From: Abhijeet Malawade Date: Wed, 6 Nov 2013 11:20:54 +0000 (-0800) Subject: Do not allow bad keys while updating quota X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=0d91b1a86a211610f78ac5c0df5a0b02b5a2f3a1;p=openstack-build%2Fcinder-build.git Do not allow bad keys while updating quota Raise 400 (bad request) error instead of 200 (ok) if bad keys are passed to the update quota request Closes-Bug: #1248815 Change-Id: Iaefaa4961dd3783dfab15f843cbb2dcb12195a7d --- diff --git a/cinder/api/contrib/quotas.py b/cinder/api/contrib/quotas.py index a21f99106..08b233152 100644 --- a/cinder/api/contrib/quotas.py +++ b/cinder/api/contrib/quotas.py @@ -23,11 +23,13 @@ from cinder.api import xmlutil from cinder import db from cinder.db.sqlalchemy import api as sqlalchemy_api from cinder import exception +from cinder.openstack.common.gettextutils import _ from cinder.openstack.common import strutils from cinder import quota QUOTAS = quota.QUOTAS +NON_QUOTA_KEYS = ['tenant_id', 'id'] authorize_update = extensions.extension_authorizer('volume', 'quotas:update') @@ -96,16 +98,29 @@ class QuotaSetsController(object): context = req.environ['cinder.context'] authorize_update(context) project_id = id + bad_keys = [] + + for key, value in body['quota_set'].items(): + if (key not in QUOTAS and key not in NON_QUOTA_KEYS): + bad_keys.append(key) + continue + + if len(bad_keys) > 0: + msg = _("Bad key(s) in quota set: %s") % ",".join(bad_keys) + raise webob.exc.HTTPBadRequest(explanation=msg) + for key in body['quota_set'].keys(): - if key in QUOTAS: - self._validate_quota_limit(body['quota_set'][key]) - value = int(body['quota_set'][key]) - try: - db.quota_update(context, project_id, key, value) - except exception.ProjectQuotaNotFound: - db.quota_create(context, project_id, key, value) - except exception.AdminRequired: - raise webob.exc.HTTPForbidden() + if key in NON_QUOTA_KEYS: + continue + + self._validate_quota_limit(body['quota_set'][key]) + value = int(body['quota_set'][key]) + try: + db.quota_update(context, project_id, key, value) + except exception.ProjectQuotaNotFound: + db.quota_create(context, project_id, key, value) + except exception.AdminRequired: + raise webob.exc.HTTPForbidden() return {'quota_set': self._get_quotas(context, id)} @wsgi.serializers(xml=QuotaTemplate) diff --git a/cinder/tests/api/contrib/test_quotas.py b/cinder/tests/api/contrib/test_quotas.py index c145870e1..4a70f68c0 100644 --- a/cinder/tests/api/contrib/test_quotas.py +++ b/cinder/tests/api/contrib/test_quotas.py @@ -83,8 +83,8 @@ class QuotaSetsControllerTest(test.TestCase): def test_update_wrong_key(self): body = {'quota_set': {'bad': 'bad'}} - result = self.controller.update(self.req, 'foo', body) - self.assertDictMatch(result, make_body(tenant_id=None)) + self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update, + self.req, 'foo', body) def test_update_invalid_key_value(self): body = {'quota_set': {'gigabytes': "should_be_int"}}