Merge "Add validation to share network" into stable/wallaby

manila/api/v2/share_networks.py

@@ -593,7 +593,7 @@ class ShareNetworkController(wsgi.Controller, wsgi.AdminActionsMixin):
         data = body['add_security_service_check']
         try:
             security_service = db_api.security_service_get(
-                context, data['security_service_id'])
+                context, data['security_service_id'], project_only=True)
         except KeyError:
             msg = "Malformed request body."
             raise exc.HTTPBadRequest(explanation=msg)

manila/db/api.py

@@ -750,9 +750,9 @@ def security_service_update(context, id, values):
     return IMPL.security_service_update(context, id, values)
 
 
-def security_service_get(context, id):
+def security_service_get(context, id, **kwargs):
     """Get security service DB record."""
-    return IMPL.security_service_get(context, id)
+    return IMPL.security_service_get(context, id, **kwargs)
 
 
 def security_service_get_all(context):

manila/db/sqlalchemy/api.py

@@ -3777,8 +3777,9 @@ def security_service_update(context, id, values):
 
 
 @require_context
-def security_service_get(context, id, session=None):
-    result = (_security_service_get_query(context, session=session).
+def security_service_get(context, id, session=None, **kwargs):
+    result = (_security_service_get_query(context, session=session,
+                                          **kwargs).
               filter_by(id=id).first())
 
     if result is None:
@@ -3797,10 +3798,11 @@ def security_service_get_all_by_project(context, project_id):
             filter_by(project_id=project_id).all())
 
 
-def _security_service_get_query(context, session=None):
+def _security_service_get_query(context, session=None, project_only=False):
     if session is None:
         session = get_session()
-    return model_query(context, models.SecurityService, session=session)
+    return model_query(context, models.SecurityService, session=session,
+                       project_only=project_only)
 
 
 ###################

manila/tests/api/v2/test_share_networks.py

@@ -1497,7 +1497,7 @@ class ShareNetworkAPITest(test.TestCase):
             context, share_network['id']
         )
         db_api.security_service_get.assert_called_once_with(
-            context, security_service['id'])
+            context, security_service['id'], project_only=True)
 
     def test_check_add_security_service(self):
         security_service, share_network, body, request = (
@@ -1525,7 +1525,7 @@ class ShareNetworkAPITest(test.TestCase):
         db_api.share_network_get.assert_called_once_with(
             context, share_network['id'])
         db_api.security_service_get.assert_called_once_with(
-            context, security_service['id'])
+            context, security_service['id'], project_only=True)
         (self.controller.share_api.check_share_network_security_service_update.
             assert_called_once_with(
                 context, share_network, security_service,
@@ -1565,12 +1565,50 @@ class ShareNetworkAPITest(test.TestCase):
         db_api.share_network_get.assert_called_once_with(
             context, share_network['id'])
         db_api.security_service_get.assert_called_once_with(
-            context, security_service['id'])
+            context, security_service['id'], project_only=True)
         (self.controller.share_api.check_share_network_security_service_update.
             assert_called_once_with(
                 context, share_network, security_service,
                 reset_operation=False))
 
+    @ddt.data(
+        (exception.NotFound(message='fake'),
+         webob_exc.HTTPBadRequest))
+    @ddt.unpack
+    def test_check_add_security_service_failed_project_id(
+            self, captured_exception, exception_to_be_raised):
+        security_service, share_network, body, request = (
+            self._setup_data_for_check_add_tests())
+        share_network = fake_share_network
+        context = request.environ['manila.context']
+        share_api_return = {'fake_key': 'fake_value'}
+
+        self.mock_object(share_networks.policy, 'check_policy')
+        self.mock_object(db_api, 'share_network_get',
+                         mock.Mock(return_value=share_network))
+        self.mock_object(
+            db_api, 'security_service_get',
+            mock.Mock(side_effect=captured_exception))
+        self.mock_object(
+            self.controller.share_api,
+            'check_share_network_security_service_update',
+            mock.Mock(return_vale=share_api_return))
+        self.mock_object(
+            self.controller._view_builder,
+            'build_security_service_update_check')
+
+        self.assertRaises(
+            exception_to_be_raised,
+            self.controller.check_add_security_service,
+            request,
+            share_network['id'],
+            body)
+
+        db_api.share_network_get.assert_called_once_with(
+            context, share_network['id'])
+        db_api.security_service_get.assert_called_once_with(
+            context, security_service['id'], project_only=True)
+
     @ddt.data(
         (exception.ServiceIsDown(message='fake'), webob_exc.HTTPConflict),
         (exception.InvalidShareNetwork(message='fake'),

releasenotes/notes/bug-1918323-add-validation-to-share-network-94571f35cb39c815.yaml

@@ -0,0 +1,5 @@
+
+fixes:
+  - Adds a check when associating a security service to a share network, so
+    that both resources must have the same project_id. If not,
+    HTTP Bad Request is raised.