Validate audit template UUID on audit create

The audit template UUID should be validated during the creation of an
audit.  An HTTP 400 error is returned to the client if an invalid audit
template UUID is passed as part of the body when creating an audit.

APIImpact
Closes-Bug: #1510188

Change-Id: I0543d22751b77f6641ddef6a7f0f4acce61180fd
This commit is contained in:
Taylor Peoples 2016-01-21 08:40:13 +01:00
parent 037f43cd04
commit e34ee792a8
2 changed files with 24 additions and 0 deletions

View File

@ -57,6 +57,7 @@ import wsme
from wsme import types as wtypes
import wsmeext.pecan as wsme_pecan
from watcher._i18n import _
from watcher.api.controllers import base
from watcher.api.controllers import link
from watcher.api.controllers.v1 import collection
@ -355,6 +356,11 @@ class AuditsController(rest.RestController):
if self.from_audits:
raise exception.OperationNotPermitted
if not audit._audit_template_uuid:
raise exception.Invalid(
message=_('The audit template UUID or name specified is '
'invalid'))
audit_dict = audit.as_dict()
context = pecan.request.context
new_audit = objects.Audit(context, **audit_dict)

View File

@ -451,6 +451,24 @@ class TestPost(api_base.FunctionalTest):
response.json['created_at']).replace(tzinfo=None)
self.assertEqual(test_time, return_created_at)
@mock.patch('oslo_utils.timeutils.utcnow')
def test_create_audit_invalid_audit_template_uuid(self, mock_utcnow):
test_time = datetime.datetime(2000, 1, 1, 0, 0)
mock_utcnow.return_value = test_time
audit_dict = post_get_test_audit()
# Make the audit template UUID some garbage value
audit_dict['audit_template_uuid'] = (
'01234567-8910-1112-1314-151617181920')
response = self.post_json('/audits', audit_dict, expect_errors=True)
self.assertEqual(400, response.status_int)
self.assertEqual("application/json", response.content_type)
expected_error_msg = ('The audit template UUID or name specified is '
'invalid')
self.assertTrue(response.json['error_message'])
self.assertTrue(expected_error_msg in response.json['error_message'])
@mock.patch.object(deapi.DecisionEngineAPI, 'trigger_audit')
def test_create_audit_doesnt_contain_id(self, mock_trigger_audit):
mock_trigger_audit.return_value = mock.ANY