x/gantt
Code Issues Proposed changes

Merge "Verify security group parameters"

Browse Source
This commit is contained in:
Jenkins
2011-11-12 17:45:33 +00:00
committed by Gerrit Code Review
parent 648f4002db c4baa2365d
commit c814216004
3 changed files with 69 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nova/exception.py
View File

@@ -229,7 +229,7 @@ class InvalidVolumeType(Invalid):
class InvalidPortRange(Invalid):
message = _("Invalid port range %(from_port)s:%(to_port)s.")
message = _("Invalid port range %(from_port)s:%(to_port)s. %(msg)s")
class InvalidIpProtocol(Invalid):

48
nova/tests/test_api.py
View File

@@ -386,6 +386,50 @@ class ApiEc2TestCase(test.TestCase):
group.connection = self.ec2
group.authorize('tcp', 80, 81, '0.0.0.0/0')
group.authorize('icmp', -1, -1, '0.0.0.0/0')
group.authorize('udp', 80, 81, '0.0.0.0/0')
# Invalid CIDR address
self.assertRaises(Exception,
group.authorize, 'tcp', 80, 81, '0.0.0.0/0444')
# Missing ports
self.assertRaises(Exception,
group.authorize, 'tcp', '0.0.0.0/0')
# from port cannot be greater than to port
self.assertRaises(Exception,
group.authorize, 'tcp', 100, 1, '0.0.0.0/0')
# For tcp, negative values are not allowed
self.assertRaises(Exception,
group.authorize, 'tcp', -1, 1, '0.0.0.0/0')
# For tcp, valid port range 1-65535
self.assertRaises(Exception,
group.authorize, 'tcp', 1, 65599, '0.0.0.0/0')
# For icmp, only -1:-1 is allowed for type:code
self.assertRaises(Exception,
group.authorize, 'icmp', -1, 0, '0.0.0.0/0')
# Non valid type:code
self.assertRaises(Exception,
group.authorize, 'icmp', 0, 3, '0.0.0.0/0')
# Invalid Cidr for ICMP type
self.assertRaises(Exception,
group.authorize, 'icmp', -1, -1, '0.0.444.0/4')
# Invalid protocol
self.assertRaises(Exception,
group.authorize, 'xyz', 1, 14, '0.0.0.0/0')
# Invalid port
self.assertRaises(Exception,
group.authorize, 'tcp', " ", "81", '0.0.0.0/0')
# Invalid icmp port
self.assertRaises(Exception,
group.authorize, 'icmp', " ", "81", '0.0.0.0/0')
# Invalid CIDR Address
self.assertRaises(Exception,
group.authorize, 'icmp', -1, -1, '0.0.0.0')
# Invalid CIDR Address
self.assertRaises(Exception,
group.authorize, 'icmp', -1, -1, '0.0.0.0/')
# Invalid Cidr ports
self.assertRaises(Exception,
group.authorize, 'icmp', 1, 256, '0.0.0.0/0')
self.expect_http()
self.mox.ReplayAll()
@@ -394,7 +438,7 @@ class ApiEc2TestCase(test.TestCase):
group = [grp for grp in rv if grp.name == security_group_name][0]
self.assertEquals(len(group.rules), 1)
self.assertEquals(len(group.rules), 3)
self.assertEquals(int(group.rules[0].from_port), 80)
self.assertEquals(int(group.rules[0].to_port), 81)
self.assertEquals(len(group.rules[0].grants), 1)
@@ -405,6 +449,8 @@ class ApiEc2TestCase(test.TestCase):
group.connection = self.ec2
group.revoke('tcp', 80, 81, '0.0.0.0/0')
group.revoke('icmp', -1, -1, '0.0.0.0/0')
group.revoke('udp', 80, 81, '0.0.0.0/0')
self.expect_http()
self.mox.ReplayAll()

21
nova/utils.py
View File

@@ -37,6 +37,7 @@ import time
import types
import uuid
import pyclbr
import netaddr
from xml.sax import saxutils
from eventlet import event
@@ -908,6 +909,26 @@ def is_valid_ipv4(address):
return True
def is_valid_cidr(address):
"""Check if the provided ipv4 or ipv6 address is a valid
CIDR address or not"""
try:
# Validate the correct CIDR Address
netaddr.IPNetwork(address)
except netaddr.core.AddrFormatError:
return False
# Prior validation partially verify /xx part
# Verify it here
ip_segment = address.split('/')
if (len(ip_segment) <= 1 or
ip_segment[1] == ''):
return False
return True
def monkey_patch():
""" If the Flags.monkey_patch set as True,
this function patches a decorator