From 63d428a60d2c3c27f9f1138f77671516a4d0091d Mon Sep 17 00:00:00 2001
From: "hobo.kengo" <hobo.kengo@jp.fujitsu.com>
Date: Thu, 10 Nov 2016 10:24:50 +0000
Subject: [PATCH] Add check to address_pair that items in list are dict

This patch adds check to allowed_address_pairs that
items in list are dictionary before checking
'ip_address' and 'mac_address'.

From user view, error is changed to 400 from 500 when
creating/updating port with 'allowed_address_pairs'
specifying string that contains "ip_address" or "mac_address".

Change-Id: I92ea4d56e01b0e122c2150f9d82464b67f4dc466
Closes-Bug: #1640034
---
 neutron/extensions/allowedaddresspairs.py        |  3 +++
 .../tests/unit/db/test_allowedaddresspairs_db.py | 16 +++++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/neutron/extensions/allowedaddresspairs.py b/neutron/extensions/allowedaddresspairs.py
index 66e14777f1c..a97bb795b38 100644
--- a/neutron/extensions/allowedaddresspairs.py
+++ b/neutron/extensions/allowedaddresspairs.py
@@ -56,6 +56,9 @@ def _validate_allowed_address_pairs(address_pairs, valid_values=None):
             quota=cfg.CONF.max_allowed_address_pair)
 
     for address_pair in address_pairs:
+        msg = validators.validate_dict(address_pair)
+        if msg:
+            return msg
         # mac_address is optional, if not set we use the mac on the port
         if 'mac_address' in address_pair:
             msg = validators.validate_mac_address(address_pair['mac_address'])
diff --git a/neutron/tests/unit/db/test_allowedaddresspairs_db.py b/neutron/tests/unit/db/test_allowedaddresspairs_db.py
index d674dc8b74d..1cbd82eeabb 100644
--- a/neutron/tests/unit/db/test_allowedaddresspairs_db.py
+++ b/neutron/tests/unit/db/test_allowedaddresspairs_db.py
@@ -100,7 +100,8 @@ class TestAllowedAddressPairs(AllowedAddressPairDBTestCase):
 
     def test_create_port_allowed_address_pairs_bad_format(self):
         with self.network() as net:
-            bad_values = [False, True, 1.1, 1]
+            bad_values = [False, True, 1.1, 1, ['ip_address'],
+                          ['mac_address']]
             for value in bad_values:
                 self._create_port(
                     self.fmt, net['network']['id'],
@@ -245,6 +246,19 @@ class TestAllowedAddressPairs(AllowedAddressPairDBTestCase):
             if ret_code == 201:
                 self._delete('ports', port['port']['id'])
 
+    def test_update_port_allowed_address_pairs_bad_format(self):
+        with self.network() as net:
+            res = self._create_port(self.fmt, net['network']['id'])
+            port = self.deserialize(self.fmt, res)
+            bad_values = [False, True, 1.1, 1, ['ip_address'],
+                          ['mac_address']]
+            for value in bad_values:
+                update_port = {'port': {addr_pair.ADDRESS_PAIRS: value}}
+                req = self.new_update_request('ports', update_port,
+                                              port['port']['id'])
+                res = req.get_response(self.api)
+                self.assertEqual(400, res.status_int)
+
     def test_update_add_address_pairs(self):
         with self.network() as net:
             res = self._create_port(self.fmt, net['network']['id'])