Add secgroup param checks for Neutron

If using nova-network, "create a security group" API call fails unless specifying name or description. On the other hand, if calling Neutron API directly without Nova proxy, we can create a security group without name or description. This patch enforces to specify both name and description even if using Neutron for consistent validation behavior between nova-network and Neutron. Change-Id: I45c92d77c083838fbb7c5146e43c3b661e14c42d Closes-Bug: #1460875
2015-07-30 00:35:53 +00:00 · 2015-07-30 00:35:53 +00:00 · 91e46f7c85
parent e041f3ee62
commit 91e46f7c85
2 changed files with 28 additions and 0 deletions
--- a/nova/network/security_group/neutron_driver.py
+++ b/nova/network/security_group/neutron_driver.py
@ -87,6 +87,21 @@ class SecurityGroupAPI(security_group_base.SecurityGroupBase):
            six.reraise(*exc_info)
        return self._convert_to_nova_security_group_format(security_group)

+    def validate_property(self, value, property, allowed):
+        """Validate given security group property.
+
+        :param value:    the value to validate, as a string or unicode
+        :param property: the property, either 'name' or 'description'
+        :param allowed:  the range of characters allowed, but not used because
+                         Neutron is allowing any characters.
+        """
+
+        # NOTE: If using nova-network as the backend, min_length is 1. However
+        # if using Neutron, Nova has allowed empty string as its history.
+        # So this min_length should be 0 for passing the existing requests.
+        utils.check_string_length(value, name=property, min_length=0,
+                                  max_length=255)
+
    def _convert_to_nova_security_group_format(self, security_group):
        nova_group = {}
        nova_group['id'] = security_group['id']
--- a/nova/tests/unit/network/security_group/test_neutron_driver.py
+++ b/nova/tests/unit/network/security_group/test_neutron_driver.py
@ -399,3 +399,16 @@ class TestNeutronDriver(test.NoDBTestCase):
        sg_api = neutron_driver.SecurityGroupAPI()
        result = sg_api.get_instance_security_groups(self.context, '1')
        self.assertEqual([], result)
+
+
+class TestNeutronDriverWithoutMock(test.NoDBTestCase):
+
+    def test_validate_property(self):
+        sg_api = neutron_driver.SecurityGroupAPI()
+
+        sg_api.validate_property('foo', 'name', None)
+        sg_api.validate_property('', 'name', None)
+        self.assertRaises(exception.Invalid, sg_api.validate_property,
+                          'a' * 256, 'name', None)
+        self.assertRaises(exception.Invalid, sg_api.validate_property,
+                          None, 'name', None)