Ensure that request body in v2 contains valid fields
Currently 'id' and other fields like 'created_at' and 'updated_at' can be set in the request body. Some of these fields are ignored and some like 'id' can actual set the id. With this change - remove 'id' from the list of valid keys and ensure that only valid keys are present in the request body. Closes-Bug: #1291518 Change-Id: I99f3f106c0004fa5521869e46da85f1053241eb5
This commit is contained in:
parent
5e7da3e282
commit
a19e434cba
|
@ -15,6 +15,7 @@
|
|||
# under the License.
|
||||
import urllib
|
||||
from oslo.config import cfg
|
||||
from designate import exceptions
|
||||
from designate.openstack.common import log as logging
|
||||
|
||||
|
||||
|
@ -84,6 +85,29 @@ class BaseView(object):
|
|||
""" Detailed view of a item """
|
||||
return self.show_basic(context, request, item)
|
||||
|
||||
def _load(self, context, request, body, valid_keys):
|
||||
""" Extract a "central" compatible dict from an API call """
|
||||
result = {}
|
||||
item = body[self._resource_name]
|
||||
error_keys = []
|
||||
|
||||
# Copy keys which need no alterations
|
||||
for k in item:
|
||||
if k in valid_keys:
|
||||
result[k] = item[k]
|
||||
else:
|
||||
error_keys.append(k)
|
||||
|
||||
if error_keys:
|
||||
error_message = str.format(
|
||||
'Provided object does not match schema. Keys {0} are not '
|
||||
'valid in the request body',
|
||||
error_keys)
|
||||
|
||||
raise exceptions.InvalidObject(error_message)
|
||||
|
||||
return result
|
||||
|
||||
def _get_resource_links(self, request, item, parents=None):
|
||||
return {
|
||||
"self": self._get_resource_href(request, item, parents),
|
||||
|
|
|
@ -40,12 +40,5 @@ class BlacklistsView(base_view.BaseView):
|
|||
|
||||
def load(self, context, request, body):
|
||||
""" Extract a "central" compatible dict from an API call """
|
||||
result = {}
|
||||
item = body[self._resource_name]
|
||||
|
||||
# Copy keys which need no alterations
|
||||
for k in ('id', 'pattern', 'description',):
|
||||
if k in item:
|
||||
result[k] = item[k]
|
||||
|
||||
return result
|
||||
valid_keys = ('pattern', 'description')
|
||||
return self._load(context, request, body, valid_keys)
|
||||
|
|
|
@ -52,12 +52,5 @@ class RecordsView(base_view.BaseView):
|
|||
|
||||
def load(self, context, request, body):
|
||||
""" Extract a "central" compatible dict from an API call """
|
||||
result = {}
|
||||
item = body[self._resource_name]
|
||||
|
||||
# Copy keys which need no alterations
|
||||
for k in ('id', 'data', 'description',):
|
||||
if k in item:
|
||||
result[k] = item[k]
|
||||
|
||||
return result
|
||||
valid_keys = ('data', 'description')
|
||||
return self._load(context, request, body, valid_keys)
|
||||
|
|
|
@ -51,12 +51,5 @@ class RecordSetsView(base_view.BaseView):
|
|||
|
||||
def load(self, context, request, body):
|
||||
""" Extract a "central" compatible dict from an API call """
|
||||
result = {}
|
||||
item = body[self._resource_name]
|
||||
|
||||
# Copy keys which need no alterations
|
||||
for k in ('id', 'name', 'type', 'ttl', 'description',):
|
||||
if k in item:
|
||||
result[k] = item[k]
|
||||
|
||||
return result
|
||||
valid_keys = ('name', 'type', 'ttl', 'description')
|
||||
return self._load(context, request, body, valid_keys)
|
||||
|
|
|
@ -38,12 +38,5 @@ class TldsView(base_view.BaseView):
|
|||
|
||||
def load(self, context, request, body):
|
||||
""" Extract a "central" compatible dict from an API call """
|
||||
result = {}
|
||||
item = body[self._resource_name]
|
||||
|
||||
# Copy keys which need no alterations
|
||||
for k in ('id', 'name', 'description'):
|
||||
if k in item:
|
||||
result[k] = item[k]
|
||||
|
||||
return result
|
||||
valid_keys = ('name', 'description')
|
||||
return self._load(context, request, body, valid_keys)
|
||||
|
|
|
@ -47,12 +47,5 @@ class ZonesView(base_view.BaseView):
|
|||
|
||||
def load(self, context, request, body):
|
||||
""" Extract a "central" compatible dict from an API call """
|
||||
result = {}
|
||||
item = body[self._resource_name]
|
||||
|
||||
# Copy keys which need no alterations
|
||||
for k in ('id', 'name', 'email', 'description', 'ttl'):
|
||||
if k in item:
|
||||
result[k] = item[k]
|
||||
|
||||
return result
|
||||
valid_keys = ('name', 'email', 'description', 'ttl')
|
||||
return self._load(context, request, body, valid_keys)
|
||||
|
|
|
@ -76,6 +76,23 @@ class ApiV2ZonesTest(ApiV2TestCase):
|
|||
self._assert_exception('invalid_object', 400, self.client.post_json,
|
||||
'/zones', body)
|
||||
|
||||
def test_create_zone_body_validation(self):
|
||||
fixture = self.get_domain_fixture(0)
|
||||
# Add id to the body
|
||||
fixture['id'] = '2fdadfb1-cf96-4259-ac6b-bb7b6d2ff980'
|
||||
# Ensure it fails with a 400
|
||||
body = {'zone': fixture}
|
||||
self._assert_exception('invalid_object', 400, self.client.post_json,
|
||||
'/zones', body)
|
||||
|
||||
fixture = self.get_domain_fixture(0)
|
||||
# Add created_at to the body
|
||||
fixture['created_at'] = '2014-03-12T19:07:53.000000'
|
||||
# Ensure it fails with a 400
|
||||
body = {'zone': fixture}
|
||||
self._assert_exception('invalid_object', 400, self.client.post_json,
|
||||
'/zones', body)
|
||||
|
||||
def test_create_zone_invalid_name(self):
|
||||
# Try to create a zone with an invalid name
|
||||
fixture = self.get_domain_fixture(-1)
|
||||
|
|
Loading…
Reference in New Issue