From: Ryan O'Hara Date: Tue, 12 Mar 2013 18:01:23 +0000 (-0500) Subject: Validate protocol when creating VIP. X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=9a15b11794dbf945f0e9b9705ae510d3b378287d;p=openstack-build%2Fneutron-build.git Validate protocol when creating VIP. Fixes: bug #1123114 When creating a VIP, check that the protocol matches the protocol for the associated pool. If not, raise an exception. Change-Id: Iba318eda935ccc89dbe8244e00f36ebdfcce65e0 --- diff --git a/quantum/db/loadbalancer/loadbalancer_db.py b/quantum/db/loadbalancer/loadbalancer_db.py index 1d60a72fe..a2557f308 100644 --- a/quantum/db/loadbalancer/loadbalancer_db.py +++ b/quantum/db/loadbalancer/loadbalancer_db.py @@ -357,11 +357,16 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase): tenant_id = self._get_tenant_id_for_create(context, v) with context.session.begin(subtransactions=True): - # validate that the pool has same tenant if v['pool_id']: pool = self._get_resource(context, Pool, v['pool_id']) + # validate that the pool has same tenant if pool['tenant_id'] != tenant_id: raise q_exc.NotAuthorized() + # validate that the pool has same protocol + if pool['protocol'] != v['protocol']: + raise loadbalancer.ProtocolMismatch( + vip_proto=v['protocol'], + pool_proto=pool['protocol']) else: pool = None @@ -426,6 +431,11 @@ class LoadBalancerPluginDb(LoadBalancerPluginBase): # check that the pool matches the tenant_id if new_pool['tenant_id'] != vip_db['tenant_id']: raise q_exc.NotAuthorized() + # validate that the pool has same protocol + if new_pool['protocol'] != vip_db['protocol']: + raise loadbalancer.ProtocolMismatch( + vip_proto=vip_db['protocol'], + pool_proto=new_pool['protocol']) if vip_db['pool_id']: old_pool = self._get_resource( diff --git a/quantum/extensions/loadbalancer.py b/quantum/extensions/loadbalancer.py index a93a5f839..f984441bf 100644 --- a/quantum/extensions/loadbalancer.py +++ b/quantum/extensions/loadbalancer.py @@ -57,6 +57,11 @@ class PoolStatsNotFound(qexception.NotFound): message = _("Statistics of Pool %(pool_id)s could not be found") +class ProtocolMismatch(qexception.BadRequest): + message = _("Protocol %(vip_proto)s does not match " + "pool protocol %(pool_proto)s") + + RESOURCE_ATTRIBUTE_MAP = { 'vips': { 'id': {'allow_post': False, 'allow_put': False, diff --git a/quantum/tests/unit/db/loadbalancer/test_db_loadbalancer.py b/quantum/tests/unit/db/loadbalancer/test_db_loadbalancer.py index 622212e10..5305d0541 100644 --- a/quantum/tests/unit/db/loadbalancer/test_db_loadbalancer.py +++ b/quantum/tests/unit/db/loadbalancer/test_db_loadbalancer.py @@ -342,6 +342,19 @@ class TestLoadBalancer(LoadBalancerPluginDbTestCase): with testtools.ExpectedException(webob.exc.HTTPClientError): self.test_create_vip(session_persistence=sp) + def test_create_vip_with_protocol_mismatch(self): + with self.pool(protocol='TCP') as pool: + with testtools.ExpectedException(webob.exc.HTTPClientError): + self.test_create_vip(pool=pool, protocol='HTTP') + + def test_update_vip_with_protocol_mismatch(self): + with self.pool(protocol='TCP') as pool: + with self.vip(protocol='HTTP') as vip: + data = {'vip': {'pool_id': pool['pool']['id']}} + req = self.new_update_request('vips', data, vip['vip']['id']) + res = req.get_response(self.ext_api) + self.assertEqual(res.status_int, 400) + def test_reset_session_persistence(self): name = 'vip4' session_persistence = {'type': "HTTP_COOKIE"}