Merge "TrivialFix: Add validation for tenant_id"
This commit is contained in:
commit
40a529dfcd
|
@ -19,7 +19,6 @@ from neutron.api.v2 import resource_helper
|
|||
from neutron.services import service_base
|
||||
from neutron_lib.api import converters
|
||||
from neutron_lib import exceptions as nexception
|
||||
from oslo_log import log as logging
|
||||
import six
|
||||
|
||||
from neutron_fwaas._i18n import _
|
||||
|
@ -28,8 +27,6 @@ from neutron_fwaas._i18n import _
|
|||
# TODO(shpadubi): pull the validators out of fwaas v1 into a separate file
|
||||
from neutron_fwaas.extensions import firewall as fwaas_v1
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
FIREWALL_PREFIX = '/fwaas'
|
||||
|
||||
FIREWALL_CONST = 'FIREWALL_V2'
|
||||
|
@ -59,31 +56,35 @@ class FirewallPolicyInUse(nexception.InUse):
|
|||
|
||||
class FirewallPolicyConflict(nexception.Conflict):
|
||||
"""FWaaS exception for firewall policy
|
||||
|
||||
Occurs when admin policy tries to use another tenant's policy that
|
||||
is not public.
|
||||
"""
|
||||
|
||||
message = _("Operation cannot be performed since Firewall Policy "
|
||||
"%(firewall_policy_id)s is not public and does not belong to "
|
||||
"your tenant.")
|
||||
|
||||
|
||||
class FirewallRuleSharingConflict(nexception.Conflict):
|
||||
|
||||
"""FWaaS exception for firewall rules
|
||||
|
||||
This exception will be raised when a public policy is created or
|
||||
updated with rules that are not public.
|
||||
"""
|
||||
|
||||
message = _("Operation cannot be performed since Firewall Policy "
|
||||
"%(firewall_policy_id)s is public but Firewall Rule "
|
||||
"%(firewall_rule_id)s is not public")
|
||||
|
||||
|
||||
class FirewallPolicySharingConflict(nexception.Conflict):
|
||||
|
||||
"""FWaaS exception for firewall policy
|
||||
|
||||
When a policy is public without sharing its associated rules,
|
||||
this exception will be raised.
|
||||
"""
|
||||
|
||||
message = _("Operation cannot be performed. Before sharing Firewall "
|
||||
"Policy %(firewall_policy_id)s, share associated Firewall "
|
||||
"Rule %(firewall_rule_id)s")
|
||||
|
@ -137,15 +138,17 @@ class FirewallIpAddressConflict(nexception.InvalidInput):
|
|||
|
||||
class FirewallInternalDriverError(nexception.NeutronException):
|
||||
"""Fwaas exception for all driver errors.
|
||||
|
||||
On any failure or exception in the driver, driver should log it and
|
||||
raise this exception to the agent
|
||||
"""
|
||||
|
||||
message = _("%(driver)s: Internal driver error.")
|
||||
|
||||
|
||||
class FirewallRuleConflict(nexception.Conflict):
|
||||
|
||||
"""Firewall rule conflict exception.
|
||||
|
||||
Occurs when admin policy tries to use another tenant's rule that is
|
||||
not public
|
||||
"""
|
||||
|
@ -162,6 +165,7 @@ RESOURCE_ATTRIBUTE_MAP = {
|
|||
'is_visible': True, 'primary_key': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
'validate': {'type:string': attr.TENANT_ID_MAX_LEN},
|
||||
'is_visible': True},
|
||||
'name': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string': attr.NAME_MAX_LEN},
|
||||
|
@ -239,6 +243,7 @@ RESOURCE_ATTRIBUTE_MAP = {
|
|||
'default': None, 'is_visible': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
'validate': {'type:string': attr.TENANT_ID_MAX_LEN},
|
||||
'is_visible': True},
|
||||
'ingress_firewall_policy_id': {'allow_post': True,
|
||||
'allow_put': True,
|
||||
|
@ -258,6 +263,7 @@ RESOURCE_ATTRIBUTE_MAP = {
|
|||
'primary_key': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
'validate': {'type:string': attr.TENANT_ID_MAX_LEN},
|
||||
'is_visible': True},
|
||||
'name': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string': attr.NAME_MAX_LEN},
|
||||
|
|
|
@ -29,6 +29,7 @@ _uuid = uuidutils.generate_uuid
|
|||
_get_path = test_api_v2._get_path
|
||||
_long_name = 'x' * (attr.NAME_MAX_LEN + 1)
|
||||
_long_description = 'y' * (attr.DESCRIPTION_MAX_LEN + 1)
|
||||
_long_tenant = 'z' * (attr.TENANT_ID_MAX_LEN + 1)
|
||||
|
||||
FIREWALL_CONST = 'FIREWALL_V2'
|
||||
|
||||
|
@ -124,6 +125,25 @@ class FirewallExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
|
|||
self.assertIn('Invalid input for description',
|
||||
res.body.decode('utf-8'))
|
||||
|
||||
def test_create_firewall_rule_invalid_long_tenant_id(self):
|
||||
data = {'firewall_rule': {'description': 'desc',
|
||||
'name': 'rule1',
|
||||
'public': False,
|
||||
'protocol': 'tcp',
|
||||
'ip_version': 4,
|
||||
'source_ip_address': '192.168.0.1',
|
||||
'destination_ip_address': '127.0.0.1',
|
||||
'source_port': 1,
|
||||
'destination_port': 1,
|
||||
'action': 'allow',
|
||||
'enabled': True,
|
||||
'tenant_id': _long_tenant}}
|
||||
res = self.api.post(_get_path('fwaas/firewall_rules', fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/%s' % self.fmt,
|
||||
status=exc.HTTPBadRequest.code)
|
||||
self.assertIn('Invalid input for tenant_id', res.body.decode('utf-8'))
|
||||
|
||||
def test_firewall_rule_list(self):
|
||||
rule_id = _uuid()
|
||||
return_value = [{'tenant_id': _uuid(),
|
||||
|
@ -237,6 +257,20 @@ class FirewallExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
|
|||
self.assertIn('Invalid input for description',
|
||||
res.body.decode('utf-8'))
|
||||
|
||||
def test_create_firewall_policy_invalid_long_tenant_id(self):
|
||||
data = {'firewall_policy': {'description': 'desc',
|
||||
'name': 'new_fw_policy1',
|
||||
'public': False,
|
||||
'firewall_rules': [_uuid(), _uuid()],
|
||||
'audited': False,
|
||||
'tenant_id': _long_tenant}}
|
||||
res = self.api.post(_get_path('fwaas/firewall_policies',
|
||||
fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/%s' % self.fmt,
|
||||
status=exc.HTTPBadRequest.code)
|
||||
self.assertIn('Invalid input for tenant_id', res.body.decode('utf-8'))
|
||||
|
||||
def test_firewall_policy_list(self):
|
||||
policy_id = _uuid()
|
||||
return_value = [{'tenant_id': _uuid(),
|
||||
|
@ -358,3 +392,26 @@ class FirewallExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
|
|||
self.assertEqual(exc.HTTPOk.code, res.status_int)
|
||||
res = self.deserialize(res)
|
||||
self.assertEqual(return_value, res)
|
||||
|
||||
def test_create_firewall_group_invalid_long_attributes(self):
|
||||
long_targets = [{'name': _long_name},
|
||||
{'description': _long_description},
|
||||
{'tenant_id': _long_tenant}]
|
||||
|
||||
for target in long_targets:
|
||||
data = {'firewall_group': {'description': 'fake_description',
|
||||
'name': 'fake_name',
|
||||
'tenant_id': 'fake-tenant_id',
|
||||
'public': False,
|
||||
'ingress_firewall_policy_id': None,
|
||||
'egress_firewall_policy_id': None,
|
||||
'admin_state_up': True,
|
||||
'ports': []}}
|
||||
data['firewall_group'].update(target)
|
||||
res = self.api.post(_get_path('fwaas/firewall_groups',
|
||||
fmt=self.fmt),
|
||||
self.serialize(data),
|
||||
content_type='application/%s' % self.fmt,
|
||||
status=exc.HTTPBadRequest.code)
|
||||
self.assertIn('Invalid input for %s' % list(target)[0],
|
||||
res.body.decode('utf-8'))
|
||||
|
|
Loading…
Reference in New Issue