Add validation to share network
Adds a check when associating a security service to a share network, so that both resources must have the same project_id. If not, a HTTP Bad Request is raised. Affiliated tests were altered or created. Closes-Bug: #1918323 Change-Id: Idb2a8838d492ac3c616fb21ab1272f7dc74ee589
This commit is contained in:
parent
7b929de8b5
commit
a97d65d3eb
@ -598,7 +598,7 @@ class ShareNetworkController(wsgi.Controller, wsgi.AdminActionsMixin):
|
|||||||
data = body['add_security_service_check']
|
data = body['add_security_service_check']
|
||||||
try:
|
try:
|
||||||
security_service = db_api.security_service_get(
|
security_service = db_api.security_service_get(
|
||||||
context, data['security_service_id'])
|
context, data['security_service_id'], project_only=True)
|
||||||
except KeyError:
|
except KeyError:
|
||||||
msg = "Malformed request body."
|
msg = "Malformed request body."
|
||||||
raise exc.HTTPBadRequest(explanation=msg)
|
raise exc.HTTPBadRequest(explanation=msg)
|
||||||
|
@ -777,9 +777,9 @@ def security_service_update(context, id, values):
|
|||||||
return IMPL.security_service_update(context, id, values)
|
return IMPL.security_service_update(context, id, values)
|
||||||
|
|
||||||
|
|
||||||
def security_service_get(context, id):
|
def security_service_get(context, id, **kwargs):
|
||||||
"""Get security service DB record."""
|
"""Get security service DB record."""
|
||||||
return IMPL.security_service_get(context, id)
|
return IMPL.security_service_get(context, id, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
def security_service_get_all(context):
|
def security_service_get_all(context):
|
||||||
|
@ -3943,8 +3943,9 @@ def security_service_update(context, id, values):
|
|||||||
|
|
||||||
|
|
||||||
@require_context
|
@require_context
|
||||||
def security_service_get(context, id, session=None):
|
def security_service_get(context, id, session=None, **kwargs):
|
||||||
result = (_security_service_get_query(context, session=session).
|
result = (_security_service_get_query(context, session=session,
|
||||||
|
**kwargs).
|
||||||
filter_by(id=id).first())
|
filter_by(id=id).first())
|
||||||
|
|
||||||
if result is None:
|
if result is None:
|
||||||
@ -3963,10 +3964,11 @@ def security_service_get_all_by_project(context, project_id):
|
|||||||
filter_by(project_id=project_id).all())
|
filter_by(project_id=project_id).all())
|
||||||
|
|
||||||
|
|
||||||
def _security_service_get_query(context, session=None):
|
def _security_service_get_query(context, session=None, project_only=False):
|
||||||
if session is None:
|
if session is None:
|
||||||
session = get_session()
|
session = get_session()
|
||||||
return model_query(context, models.SecurityService, session=session)
|
return model_query(context, models.SecurityService, session=session,
|
||||||
|
project_only=project_only)
|
||||||
|
|
||||||
|
|
||||||
###################
|
###################
|
||||||
|
@ -1503,7 +1503,7 @@ class ShareNetworkAPITest(test.TestCase):
|
|||||||
context, share_network['id']
|
context, share_network['id']
|
||||||
)
|
)
|
||||||
db_api.security_service_get.assert_called_once_with(
|
db_api.security_service_get.assert_called_once_with(
|
||||||
context, security_service['id'])
|
context, security_service['id'], project_only=True)
|
||||||
|
|
||||||
def test_check_add_security_service(self):
|
def test_check_add_security_service(self):
|
||||||
security_service, share_network, body, request = (
|
security_service, share_network, body, request = (
|
||||||
@ -1531,7 +1531,7 @@ class ShareNetworkAPITest(test.TestCase):
|
|||||||
db_api.share_network_get.assert_called_once_with(
|
db_api.share_network_get.assert_called_once_with(
|
||||||
context, share_network['id'])
|
context, share_network['id'])
|
||||||
db_api.security_service_get.assert_called_once_with(
|
db_api.security_service_get.assert_called_once_with(
|
||||||
context, security_service['id'])
|
context, security_service['id'], project_only=True)
|
||||||
(self.controller.share_api.check_share_network_security_service_update.
|
(self.controller.share_api.check_share_network_security_service_update.
|
||||||
assert_called_once_with(
|
assert_called_once_with(
|
||||||
context, share_network, security_service,
|
context, share_network, security_service,
|
||||||
@ -1571,12 +1571,50 @@ class ShareNetworkAPITest(test.TestCase):
|
|||||||
db_api.share_network_get.assert_called_once_with(
|
db_api.share_network_get.assert_called_once_with(
|
||||||
context, share_network['id'])
|
context, share_network['id'])
|
||||||
db_api.security_service_get.assert_called_once_with(
|
db_api.security_service_get.assert_called_once_with(
|
||||||
context, security_service['id'])
|
context, security_service['id'], project_only=True)
|
||||||
(self.controller.share_api.check_share_network_security_service_update.
|
(self.controller.share_api.check_share_network_security_service_update.
|
||||||
assert_called_once_with(
|
assert_called_once_with(
|
||||||
context, share_network, security_service,
|
context, share_network, security_service,
|
||||||
reset_operation=False))
|
reset_operation=False))
|
||||||
|
|
||||||
|
@ddt.data(
|
||||||
|
(exception.NotFound(message='fake'),
|
||||||
|
webob_exc.HTTPBadRequest))
|
||||||
|
@ddt.unpack
|
||||||
|
def test_check_add_security_service_failed_project_id(
|
||||||
|
self, captured_exception, exception_to_be_raised):
|
||||||
|
security_service, share_network, body, request = (
|
||||||
|
self._setup_data_for_check_add_tests())
|
||||||
|
share_network = fake_share_network
|
||||||
|
context = request.environ['manila.context']
|
||||||
|
share_api_return = {'fake_key': 'fake_value'}
|
||||||
|
|
||||||
|
self.mock_object(share_networks.policy, 'check_policy')
|
||||||
|
self.mock_object(db_api, 'share_network_get',
|
||||||
|
mock.Mock(return_value=share_network))
|
||||||
|
self.mock_object(
|
||||||
|
db_api, 'security_service_get',
|
||||||
|
mock.Mock(side_effect=captured_exception))
|
||||||
|
self.mock_object(
|
||||||
|
self.controller.share_api,
|
||||||
|
'check_share_network_security_service_update',
|
||||||
|
mock.Mock(return_vale=share_api_return))
|
||||||
|
self.mock_object(
|
||||||
|
self.controller._view_builder,
|
||||||
|
'build_security_service_update_check')
|
||||||
|
|
||||||
|
self.assertRaises(
|
||||||
|
exception_to_be_raised,
|
||||||
|
self.controller.check_add_security_service,
|
||||||
|
request,
|
||||||
|
share_network['id'],
|
||||||
|
body)
|
||||||
|
|
||||||
|
db_api.share_network_get.assert_called_once_with(
|
||||||
|
context, share_network['id'])
|
||||||
|
db_api.security_service_get.assert_called_once_with(
|
||||||
|
context, security_service['id'], project_only=True)
|
||||||
|
|
||||||
@ddt.data(
|
@ddt.data(
|
||||||
(exception.ServiceIsDown(message='fake'), webob_exc.HTTPConflict),
|
(exception.ServiceIsDown(message='fake'), webob_exc.HTTPConflict),
|
||||||
(exception.InvalidShareNetwork(message='fake'),
|
(exception.InvalidShareNetwork(message='fake'),
|
||||||
|
@ -0,0 +1,5 @@
|
|||||||
|
|
||||||
|
fixes:
|
||||||
|
- Adds a check when associating a security service to a share network, so
|
||||||
|
that both resources must have the same project_id. If not,
|
||||||
|
HTTP Bad Request is raised.
|
Loading…
Reference in New Issue
Block a user