-0000-0000-000000000000
   status: 204
@@ -426,21 +422,12 @@ tests:
 - name: get allocations on existing consumer with dashed UUID
   GET: /allocations/75d0f5f7-75d9-458c-b204-f90ac91604ec
   response_json_paths:
-      # TODO(efried): Due to bug 1758057, these are the allocations from
-      # "put allocations on both those providers two". They *should* be from
-      # "put allocations on existing consumer with dashless UUID" instead.
-      #      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].generation: 0
-      #      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].resources.DISK_GB: 1
-      #      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].resources.VCPU: 1
-      #      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].generation: 0
-      #      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].resources.DISK_GB: 1
-      #      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].resources.VCPU: 1
       $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].generation: 4
-      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].resources.DISK_GB: 5
-      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].resources.VCPU: 4
+      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].resources.DISK_GB: 1
+      $.allocations.['fcfa516a-abbe-45d1-8152-d5225d82e596'].resources.VCPU: 1
       $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].generation: 4
-      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].resources.DISK_GB: 2
-      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].resources.VCPU: 8
+      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].resources.DISK_GB: 1
+      $.allocations.['9229b2fc-d556-4e38-9c18-443e4bc6ceae'].resources.VCPU: 1
 
 - name: put an allocation for a not existing resource provider
   PUT: /allocations/75d0f5f7-75d9-458c-b204-f90ac91604ec
@@ -492,3 +479,18 @@ tests:
   response_forbidden_headers:
       - cache-control
       - last-modified
+
+- name: creating allocation with a non UUID consumer fails
+  PUT: /allocations/not-a-uuid
+  request_headers:
+      content-type: application/json
+  data:
+      allocations:
+          - resource_provider:
+                uuid: fcfa516a-abbe-45d1-8152-d5225d82e596
+            resources:
+                DISK_GB: 1
+                VCPU: 1
+  status: 400
+  response_strings:
+      - Malformed consumer_uuid