x
/
group-based-policy
Code Issues Proposed changes

[AIM] Sanitize the AIM tenant description field 

APIC doesn't accept some special characters like "
or ' in the description field, so we have to sanitize
it before pushing it to AIM. We have done the similar
thing for display_name before. Also don't need to
overwrite the AIM tenant while creating it.

Change-Id: I189564336398c2a90687309444c7916df94f6eb4
This commit is contained in:
Kent Wu 2020-05-15 15:38:09 -07:00
parent 7070b8af01
commit 9e2f6f938d
2 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py
View File

@ -186,8 +186,9 @@ class KeystoneNotificationEndpoint(object):
return None
disp_name = aim_utils.sanitize_display_name(prj_details[0])
self._driver.aim.update(aim_ctx, tenant, display_name
= disp_name, descr=prj_details[1])
descr = aim_utils.sanitize_description(prj_details[1])
self._driver.aim.update(
aim_ctx, tenant, display_name=disp_name, descr=descr)
return oslo_messaging.NotificationResult.HANDLED
if event_type == 'identity.project.deleted':
@ -560,15 +561,13 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
tenant_aname = self.name_mapper.project(session, project_id)
project_details = (self.project_details_cache.
get_project_details(project_id))
disp_name = aim_utils.sanitize_display_name(project_details[0])
descr = aim_utils.sanitize_description(project_details[1])
aim_ctx = aim_context.AimContext(session)
tenant = aim_resource.Tenant(
name=tenant_aname, descr=project_details[1], display_name=
aim_utils.sanitize_display_name(project_details[0]))
# NOTE(ivar): by overwriting the existing tenant, we make sure
# existing deployments will update their description value. This
# however negates any change to the Tenant object done by direct
# use of aimctl.
self.aim.create(aim_ctx, tenant, overwrite=True)
name=tenant_aname, descr=descr, display_name=disp_name)
if not self.aim.get(aim_ctx, tenant):
self.aim.create(aim_ctx, tenant)
# REVISIT: Setting of display_name was added here to match
# aim_lib behavior when it creates APs, but the
# display_name aim_lib uses might vary.
@ -5960,7 +5959,7 @@ class ApicMechanismDriver(api_plus.MechanismDriver,
project_id)
tenant.display_name = aim_utils.sanitize_display_name(
project_details[0])
tenant.descr = project_details[1]
tenant.descr = aim_utils.sanitize_description(project_details[1])
tenant.monitored = False
mgr.expect_aim_resource(tenant)

10
gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py
View File

@ -159,7 +159,7 @@ TEST_TENANT_NAMES = {
# REVISIT(rkukura): Use mock for this instead?
class FakeProject(object):
def __init__(self, id, name, description=''):
def __init__(self, id, name, description='bad\"\'descr'):
self.id = id
self.name = name
self.description = description
@ -1426,6 +1426,10 @@ class TestAimMapping(ApicAimTestCase):
sg_id = sg['id']
self._check_sg(sg)
tenant_aname = self.name_mapper.project(None, sg['tenant_id'])
aim_tenant = self._get_tenant(tenant_aname)
self.assertEqual(aim_tenant.descr, "bad__descr")
# Test show.
sg = self._show('security-groups', sg_id)['security_group']
self._check_sg(sg)
@ -2123,10 +2127,10 @@ class TestAimMapping(ApicAimTestCase):
# Test project.updated event. Update both name and description.
FakeProjectManager.set('test-tenant-update',
'new-tenant', 'new-descr')
'new-tenant', 'bad\"\'descr')
keystone_ep.info(None, None, 'identity.project.updated', payload, None)
assert(self.driver.aim.update.call_args_list[0] == mock.call(
mock.ANY, tenant, display_name='new-tenant', descr = 'new-descr'))
mock.ANY, tenant, display_name='new-tenant', descr = 'bad__descr'))
# Test project.updated event. Update only the project name.
FakeProjectManager.set('test-tenant-update', 'name123', 'new-descr')