Validate audit template UUID on audit create
The audit template UUID should be validated during the creation of an audit. An HTTP 400 error is returned to the client if an invalid audit template UUID is passed as part of the body when creating an audit. APIImpact Closes-Bug: #1510188 Change-Id: I0543d22751b77f6641ddef6a7f0f4acce61180fd
This commit is contained in:
parent
037f43cd04
commit
e34ee792a8
|
@ -57,6 +57,7 @@ import wsme
|
|||
from wsme import types as wtypes
|
||||
import wsmeext.pecan as wsme_pecan
|
||||
|
||||
from watcher._i18n import _
|
||||
from watcher.api.controllers import base
|
||||
from watcher.api.controllers import link
|
||||
from watcher.api.controllers.v1 import collection
|
||||
|
@ -355,6 +356,11 @@ class AuditsController(rest.RestController):
|
|||
if self.from_audits:
|
||||
raise exception.OperationNotPermitted
|
||||
|
||||
if not audit._audit_template_uuid:
|
||||
raise exception.Invalid(
|
||||
message=_('The audit template UUID or name specified is '
|
||||
'invalid'))
|
||||
|
||||
audit_dict = audit.as_dict()
|
||||
context = pecan.request.context
|
||||
new_audit = objects.Audit(context, **audit_dict)
|
||||
|
|
|
@ -451,6 +451,24 @@ class TestPost(api_base.FunctionalTest):
|
|||
response.json['created_at']).replace(tzinfo=None)
|
||||
self.assertEqual(test_time, return_created_at)
|
||||
|
||||
@mock.patch('oslo_utils.timeutils.utcnow')
|
||||
def test_create_audit_invalid_audit_template_uuid(self, mock_utcnow):
|
||||
test_time = datetime.datetime(2000, 1, 1, 0, 0)
|
||||
mock_utcnow.return_value = test_time
|
||||
|
||||
audit_dict = post_get_test_audit()
|
||||
# Make the audit template UUID some garbage value
|
||||
audit_dict['audit_template_uuid'] = (
|
||||
'01234567-8910-1112-1314-151617181920')
|
||||
|
||||
response = self.post_json('/audits', audit_dict, expect_errors=True)
|
||||
self.assertEqual(400, response.status_int)
|
||||
self.assertEqual("application/json", response.content_type)
|
||||
expected_error_msg = ('The audit template UUID or name specified is '
|
||||
'invalid')
|
||||
self.assertTrue(response.json['error_message'])
|
||||
self.assertTrue(expected_error_msg in response.json['error_message'])
|
||||
|
||||
@mock.patch.object(deapi.DecisionEngineAPI, 'trigger_audit')
|
||||
def test_create_audit_doesnt_contain_id(self, mock_trigger_audit):
|
||||
mock_trigger_audit.return_value = mock.ANY
|
||||
|
|
Loading…
Reference in New Issue