Validates security group name and description

RM11507 Security group names and descriptions are now correctly limited to 255 characters a piece, and an error will be thrown to the user if either is greater.
2015-03-07 00:14:05 +00:00
parent 9005ab23ff
commit f0cc0ae8d6
2 changed files with 37 additions and 2 deletions
--- a/quark/plugin_modules/security_groups.py
+++ b/quark/plugin_modules/security_groups.py
@@ -27,6 +27,8 @@ from quark import protocols
 CONF = cfg.CONF
 LOG = logging.getLogger(__name__)
 DEFAULT_SG_UUID = "00000000-0000-0000-0000-000000000000"
+GROUP_NAME_MAX_LENGTH = 255
+GROUP_DESCRIPTION_MAX_LENGTH = 255


 def _validate_security_group_rule(context, rule):
@@ -63,13 +65,28 @@ def _validate_security_group_rule(context, rule):
    return rule


+def _validate_security_group(security_group):
+    if "name" in security_group:
+        if len(security_group["name"]) > GROUP_NAME_MAX_LENGTH:
+            raise exceptions.InvalidInput(msg="Group name must be 255 "
+                                              "characters or less")
+
+        if security_group["name"] == "default":
+            raise sg_ext.SecurityGroupDefaultAlreadyExists()
+
+    if ("description" in security_group and
+            len(security_group["description"]) > GROUP_DESCRIPTION_MAX_LENGTH):
+        raise exceptions.InvalidInput(msg="Group description must be 255 "
+                                          "characters or less")
+
+
 def create_security_group(context, security_group):
    LOG.info("create_security_group for tenant %s" %
             (context.tenant_id))
    group = security_group["security_group"]
+    _validate_security_group(group)
+
    group_name = group.get('name', '')
-    if group_name == "default":
-        raise sg_ext.SecurityGroupDefaultAlreadyExists()
    group_id = uuidutils.generate_uuid()

    with context.session.begin():
@@ -178,6 +195,8 @@ def update_security_group(context, id, security_group):
    if id == DEFAULT_SG_UUID:
        raise sg_ext.SecurityGroupCannotUpdateDefault()
    new_group = security_group["security_group"]
+    _validate_security_group(new_group)
+
    with context.session.begin():
        group = db_api.security_group_find(context, id=id, scope=db_api.ONE)
        db_group = db_api.security_group_update(context, group, **new_group)
--- a/quark/tests/plugin_modules/test_security_groups.py
+++ b/quark/tests/plugin_modules/test_security_groups.py
@@ -209,6 +209,22 @@ class TestQuarkCreateSecurityGroup(test_quark_plugin.TestQuarkPlugin):
                    self.context, {'security_group': group})
                self.assertTrue(group_create.called)

+    def test_create_security_group_name_too_long(self):
+        group = {'name': 'a' * 256, 'description': 'bar',
+                 'tenant_id': self.context.tenant_id}
+        with self._stubs(group):
+            with self.assertRaises(exceptions.InvalidInput):
+                self.plugin.create_security_group(
+                    self.context, {'security_group': group})
+
+    def test_create_security_group_description(self):
+        group = {'name': 'foo', 'description': 'b' * 256,
+                 'tenant_id': self.context.tenant_id}
+        with self._stubs(group):
+            with self.assertRaises(exceptions.InvalidInput):
+                self.plugin.create_security_group(
+                    self.context, {'security_group': group})
+

 class TestQuarkDeleteSecurityGroup(test_quark_plugin.TestQuarkPlugin):
    @contextlib.contextmanager