deb-zaqar/zaqar/transport/wsgi/v1_0/metadata.py
Eva Balycheva 400fc6ec7d Validate PUT of reserved queue attributes metadata
We recently introduced reserved queue metadata feature in our API v2.
And because it's a feature of API v2, we decided not to change at all
our older APIs. But through our older APIs it's possible to PUT invalid
queue attributes, which can cause unstable work of API v2.

This patch makes API v1 restrict any metadata keys which names start
with "_", because they are probably reserved queue attributes.

This patch makes API v1.1 validate metadata like API v2 validates it now
to ensure that the reserved queue attributes have valid values, before
sending them to the database.

This patch also adds unit tests to APIs.

APIImpact
Closes-Bug: 1557247

Change-Id: Idcd063787c8d8da49a9c3d126441f9336c85e7cd
2016-03-25 06:02:12 +03:00

97 lines
3.6 KiB
Python

# Copyright (c) 2013 Rackspace, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import falcon
from oslo_log import log as logging
import six
from zaqar.common import decorators
from zaqar.i18n import _
from zaqar.storage import errors as storage_errors
from zaqar.transport import utils
from zaqar.transport import validation
from zaqar.transport.wsgi import errors as wsgi_errors
from zaqar.transport.wsgi import utils as wsgi_utils
LOG = logging.getLogger(__name__)
class Resource(object):
__slots__ = ('_wsgi_conf', '_validate', '_queue_ctrl')
def __init__(self, _wsgi_conf, validate, queue_controller):
self._wsgi_conf = _wsgi_conf
self._validate = validate
self._queue_ctrl = queue_controller
@decorators.TransportLog("Queue metadata")
def on_get(self, req, resp, project_id, queue_name):
try:
resp_dict = self._queue_ctrl.get_metadata(queue_name,
project=project_id)
except storage_errors.DoesNotExist as ex:
LOG.debug(ex)
raise wsgi_errors.HTTPNotFound(six.text_type(ex))
except Exception as ex:
LOG.exception(ex)
description = _(u'Queue metadata could not be retrieved.')
raise wsgi_errors.HTTPServiceUnavailable(description)
resp.content_location = req.path
resp.body = utils.to_json(resp_dict)
# status defaults to 200
@decorators.TransportLog("Queue metadata")
def on_put(self, req, resp, project_id, queue_name):
try:
# Place JSON size restriction before parsing
self._validate.queue_metadata_length(req.content_length)
# Deserialize queue metadata
document = wsgi_utils.deserialize(req.stream, req.content_length)
metadata = wsgi_utils.sanitize(document, spec=None)
# Restrict setting any reserved queue attributes
for key in metadata:
if key.startswith('_'):
description = _(u'Reserved queue attributes in metadata '
u'(which names start with "_") can not be '
u'set in API v1.')
raise validation.ValidationFailed(description)
except validation.ValidationFailed as ex:
LOG.debug(ex)
raise wsgi_errors.HTTPBadRequestAPI(six.text_type(ex))
try:
self._queue_ctrl.set_metadata(queue_name,
metadata=metadata,
project=project_id)
except validation.ValidationFailed as ex:
LOG.debug(ex)
raise wsgi_errors.HTTPBadRequestAPI(six.text_type(ex))
except storage_errors.QueueDoesNotExist as ex:
raise wsgi_errors.HTTPNotFound(six.text_type(ex))
except Exception as ex:
LOG.exception(ex)
description = _(u'Metadata could not be updated.')
raise wsgi_errors.HTTPServiceUnavailable(description)
resp.status = falcon.HTTP_204
resp.location = req.path