From a22f0744a5e89e653de9772e9b2b3aaa10c74f64 Mon Sep 17 00:00:00 2001 From: Niall Bunting Date: Mon, 22 Feb 2016 17:13:06 +0000 Subject: [PATCH] Reject bodies for metadef commands The inital commit missed the metadef commands. This now adds them in using http://developer.openstack.org/api-ref-image-v2.html as the source for this information. Closes-Bug: 1475647 Change-Id: I764e09d9d0e3f2dd2d815b9eca2212075598303c --- glance/api/v2/router.py | 63 ++++++++++++------- .../functional/v2/test_metadef_namespaces.py | 60 ++++++++++++++++++ 2 files changed, 102 insertions(+), 21 deletions(-) diff --git a/glance/api/v2/router.py b/glance/api/v2/router.py index 2653101d41..af8ba33d77 100644 --- a/glance/api/v2/router.py +++ b/glance/api/v2/router.py @@ -95,7 +95,8 @@ class API(wsgi.Router): mapper.connect('/schemas/metadefs/namespace', controller=schemas_resource, action='metadef_namespace', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/schemas/metadefs/namespace', controller=reject_method_resource, action='reject', @@ -104,7 +105,8 @@ class API(wsgi.Router): mapper.connect('/schemas/metadefs/namespaces', controller=schemas_resource, action='metadef_namespaces', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/schemas/metadefs/namespaces', controller=reject_method_resource, action='reject', @@ -113,7 +115,8 @@ class API(wsgi.Router): mapper.connect('/schemas/metadefs/resource_type', controller=schemas_resource, action='metadef_resource_type', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/schemas/metadefs/resource_type', controller=reject_method_resource, action='reject', @@ -122,7 +125,8 @@ class API(wsgi.Router): mapper.connect('/schemas/metadefs/resource_types', controller=schemas_resource, action='metadef_resource_types', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/schemas/metadefs/resource_types', controller=reject_method_resource, action='reject', @@ -131,7 +135,8 @@ class API(wsgi.Router): mapper.connect('/schemas/metadefs/property', controller=schemas_resource, action='metadef_property', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/schemas/metadefs/property', controller=reject_method_resource, action='reject', @@ -140,7 +145,8 @@ class API(wsgi.Router): mapper.connect('/schemas/metadefs/properties', controller=schemas_resource, action='metadef_properties', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/schemas/metadefs/properties', controller=reject_method_resource, action='reject', @@ -149,7 +155,8 @@ class API(wsgi.Router): mapper.connect('/schemas/metadefs/object', controller=schemas_resource, action='metadef_object', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/schemas/metadefs/object', controller=reject_method_resource, action='reject', @@ -158,7 +165,8 @@ class API(wsgi.Router): mapper.connect('/schemas/metadefs/objects', controller=schemas_resource, action='metadef_objects', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/schemas/metadefs/objects', controller=reject_method_resource, action='reject', @@ -167,7 +175,8 @@ class API(wsgi.Router): mapper.connect('/schemas/metadefs/tag', controller=schemas_resource, action='metadef_tag', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/schemas/metadefs/tag', controller=reject_method_resource, action='reject', @@ -176,7 +185,8 @@ class API(wsgi.Router): mapper.connect('/schemas/metadefs/tags', controller=schemas_resource, action='metadef_tags', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/schemas/metadefs/tags', controller=reject_method_resource, action='reject', @@ -189,7 +199,8 @@ class API(wsgi.Router): mapper.connect('/metadefs/resource_types', controller=metadef_resource_types_resource, action='index', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/metadefs/resource_types', controller=reject_method_resource, action='reject', @@ -198,7 +209,8 @@ class API(wsgi.Router): mapper.connect('/metadefs/namespaces/{namespace}/resource_types', controller=metadef_resource_types_resource, action='show', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/metadefs/namespaces/{namespace}/resource_types', controller=metadef_resource_types_resource, action='create', @@ -212,7 +224,8 @@ class API(wsgi.Router): '{resource_type}', controller=metadef_resource_types_resource, action='delete', - conditions={'method': ['DELETE']}) + conditions={'method': ['DELETE']}, + body_reject=True) mapper.connect('/metadefs/namespaces/{namespace}/resource_types/' '{resource_type}', controller=reject_method_resource, @@ -237,7 +250,8 @@ class API(wsgi.Router): mapper.connect('/metadefs/namespaces/{namespace}', controller=metadef_namespace_resource, action='show', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/metadefs/namespaces/{namespace}', controller=metadef_namespace_resource, action='update', @@ -245,7 +259,8 @@ class API(wsgi.Router): mapper.connect('/metadefs/namespaces/{namespace}', controller=metadef_namespace_resource, action='delete', - conditions={'method': ['DELETE']}) + conditions={'method': ['DELETE']}, + body_reject=True) mapper.connect('/metadefs/namespaces/{namespace}', controller=reject_method_resource, action='reject', @@ -256,7 +271,8 @@ class API(wsgi.Router): mapper.connect('/metadefs/namespaces/{namespace}/properties', controller=metadef_properties_resource, action='index', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/metadefs/namespaces/{namespace}/properties', controller=metadef_properties_resource, action='create', @@ -314,7 +330,8 @@ class API(wsgi.Router): 'object_name}', controller=metadef_objects_resource, action='show', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/metadefs/namespaces/{namespace}/objects/{' 'object_name}', controller=metadef_objects_resource, @@ -324,7 +341,8 @@ class API(wsgi.Router): 'object_name}', controller=metadef_objects_resource, action='delete', - conditions={'method': ['DELETE']}) + conditions={'method': ['DELETE']}, + body_reject=True) mapper.connect('/metadefs/namespaces/{namespace}/objects/{' 'object_name}', controller=reject_method_resource, @@ -353,11 +371,13 @@ class API(wsgi.Router): mapper.connect('/metadefs/namespaces/{namespace}/tags/{tag_name}', controller=metadef_tags_resource, action='show', - conditions={'method': ['GET']}) + conditions={'method': ['GET']}, + body_reject=True) mapper.connect('/metadefs/namespaces/{namespace}/tags/{tag_name}', controller=metadef_tags_resource, action='create', - conditions={'method': ['POST']}) + conditions={'method': ['POST']}, + body_reject=True) mapper.connect('/metadefs/namespaces/{namespace}/tags/{tag_name}', controller=metadef_tags_resource, action='update', @@ -365,7 +385,8 @@ class API(wsgi.Router): mapper.connect('/metadefs/namespaces/{namespace}/tags/{tag_name}', controller=metadef_tags_resource, action='delete', - conditions={'method': ['DELETE']}) + conditions={'method': ['DELETE']}, + body_reject=True) mapper.connect('/metadefs/namespaces/{namespace}/tags/{tag_name}', controller=reject_method_resource, action='reject', diff --git a/glance/tests/functional/v2/test_metadef_namespaces.py b/glance/tests/functional/v2/test_metadef_namespaces.py index fbacadc7e8..0e90ed4279 100644 --- a/glance/tests/functional/v2/test_metadef_namespaces.py +++ b/glance/tests/functional/v2/test_metadef_namespaces.py @@ -179,3 +179,63 @@ class TestNamespaces(functional.FunctionalTest): path = self._url('/v2/metadefs/namespaces/MyNamespace') response = requests.get(path, headers=self._headers()) self.assertEqual(404, response.status_code) + + def test_metadef_dont_accept_illegal_bodies(self): + # Namespace should not exist + path = self._url('/v2/metadefs/namespaces/bodytest') + response = requests.get(path, headers=self._headers()) + self.assertEqual(404, response.status_code) + + # Create a namespace + path = self._url('/v2/metadefs/namespaces') + headers = self._headers({'content-type': 'application/json'}) + namespace_name = 'bodytest' + data = jsonutils.dumps({ + "namespace": namespace_name, + "display_name": "My User Friendly Namespace", + "description": "My description" + } + ) + response = requests.post(path, headers=headers, data=data) + self.assertEqual(201, response.status_code) + + # Test all the urls that supply data + data_urls = [ + '/v2/schemas/metadefs/namespace', + '/v2/schemas/metadefs/namespaces', + '/v2/schemas/metadefs/resource_type', + '/v2/schemas/metadefs/resource_types', + '/v2/schemas/metadefs/property', + '/v2/schemas/metadefs/properties', + '/v2/schemas/metadefs/object', + '/v2/schemas/metadefs/objects', + '/v2/schemas/metadefs/tag', + '/v2/schemas/metadefs/tags', + '/v2/metadefs/resource_types', + ] + for value in data_urls: + path = self._url(value) + data = jsonutils.dumps(["body"]) + response = requests.get(path, headers=self._headers(), data=data) + self.assertEqual(400, response.status_code) + + # Put the namespace into the url + test_urls = [ + ('/v2/metadefs/namespaces/%s/resource_types', 'get'), + ('/v2/metadefs/namespaces/%s/resource_types/type', 'delete'), + ('/v2/metadefs/namespaces/%s', 'get'), + ('/v2/metadefs/namespaces/%s', 'delete'), + ('/v2/metadefs/namespaces/%s/objects/name', 'get'), + ('/v2/metadefs/namespaces/%s/objects/name', 'delete'), + ('/v2/metadefs/namespaces/%s/properties', 'get'), + ('/v2/metadefs/namespaces/%s/tags/test', 'get'), + ('/v2/metadefs/namespaces/%s/tags/test', 'post'), + ('/v2/metadefs/namespaces/%s/tags/test', 'delete'), + ] + + for link, method in test_urls: + path = self._url(link % namespace_name) + data = jsonutils.dumps(["body"]) + response = getattr(requests, method)( + path, headers=self._headers(), data=data) + self.assertEqual(400, response.status_code)