From 60a2bf977733f2570a22b58cf650e97dabddc7fd Mon Sep 17 00:00:00 2001
From: Rohan Kanade <rohan.kanade@nttdata.com>
Date: Fri, 23 Aug 2013 03:15:12 -0700
Subject: [PATCH] Fix quota update validation for non-int types

Fixes lp bug #1215301

Change-Id: I4bf813579c128844884138ba49f074f81f96790a
---
 cinder/api/contrib/quotas.py            | 6 +++++-
 cinder/tests/api/contrib/test_quotas.py | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/cinder/api/contrib/quotas.py b/cinder/api/contrib/quotas.py
index 81d51ce55..892861763 100644
--- a/cinder/api/contrib/quotas.py
+++ b/cinder/api/contrib/quotas.py
@@ -58,6 +58,10 @@ class QuotaSetsController(object):
         return dict(quota_set=result)
 
     def _validate_quota_limit(self, limit):
+        if not isinstance(limit, int):
+            msg = _("Quota limit must be specified as an integer value.")
+            raise webob.exc.HTTPBadRequest(explanation=msg)
+
         # NOTE: -1 is a flag value for unlimited
         if limit < -1:
             msg = _("Quota limit must be -1 or greater.")
@@ -89,8 +93,8 @@ class QuotaSetsController(object):
         project_id = id
         for key in body['quota_set'].keys():
             if key in QUOTAS:
+                self._validate_quota_limit(body['quota_set'][key])
                 value = int(body['quota_set'][key])
-                self._validate_quota_limit(value)
                 try:
                     db.quota_update(context, project_id, key, value)
                 except exception.ProjectQuotaNotFound:
diff --git a/cinder/tests/api/contrib/test_quotas.py b/cinder/tests/api/contrib/test_quotas.py
index 7bef4f241..549ec1223 100644
--- a/cinder/tests/api/contrib/test_quotas.py
+++ b/cinder/tests/api/contrib/test_quotas.py
@@ -86,6 +86,11 @@ class QuotaSetsControllerTest(test.TestCase):
         result = self.controller.update(self.req, 'foo', body)
         self.assertDictMatch(result, make_body(tenant_id=None))
 
+    def test_update_invalid_key_value(self):
+        body = {'quota_set': {'gigabytes': "should_be_int"}}
+        self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update,
+                          self.req, 'foo', body)
+
     def test_update_bad_quota_limit(self):
         body = {'quota_set': {'gigabytes': -1000}}
         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update,
-- 
2.45.2