diff --git a/heat/api/openstack/v1/resources.py b/heat/api/openstack/v1/resources.py index 5114acf391..ab056b0e53 100644 --- a/heat/api/openstack/v1/resources.py +++ b/heat/api/openstack/v1/resources.py @@ -105,6 +105,13 @@ class ResourceController(object): 'physical_resource_id': 'mixed' } + invalid_keys = (set(req.params.keys()) - + set(list(whitelist) + [rpc_api.PARAM_NESTED_DEPTH, + rpc_api.PARAM_WITH_DETAIL])) + if invalid_keys: + raise exc.HTTPBadRequest(_('Invalid filter parameters %s') % + six.text_type(list(invalid_keys))) + nested_depth = self._extract_to_param(req, rpc_api.PARAM_NESTED_DEPTH, param_utils.extract_int, diff --git a/heat/tests/api/openstack_v1/test_resources.py b/heat/tests/api/openstack_v1/test_resources.py index bf9f925711..13b5c08c58 100644 --- a/heat/tests/api/openstack_v1/test_resources.py +++ b/heat/tests/api/openstack_v1/test_resources.py @@ -132,6 +132,26 @@ class ResourceControllerTest(tools.ControllerTest, common.HeatTestCase): self.assertEqual('EntityNotFound', resp.json['error']['type']) self.m.VerifyAll() + def test_index_invalid_filters(self, mock_enforce): + self._mock_enforce_setup(mock_enforce, 'index', True) + stack_identity = identifier.HeatIdentifier(self.tenant, + 'rubbish', '1') + + req = self._get(stack_identity._tenant_path() + '/resources', + {'invalid_key': 'junk'}) + + mock_call = self.patchobject(rpc_client.EngineClient, 'call') + ex = self.assertRaises(webob.exc.HTTPBadRequest, + self.controller.index, req, + tenant_id=self.tenant, + stack_name=stack_identity.stack_name, + stack_id=stack_identity.stack_id) + + self.assertIn("Invalid filter parameters %s" % + [six.text_type('invalid_key')], + six.text_type(ex)) + self.assertFalse(mock_call.called) + def test_index_nested_depth(self, mock_enforce): self._mock_enforce_setup(mock_enforce, 'index', True) stack_identity = identifier.HeatIdentifier(self.tenant,