From e33c2caa45e2acfdaeaaa04edd482035c0905f65 Mon Sep 17 00:00:00 2001 From: Salvatore Orlando Date: Wed, 29 Aug 2012 11:16:42 -0700 Subject: [PATCH] Ensure proper validation for l3 API attributes Fixes bug1042042 This patch introduces validation for uuid and ip fields in l3 api data structures. Change-Id: Ibc4913e0bcf5b33cb5e4bd42c89b82ec374f5437 --- quantum/extensions/l3.py | 10 ++++++++++ quantum/tests/unit/test_l3_plugin.py | 21 ++++++++++++++++++++- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/quantum/extensions/l3.py b/quantum/extensions/l3.py index 88dce76e3..88246e6ab 100644 --- a/quantum/extensions/l3.py +++ b/quantum/extensions/l3.py @@ -53,6 +53,13 @@ class FloatingIPPortAlreadyAssociated(qexception.InUse): message = _("Port %(port_id) already has a floating IP associated with it") +def _validate_uuid_or_none(data, valid_values=None): + if data is None: + return None + return attr._validate_regex(data, attr.UUID_PATTERN) + +attr.validators['type:uuid_or_none'] = _validate_uuid_or_none + # Attribute Map RESOURCE_ATTRIBUTE_MAP = { 'routers': { @@ -80,12 +87,15 @@ RESOURCE_ATTRIBUTE_MAP = { 'floating_ip_address': {'allow_post': False, 'allow_put': False, 'is_visible': True}, 'floating_network_id': {'allow_post': True, 'allow_put': False, + 'validate': {'type:regex': attr.UUID_PATTERN}, 'is_visible': True}, 'router_id': {'allow_post': False, 'allow_put': False, 'is_visible': True, 'default': None}, 'port_id': {'allow_post': True, 'allow_put': True, + 'validate': {'type:uuid_or_none': None}, 'is_visible': True, 'default': None}, 'fixed_ip_address': {'allow_post': True, 'allow_put': True, + 'validate': {'type:ip_address_or_none': None}, 'is_visible': True, 'default': None}, 'tenant_id': {'allow_post': True, 'allow_put': False, 'required_by_policy': True, diff --git a/quantum/tests/unit/test_l3_plugin.py b/quantum/tests/unit/test_l3_plugin.py index 725c73346..c757efed1 100644 --- a/quantum/tests/unit/test_l3_plugin.py +++ b/quantum/tests/unit/test_l3_plugin.py @@ -31,6 +31,7 @@ from webob import exc from quantum.api.v2 import attributes from quantum.common import config from quantum.common.test_lib import test_config +from quantum.common import utils from quantum.db import db_base_plugin_v2 from quantum.db import l3_db from quantum.extensions import extensions @@ -471,7 +472,7 @@ class L3NatDBTestCase(test_db_plugin.QuantumDbPluginV2TestCase): if port_id: data['floatingip']['port_id'] = port_id if fixed_ip: - data['floatingip']['fixed_ip'] = fixed_ip + data['floatingip']['fixed_ip_address'] = fixed_ip floatingip_req = self.new_create_request('floatingips', data, fmt) return floatingip_req.get_response(self.ext_api) @@ -638,3 +639,21 @@ class L3NatDBTestCase(test_db_plugin.QuantumDbPluginV2TestCase): r['router']['id'], private_sub['subnet']['id'], None) + + def test_create_floatingip_invalid_floating_network_id_returns_422(self): + # API-level test - no need to create all objects for l3 plugin + res = self._create_floatingip('json', 'iamnotanuuid', + utils.str_uuid(), '192.168.0.1') + self.assertEqual(res.status_int, 422) + + def test_create_floatingip_invalid_floating_port_id_returns_422(self): + # API-level test - no need to create all objects for l3 plugin + res = self._create_floatingip('json', utils.str_uuid(), + 'iamnotanuuid', '192.168.0.1') + self.assertEqual(res.status_int, 422) + + def test_create_floatingip_invalid_fixed_ip_address_returns_422(self): + # API-level test - no need to create all objects for l3 plugin + res = self._create_floatingip('json', utils.str_uuid(), + utils.str_uuid(), 'iamnotnanip') + self.assertEqual(res.status_int, 422) -- 2.45.2