Add validation to share network

Adds a check when associating a security service to a share network, so
that both resources must have the same project_id. If not,
a HTTP Bad Request is raised. Affiliated tests were altered or created.

Closes-Bug: #1918323
Change-Id: Idb2a8838d492ac3c616fb21ab1272f7dc74ee589
This commit is contained in:
Ashley Rodriguez 2021-12-01 14:31:00 +00:00
parent 7b929de8b5
commit a97d65d3eb
5 changed files with 55 additions and 10 deletions

View File

@ -598,7 +598,7 @@ class ShareNetworkController(wsgi.Controller, wsgi.AdminActionsMixin):
data = body['add_security_service_check'] data = body['add_security_service_check']
try: try:
security_service = db_api.security_service_get( security_service = db_api.security_service_get(
context, data['security_service_id']) context, data['security_service_id'], project_only=True)
except KeyError: except KeyError:
msg = "Malformed request body." msg = "Malformed request body."
raise exc.HTTPBadRequest(explanation=msg) raise exc.HTTPBadRequest(explanation=msg)

View File

@ -777,9 +777,9 @@ def security_service_update(context, id, values):
return IMPL.security_service_update(context, id, values) return IMPL.security_service_update(context, id, values)
def security_service_get(context, id): def security_service_get(context, id, **kwargs):
"""Get security service DB record.""" """Get security service DB record."""
return IMPL.security_service_get(context, id) return IMPL.security_service_get(context, id, **kwargs)
def security_service_get_all(context): def security_service_get_all(context):

View File

@ -3943,8 +3943,9 @@ def security_service_update(context, id, values):
@require_context @require_context
def security_service_get(context, id, session=None): def security_service_get(context, id, session=None, **kwargs):
result = (_security_service_get_query(context, session=session). result = (_security_service_get_query(context, session=session,
**kwargs).
filter_by(id=id).first()) filter_by(id=id).first())
if result is None: if result is None:
@ -3963,10 +3964,11 @@ def security_service_get_all_by_project(context, project_id):
filter_by(project_id=project_id).all()) filter_by(project_id=project_id).all())
def _security_service_get_query(context, session=None): def _security_service_get_query(context, session=None, project_only=False):
if session is None: if session is None:
session = get_session() session = get_session()
return model_query(context, models.SecurityService, session=session) return model_query(context, models.SecurityService, session=session,
project_only=project_only)
################### ###################

View File

@ -1503,7 +1503,7 @@ class ShareNetworkAPITest(test.TestCase):
context, share_network['id'] context, share_network['id']
) )
db_api.security_service_get.assert_called_once_with( db_api.security_service_get.assert_called_once_with(
context, security_service['id']) context, security_service['id'], project_only=True)
def test_check_add_security_service(self): def test_check_add_security_service(self):
security_service, share_network, body, request = ( security_service, share_network, body, request = (
@ -1531,7 +1531,7 @@ class ShareNetworkAPITest(test.TestCase):
db_api.share_network_get.assert_called_once_with( db_api.share_network_get.assert_called_once_with(
context, share_network['id']) context, share_network['id'])
db_api.security_service_get.assert_called_once_with( db_api.security_service_get.assert_called_once_with(
context, security_service['id']) context, security_service['id'], project_only=True)
(self.controller.share_api.check_share_network_security_service_update. (self.controller.share_api.check_share_network_security_service_update.
assert_called_once_with( assert_called_once_with(
context, share_network, security_service, context, share_network, security_service,
@ -1571,12 +1571,50 @@ class ShareNetworkAPITest(test.TestCase):
db_api.share_network_get.assert_called_once_with( db_api.share_network_get.assert_called_once_with(
context, share_network['id']) context, share_network['id'])
db_api.security_service_get.assert_called_once_with( db_api.security_service_get.assert_called_once_with(
context, security_service['id']) context, security_service['id'], project_only=True)
(self.controller.share_api.check_share_network_security_service_update. (self.controller.share_api.check_share_network_security_service_update.
assert_called_once_with( assert_called_once_with(
context, share_network, security_service, context, share_network, security_service,
reset_operation=False)) reset_operation=False))
@ddt.data(
(exception.NotFound(message='fake'),
webob_exc.HTTPBadRequest))
@ddt.unpack
def test_check_add_security_service_failed_project_id(
self, captured_exception, exception_to_be_raised):
security_service, share_network, body, request = (
self._setup_data_for_check_add_tests())
share_network = fake_share_network
context = request.environ['manila.context']
share_api_return = {'fake_key': 'fake_value'}
self.mock_object(share_networks.policy, 'check_policy')
self.mock_object(db_api, 'share_network_get',
mock.Mock(return_value=share_network))
self.mock_object(
db_api, 'security_service_get',
mock.Mock(side_effect=captured_exception))
self.mock_object(
self.controller.share_api,
'check_share_network_security_service_update',
mock.Mock(return_vale=share_api_return))
self.mock_object(
self.controller._view_builder,
'build_security_service_update_check')
self.assertRaises(
exception_to_be_raised,
self.controller.check_add_security_service,
request,
share_network['id'],
body)
db_api.share_network_get.assert_called_once_with(
context, share_network['id'])
db_api.security_service_get.assert_called_once_with(
context, security_service['id'], project_only=True)
@ddt.data( @ddt.data(
(exception.ServiceIsDown(message='fake'), webob_exc.HTTPConflict), (exception.ServiceIsDown(message='fake'), webob_exc.HTTPConflict),
(exception.InvalidShareNetwork(message='fake'), (exception.InvalidShareNetwork(message='fake'),

View File

@ -0,0 +1,5 @@
fixes:
- Adds a check when associating a security service to a share network, so
that both resources must have the same project_id. If not,
HTTP Bad Request is raised.