Add validation to share network
Adds a check when associating a security service to a share network, so that both resources must have the same project_id. If not, a HTTP Bad Request is raised. Affiliated tests were altered or created. Closes-Bug: #1918323 Change-Id: Idb2a8838d492ac3c616fb21ab1272f7dc74ee589
This commit is contained in:
parent
7b929de8b5
commit
a97d65d3eb
@ -598,7 +598,7 @@ class ShareNetworkController(wsgi.Controller, wsgi.AdminActionsMixin):
|
||||
data = body['add_security_service_check']
|
||||
try:
|
||||
security_service = db_api.security_service_get(
|
||||
context, data['security_service_id'])
|
||||
context, data['security_service_id'], project_only=True)
|
||||
except KeyError:
|
||||
msg = "Malformed request body."
|
||||
raise exc.HTTPBadRequest(explanation=msg)
|
||||
|
@ -777,9 +777,9 @@ def security_service_update(context, id, values):
|
||||
return IMPL.security_service_update(context, id, values)
|
||||
|
||||
|
||||
def security_service_get(context, id):
|
||||
def security_service_get(context, id, **kwargs):
|
||||
"""Get security service DB record."""
|
||||
return IMPL.security_service_get(context, id)
|
||||
return IMPL.security_service_get(context, id, **kwargs)
|
||||
|
||||
|
||||
def security_service_get_all(context):
|
||||
|
@ -3943,8 +3943,9 @@ def security_service_update(context, id, values):
|
||||
|
||||
|
||||
@require_context
|
||||
def security_service_get(context, id, session=None):
|
||||
result = (_security_service_get_query(context, session=session).
|
||||
def security_service_get(context, id, session=None, **kwargs):
|
||||
result = (_security_service_get_query(context, session=session,
|
||||
**kwargs).
|
||||
filter_by(id=id).first())
|
||||
|
||||
if result is None:
|
||||
@ -3963,10 +3964,11 @@ def security_service_get_all_by_project(context, project_id):
|
||||
filter_by(project_id=project_id).all())
|
||||
|
||||
|
||||
def _security_service_get_query(context, session=None):
|
||||
def _security_service_get_query(context, session=None, project_only=False):
|
||||
if session is None:
|
||||
session = get_session()
|
||||
return model_query(context, models.SecurityService, session=session)
|
||||
return model_query(context, models.SecurityService, session=session,
|
||||
project_only=project_only)
|
||||
|
||||
|
||||
###################
|
||||
|
@ -1503,7 +1503,7 @@ class ShareNetworkAPITest(test.TestCase):
|
||||
context, share_network['id']
|
||||
)
|
||||
db_api.security_service_get.assert_called_once_with(
|
||||
context, security_service['id'])
|
||||
context, security_service['id'], project_only=True)
|
||||
|
||||
def test_check_add_security_service(self):
|
||||
security_service, share_network, body, request = (
|
||||
@ -1531,7 +1531,7 @@ class ShareNetworkAPITest(test.TestCase):
|
||||
db_api.share_network_get.assert_called_once_with(
|
||||
context, share_network['id'])
|
||||
db_api.security_service_get.assert_called_once_with(
|
||||
context, security_service['id'])
|
||||
context, security_service['id'], project_only=True)
|
||||
(self.controller.share_api.check_share_network_security_service_update.
|
||||
assert_called_once_with(
|
||||
context, share_network, security_service,
|
||||
@ -1571,12 +1571,50 @@ class ShareNetworkAPITest(test.TestCase):
|
||||
db_api.share_network_get.assert_called_once_with(
|
||||
context, share_network['id'])
|
||||
db_api.security_service_get.assert_called_once_with(
|
||||
context, security_service['id'])
|
||||
context, security_service['id'], project_only=True)
|
||||
(self.controller.share_api.check_share_network_security_service_update.
|
||||
assert_called_once_with(
|
||||
context, share_network, security_service,
|
||||
reset_operation=False))
|
||||
|
||||
@ddt.data(
|
||||
(exception.NotFound(message='fake'),
|
||||
webob_exc.HTTPBadRequest))
|
||||
@ddt.unpack
|
||||
def test_check_add_security_service_failed_project_id(
|
||||
self, captured_exception, exception_to_be_raised):
|
||||
security_service, share_network, body, request = (
|
||||
self._setup_data_for_check_add_tests())
|
||||
share_network = fake_share_network
|
||||
context = request.environ['manila.context']
|
||||
share_api_return = {'fake_key': 'fake_value'}
|
||||
|
||||
self.mock_object(share_networks.policy, 'check_policy')
|
||||
self.mock_object(db_api, 'share_network_get',
|
||||
mock.Mock(return_value=share_network))
|
||||
self.mock_object(
|
||||
db_api, 'security_service_get',
|
||||
mock.Mock(side_effect=captured_exception))
|
||||
self.mock_object(
|
||||
self.controller.share_api,
|
||||
'check_share_network_security_service_update',
|
||||
mock.Mock(return_vale=share_api_return))
|
||||
self.mock_object(
|
||||
self.controller._view_builder,
|
||||
'build_security_service_update_check')
|
||||
|
||||
self.assertRaises(
|
||||
exception_to_be_raised,
|
||||
self.controller.check_add_security_service,
|
||||
request,
|
||||
share_network['id'],
|
||||
body)
|
||||
|
||||
db_api.share_network_get.assert_called_once_with(
|
||||
context, share_network['id'])
|
||||
db_api.security_service_get.assert_called_once_with(
|
||||
context, security_service['id'], project_only=True)
|
||||
|
||||
@ddt.data(
|
||||
(exception.ServiceIsDown(message='fake'), webob_exc.HTTPConflict),
|
||||
(exception.InvalidShareNetwork(message='fake'),
|
||||
|
@ -0,0 +1,5 @@
|
||||
|
||||
fixes:
|
||||
- Adds a check when associating a security service to a share network, so
|
||||
that both resources must have the same project_id. If not,
|
||||
HTTP Bad Request is raised.
|
Loading…
Reference in New Issue
Block a user