Validate protocol when creating VIP.
Fixes: bug #1123114 When creating a VIP, check that the protocol matches the protocol for the associated pool. If not, raise an exception. Change-Id: Iba318eda935ccc89dbe8244e00f36ebdfcce65e0
This commit is contained in:
parent
6e38c964df
commit
9a15b11794
|
@ -357,11 +357,16 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase):
|
||||||
tenant_id = self._get_tenant_id_for_create(context, v)
|
tenant_id = self._get_tenant_id_for_create(context, v)
|
||||||
|
|
||||||
with context.session.begin(subtransactions=True):
|
with context.session.begin(subtransactions=True):
|
||||||
# validate that the pool has same tenant
|
|
||||||
if v['pool_id']:
|
if v['pool_id']:
|
||||||
pool = self._get_resource(context, Pool, v['pool_id'])
|
pool = self._get_resource(context, Pool, v['pool_id'])
|
||||||
|
# validate that the pool has same tenant
|
||||||
if pool['tenant_id'] != tenant_id:
|
if pool['tenant_id'] != tenant_id:
|
||||||
raise q_exc.NotAuthorized()
|
raise q_exc.NotAuthorized()
|
||||||
|
# validate that the pool has same protocol
|
||||||
|
if pool['protocol'] != v['protocol']:
|
||||||
|
raise loadbalancer.ProtocolMismatch(
|
||||||
|
vip_proto=v['protocol'],
|
||||||
|
pool_proto=pool['protocol'])
|
||||||
else:
|
else:
|
||||||
pool = None
|
pool = None
|
||||||
|
|
||||||
|
@ -426,6 +431,11 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase):
|
||||||
# check that the pool matches the tenant_id
|
# check that the pool matches the tenant_id
|
||||||
if new_pool['tenant_id'] != vip_db['tenant_id']:
|
if new_pool['tenant_id'] != vip_db['tenant_id']:
|
||||||
raise q_exc.NotAuthorized()
|
raise q_exc.NotAuthorized()
|
||||||
|
# validate that the pool has same protocol
|
||||||
|
if new_pool['protocol'] != vip_db['protocol']:
|
||||||
|
raise loadbalancer.ProtocolMismatch(
|
||||||
|
vip_proto=vip_db['protocol'],
|
||||||
|
pool_proto=new_pool['protocol'])
|
||||||
|
|
||||||
if vip_db['pool_id']:
|
if vip_db['pool_id']:
|
||||||
old_pool = self._get_resource(
|
old_pool = self._get_resource(
|
||||||
|
|
|
@ -57,6 +57,11 @@ class PoolStatsNotFound(qexception.NotFound):
|
||||||
message = _("Statistics of Pool %(pool_id)s could not be found")
|
message = _("Statistics of Pool %(pool_id)s could not be found")
|
||||||
|
|
||||||
|
|
||||||
|
class ProtocolMismatch(qexception.BadRequest):
|
||||||
|
message = _("Protocol %(vip_proto)s does not match "
|
||||||
|
"pool protocol %(pool_proto)s")
|
||||||
|
|
||||||
|
|
||||||
RESOURCE_ATTRIBUTE_MAP = {
|
RESOURCE_ATTRIBUTE_MAP = {
|
||||||
'vips': {
|
'vips': {
|
||||||
'id': {'allow_post': False, 'allow_put': False,
|
'id': {'allow_post': False, 'allow_put': False,
|
||||||
|
|
|
@ -342,6 +342,19 @@ class TestLoadBalancer(LoadBalancerPluginDbTestCase):
|
||||||
with testtools.ExpectedException(webob.exc.HTTPClientError):
|
with testtools.ExpectedException(webob.exc.HTTPClientError):
|
||||||
self.test_create_vip(session_persistence=sp)
|
self.test_create_vip(session_persistence=sp)
|
||||||
|
|
||||||
|
def test_create_vip_with_protocol_mismatch(self):
|
||||||
|
with self.pool(protocol='TCP') as pool:
|
||||||
|
with testtools.ExpectedException(webob.exc.HTTPClientError):
|
||||||
|
self.test_create_vip(pool=pool, protocol='HTTP')
|
||||||
|
|
||||||
|
def test_update_vip_with_protocol_mismatch(self):
|
||||||
|
with self.pool(protocol='TCP') as pool:
|
||||||
|
with self.vip(protocol='HTTP') as vip:
|
||||||
|
data = {'vip': {'pool_id': pool['pool']['id']}}
|
||||||
|
req = self.new_update_request('vips', data, vip['vip']['id'])
|
||||||
|
res = req.get_response(self.ext_api)
|
||||||
|
self.assertEqual(res.status_int, 400)
|
||||||
|
|
||||||
def test_reset_session_persistence(self):
|
def test_reset_session_persistence(self):
|
||||||
name = 'vip4'
|
name = 'vip4'
|
||||||
session_persistence = {'type': "HTTP_COOKIE"}
|
session_persistence = {'type': "HTTP_COOKIE"}
|
||||||
|
|
Loading…
Reference in New Issue