From a97d65d3eb9b3a5b4a88a1b3f22b59ca2f75c9bc Mon Sep 17 00:00:00 2001 From: Ashley Rodriguez Date: Wed, 1 Dec 2021 14:31:00 +0000 Subject: [PATCH] Add validation to share network Adds a check when associating a security service to a share network, so that both resources must have the same project_id. If not, a HTTP Bad Request is raised. Affiliated tests were altered or created. Closes-Bug: #1918323 Change-Id: Idb2a8838d492ac3c616fb21ab1272f7dc74ee589 --- manila/api/v2/share_networks.py | 2 +- manila/db/api.py | 4 +- manila/db/sqlalchemy/api.py | 10 +++-- manila/tests/api/v2/test_share_networks.py | 44 +++++++++++++++++-- ...ion-to-share-network-94571f35cb39c815.yaml | 5 +++ 5 files changed, 55 insertions(+), 10 deletions(-) create mode 100644 releasenotes/notes/bug-1918323-add-validation-to-share-network-94571f35cb39c815.yaml diff --git a/manila/api/v2/share_networks.py b/manila/api/v2/share_networks.py index fd3a8d7bac..a285e4afda 100644 --- a/manila/api/v2/share_networks.py +++ b/manila/api/v2/share_networks.py @@ -598,7 +598,7 @@ class ShareNetworkController(wsgi.Controller, wsgi.AdminActionsMixin): data = body['add_security_service_check'] try: security_service = db_api.security_service_get( - context, data['security_service_id']) + context, data['security_service_id'], project_only=True) except KeyError: msg = "Malformed request body." raise exc.HTTPBadRequest(explanation=msg) diff --git a/manila/db/api.py b/manila/db/api.py index 55c0bc8fbf..441431176a 100644 --- a/manila/db/api.py +++ b/manila/db/api.py @@ -777,9 +777,9 @@ def security_service_update(context, id, values): return IMPL.security_service_update(context, id, values) -def security_service_get(context, id): +def security_service_get(context, id, **kwargs): """Get security service DB record.""" - return IMPL.security_service_get(context, id) + return IMPL.security_service_get(context, id, **kwargs) def security_service_get_all(context): diff --git a/manila/db/sqlalchemy/api.py b/manila/db/sqlalchemy/api.py index 04fd2abd65..75acce9cbb 100644 --- a/manila/db/sqlalchemy/api.py +++ b/manila/db/sqlalchemy/api.py @@ -3943,8 +3943,9 @@ def security_service_update(context, id, values): @require_context -def security_service_get(context, id, session=None): - result = (_security_service_get_query(context, session=session). +def security_service_get(context, id, session=None, **kwargs): + result = (_security_service_get_query(context, session=session, + **kwargs). filter_by(id=id).first()) if result is None: @@ -3963,10 +3964,11 @@ def security_service_get_all_by_project(context, project_id): filter_by(project_id=project_id).all()) -def _security_service_get_query(context, session=None): +def _security_service_get_query(context, session=None, project_only=False): if session is None: session = get_session() - return model_query(context, models.SecurityService, session=session) + return model_query(context, models.SecurityService, session=session, + project_only=project_only) ################### diff --git a/manila/tests/api/v2/test_share_networks.py b/manila/tests/api/v2/test_share_networks.py index 44cecf1179..466c654fd8 100644 --- a/manila/tests/api/v2/test_share_networks.py +++ b/manila/tests/api/v2/test_share_networks.py @@ -1503,7 +1503,7 @@ class ShareNetworkAPITest(test.TestCase): context, share_network['id'] ) db_api.security_service_get.assert_called_once_with( - context, security_service['id']) + context, security_service['id'], project_only=True) def test_check_add_security_service(self): security_service, share_network, body, request = ( @@ -1531,7 +1531,7 @@ class ShareNetworkAPITest(test.TestCase): db_api.share_network_get.assert_called_once_with( context, share_network['id']) db_api.security_service_get.assert_called_once_with( - context, security_service['id']) + context, security_service['id'], project_only=True) (self.controller.share_api.check_share_network_security_service_update. assert_called_once_with( context, share_network, security_service, @@ -1571,12 +1571,50 @@ class ShareNetworkAPITest(test.TestCase): db_api.share_network_get.assert_called_once_with( context, share_network['id']) db_api.security_service_get.assert_called_once_with( - context, security_service['id']) + context, security_service['id'], project_only=True) (self.controller.share_api.check_share_network_security_service_update. assert_called_once_with( context, share_network, security_service, reset_operation=False)) + @ddt.data( + (exception.NotFound(message='fake'), + webob_exc.HTTPBadRequest)) + @ddt.unpack + def test_check_add_security_service_failed_project_id( + self, captured_exception, exception_to_be_raised): + security_service, share_network, body, request = ( + self._setup_data_for_check_add_tests()) + share_network = fake_share_network + context = request.environ['manila.context'] + share_api_return = {'fake_key': 'fake_value'} + + self.mock_object(share_networks.policy, 'check_policy') + self.mock_object(db_api, 'share_network_get', + mock.Mock(return_value=share_network)) + self.mock_object( + db_api, 'security_service_get', + mock.Mock(side_effect=captured_exception)) + self.mock_object( + self.controller.share_api, + 'check_share_network_security_service_update', + mock.Mock(return_vale=share_api_return)) + self.mock_object( + self.controller._view_builder, + 'build_security_service_update_check') + + self.assertRaises( + exception_to_be_raised, + self.controller.check_add_security_service, + request, + share_network['id'], + body) + + db_api.share_network_get.assert_called_once_with( + context, share_network['id']) + db_api.security_service_get.assert_called_once_with( + context, security_service['id'], project_only=True) + @ddt.data( (exception.ServiceIsDown(message='fake'), webob_exc.HTTPConflict), (exception.InvalidShareNetwork(message='fake'), diff --git a/releasenotes/notes/bug-1918323-add-validation-to-share-network-94571f35cb39c815.yaml b/releasenotes/notes/bug-1918323-add-validation-to-share-network-94571f35cb39c815.yaml new file mode 100644 index 0000000000..1496286fef --- /dev/null +++ b/releasenotes/notes/bug-1918323-add-validation-to-share-network-94571f35cb39c815.yaml @@ -0,0 +1,5 @@ + +fixes: + - Adds a check when associating a security service to a share network, so + that both resources must have the same project_id. If not, + HTTP Bad Request is raised.