placement: validate member_of values are uuids
The 1.3 microversion adds the member_of query parameter for listing resource providers which are members of one or more aggregates based on the aggregate uuids. However the REST API handler code is simply parsing and passing the member_of values through to the object code which is doing a SQL IN statement which will result in no resource providers if an invalidate aggregate uuid is provided, i.e. not actually a uuid. This patch adds simple uuid validation to the handler code that's parsing the member_of query parameter. Change-Id: I912f731e0d75979aea0a0f22c15e6cfb84a95050 Closes-Bug: #1656482
This commit is contained in:
parent
2da73ce46b
commit
5256514389
@ -66,8 +66,6 @@ GET_RPS_SCHEMA_1_0 = {
|
|||||||
# Placement API microversion 1.3 adds support for a member_of attribute
|
# Placement API microversion 1.3 adds support for a member_of attribute
|
||||||
GET_RPS_SCHEMA_1_3 = copy.deepcopy(GET_RPS_SCHEMA_1_0)
|
GET_RPS_SCHEMA_1_3 = copy.deepcopy(GET_RPS_SCHEMA_1_0)
|
||||||
GET_RPS_SCHEMA_1_3['properties']['member_of'] = {
|
GET_RPS_SCHEMA_1_3['properties']['member_of'] = {
|
||||||
# TODO(mriedem): At some point we need to do jsonschema and/or uuid
|
|
||||||
# validation of the value(s) here.
|
|
||||||
"type": "string"
|
"type": "string"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -290,6 +288,13 @@ def list_resource_providers(req):
|
|||||||
value = value[3:].split(',')
|
value = value[3:].split(',')
|
||||||
else:
|
else:
|
||||||
value = [value]
|
value = [value]
|
||||||
|
# Make sure the values are actually UUIDs.
|
||||||
|
for aggr_uuid in value:
|
||||||
|
if not uuidutils.is_uuid_like(aggr_uuid):
|
||||||
|
raise webob.exc.HTTPBadRequest(
|
||||||
|
_('Invalid uuid value: %(uuid)s') %
|
||||||
|
{'uuid': aggr_uuid},
|
||||||
|
json_formatter=util.json_error_formatter)
|
||||||
filters[attr] = value
|
filters[attr] = value
|
||||||
if 'resources' in req.GET:
|
if 'resources' in req.GET:
|
||||||
resources = _normalize_resources_qs_param(req.GET['resources'])
|
resources = _normalize_resources_qs_param(req.GET['resources'])
|
||||||
|
@ -47,6 +47,12 @@ tests:
|
|||||||
response_json_paths:
|
response_json_paths:
|
||||||
$.resource_providers[0].uuid: 893337e9-1e55-49f0-bcfe-6a2f16fbf2f7
|
$.resource_providers[0].uuid: 893337e9-1e55-49f0-bcfe-6a2f16fbf2f7
|
||||||
|
|
||||||
|
- name: get by aggregates no result not a uuid
|
||||||
|
GET: '/resource_providers?member_of=not+a+uuid'
|
||||||
|
status: 400
|
||||||
|
response_strings:
|
||||||
|
- 'Invalid uuid value: not a uuid'
|
||||||
|
|
||||||
- name: associate an aggregate with rp2
|
- name: associate an aggregate with rp2
|
||||||
PUT: /resource_providers/5202c48f-c960-4eec-bde3-89c4f22a17b9/aggregates
|
PUT: /resource_providers/5202c48f-c960-4eec-bde3-89c4f22a17b9/aggregates
|
||||||
data:
|
data:
|
||||||
|
Loading…
Reference in New Issue
Block a user