Validate protocol when creating VIP.

Fixes: bug #1123114 When creating a VIP, check that the protocol matches the protocol for the associated pool. If not, raise an exception. Change-Id: Iba318eda935ccc89dbe8244e00f36ebdfcce65e0
2013-03-12 13:01:23 -05:00 · 2013-03-12 13:01:23 -05:00 · 9a15b11794
parent 6e38c964df
commit 9a15b11794
3 changed files with 29 additions and 1 deletions
--- a/quantum/db/loadbalancer/loadbalancer_db.py
+++ b/quantum/db/loadbalancer/loadbalancer_db.py
@ -357,11 +357,16 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase):
        tenant_id = self._get_tenant_id_for_create(context, v)

        with context.session.begin(subtransactions=True):
-            # validate that the pool has same tenant
            if v['pool_id']:
                pool = self._get_resource(context, Pool, v['pool_id'])
+                # validate that the pool has same tenant
                if pool['tenant_id'] != tenant_id:
                    raise q_exc.NotAuthorized()
+                # validate that the pool has same protocol
+                if pool['protocol'] != v['protocol']:
+                    raise loadbalancer.ProtocolMismatch(
+                        vip_proto=v['protocol'],
+                        pool_proto=pool['protocol'])
            else:
                pool = None

@ -426,6 +431,11 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase):
                    # check that the pool matches the tenant_id
                    if new_pool['tenant_id'] != vip_db['tenant_id']:
                        raise q_exc.NotAuthorized()
+                    # validate that the pool has same protocol
+                    if new_pool['protocol'] != vip_db['protocol']:
+                        raise loadbalancer.ProtocolMismatch(
+                            vip_proto=vip_db['protocol'],
+                            pool_proto=new_pool['protocol'])

                    if vip_db['pool_id']:
                        old_pool = self._get_resource(
--- a/quantum/extensions/loadbalancer.py
+++ b/quantum/extensions/loadbalancer.py
@ -57,6 +57,11 @@ class PoolStatsNotFound(qexception.NotFound):
    message = _("Statistics of Pool %(pool_id)s could not be found")


+class ProtocolMismatch(qexception.BadRequest):
+    message = _("Protocol %(vip_proto)s does not match "
+                "pool protocol %(pool_proto)s")
+
+
 RESOURCE_ATTRIBUTE_MAP = {
    'vips': {
        'id': {'allow_post': False, 'allow_put': False,
--- a/quantum/tests/unit/db/loadbalancer/test_db_loadbalancer.py
+++ b/quantum/tests/unit/db/loadbalancer/test_db_loadbalancer.py
@ -342,6 +342,19 @@ class TestLoadBalancer(LoadBalancerPluginDbTestCase):
        with testtools.ExpectedException(webob.exc.HTTPClientError):
            self.test_create_vip(session_persistence=sp)

+    def test_create_vip_with_protocol_mismatch(self):
+        with self.pool(protocol='TCP') as pool:
+            with testtools.ExpectedException(webob.exc.HTTPClientError):
+                self.test_create_vip(pool=pool, protocol='HTTP')
+
+    def test_update_vip_with_protocol_mismatch(self):
+        with self.pool(protocol='TCP') as pool:
+            with self.vip(protocol='HTTP') as vip:
+                data = {'vip': {'pool_id': pool['pool']['id']}}
+                req = self.new_update_request('vips', data, vip['vip']['id'])
+                res = req.get_response(self.ext_api)
+                self.assertEqual(res.status_int, 400)
+
    def test_reset_session_persistence(self):
        name = 'vip4'
        session_persistence = {'type': "HTTP_COOKIE"}