Some basic validation for creating ec2 security groups. (LP: #715443)

2011-07-17 23:52:50 +01:00
parent 718d4cf5cd
commit 5c6e4aa806
3 changed files with 25 additions and 0 deletions
--- a/nova/api/ec2/init.py
+++ b/nova/api/ec2/init.py
@@ -349,6 +349,10 @@ class Executor(wsgi.Application):
            LOG.debug(_('KeyPairExists raised: %s'), unicode(ex),
                     context=context)
            return self._error(req, context, type(ex).__name__, unicode(ex))
+        except exception.InvalidParameterValue as ex:
+            LOG.debug(_('InvalidParameterValue raised: %s'), unicode(ex),
+                     context=context)
+            return self._error(req, context, type(ex).__name__, unicode(ex))
        except Exception as ex:
            extra = {'environment': req.environ}
            LOG.exception(_('Unexpected error raised: %s'), unicode(ex),
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -28,6 +28,7 @@ import os
 import urllib
 import tempfile
 import shutil
+import re

 from nova import compute
 from nova import context
@@ -602,6 +603,22 @@ class CloudController(object):
        return source_project_id

    def create_security_group(self, context, group_name, group_description):
+        if not re.match('^[a-zA-Z0-9_\- ]+$',group_name):
+            # Some validation to ensure that values match API spec.
+            # - Alphanumeric characters, spaces, dashes, and underscores.
+            # TODO(Daviey): extend beyond group_name checking, and probably 
+            # create a param validator function that can be used elsewhere. 
+            err = _("Value (%s) for parameter GroupName is invalid."
+                    " Content limited to Alphanumeric characters, "
+                    "spaces, dashes, and underscores.") % group_name
+            # err not that of master ec2 implementation, as they fail to raise.
+            raise exception.InvalidParameterValue(err=err)
+
+        if len(str(group_name)) > 255:
+            err = _("Value (%s) for parameter GroupName is invalid."
+                    " Length exceeds maximum of 255.") % group_name
+            raise exception.InvalidParameterValue(err=err)
+
        LOG.audit(_("Create Security Group %s"), group_name, context=context)
        self.compute_api.ensure_default_security_group(context)
        if db.security_group_exists(context, context.project_id, group_name):
--- a/nova/exception.py
+++ b/nova/exception.py
@@ -196,6 +196,10 @@ class InvalidIpProtocol(Invalid):
 class InvalidContentType(Invalid):
    message = _("Invalid content type %(content_type)s.")

+class InvalidParameterValue(Invalid):
+    # Cannot be templated as the error syntax varies.
+    # msg needs to be constructed when raised.
+    message = _("%(err)s")

 class InstanceNotRunning(Invalid):
    message = _("Instance %(instance_id)s is not running.")