x/quark
Code Issues Proposed changes

Validates security group name and description

Browse Source 
RM11507

Security group names and descriptions are now correctly limited to 255
characters a piece, and an error will be thrown to the user if either is
greater.
This commit is contained in:
Matt Dietz
2015-03-07 00:14:05 +00:00
parent 9005ab23ff
commit f0cc0ae8d6
2 changed files with 37 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
quark/plugin_modules/security_groups.py
View File

@@ -27,6 +27,8 @@ from quark import protocols
CONF = cfg.CONF CONF = cfg.CONF
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
DEFAULT_SG_UUID = "00000000-0000-0000-0000-000000000000" DEFAULT_SG_UUID = "00000000-0000-0000-0000-000000000000"
GROUP_NAME_MAX_LENGTH = 255
GROUP_DESCRIPTION_MAX_LENGTH = 255
def _validate_security_group_rule(context, rule): def _validate_security_group_rule(context, rule):
@@ -63,13 +65,28 @@ def _validate_security_group_rule(context, rule):
return rule return rule
def _validate_security_group(security_group):
if "name" in security_group:
if len(security_group["name"]) > GROUP_NAME_MAX_LENGTH:
raise exceptions.InvalidInput(msg="Group name must be 255 "
"characters or less")
if security_group["name"] == "default":
raise sg_ext.SecurityGroupDefaultAlreadyExists()
if ("description" in security_group and
len(security_group["description"]) > GROUP_DESCRIPTION_MAX_LENGTH):
raise exceptions.InvalidInput(msg="Group description must be 255 "
"characters or less")
def create_security_group(context, security_group): def create_security_group(context, security_group):
LOG.info("create_security_group for tenant %s" % LOG.info("create_security_group for tenant %s" %
(context.tenant_id)) (context.tenant_id))
group = security_group["security_group"] group = security_group["security_group"]
_validate_security_group(group)
group_name = group.get('name', '') group_name = group.get('name', '')
if group_name == "default":
raise sg_ext.SecurityGroupDefaultAlreadyExists()
group_id = uuidutils.generate_uuid() group_id = uuidutils.generate_uuid()
with context.session.begin(): with context.session.begin():
@@ -178,6 +195,8 @@ def update_security_group(context, id, security_group):
if id == DEFAULT_SG_UUID: if id == DEFAULT_SG_UUID:
raise sg_ext.SecurityGroupCannotUpdateDefault() raise sg_ext.SecurityGroupCannotUpdateDefault()
new_group = security_group["security_group"] new_group = security_group["security_group"]
_validate_security_group(new_group)
with context.session.begin(): with context.session.begin():
group = db_api.security_group_find(context, id=id, scope=db_api.ONE) group = db_api.security_group_find(context, id=id, scope=db_api.ONE)
db_group = db_api.security_group_update(context, group, **new_group) db_group = db_api.security_group_update(context, group, **new_group)

16
quark/tests/plugin_modules/test_security_groups.py
View File

@@ -209,6 +209,22 @@ class TestQuarkCreateSecurityGroup(test_quark_plugin.TestQuarkPlugin):
self.context, {'security_group': group}) self.context, {'security_group': group})
self.assertTrue(group_create.called) self.assertTrue(group_create.called)
def test_create_security_group_name_too_long(self):
group = {'name': 'a' * 256, 'description': 'bar',
'tenant_id': self.context.tenant_id}
with self._stubs(group):
with self.assertRaises(exceptions.InvalidInput):
self.plugin.create_security_group(
self.context, {'security_group': group})
def test_create_security_group_description(self):
group = {'name': 'foo', 'description': 'b' * 256,
'tenant_id': self.context.tenant_id}
with self._stubs(group):
with self.assertRaises(exceptions.InvalidInput):
self.plugin.create_security_group(
self.context, {'security_group': group})
class TestQuarkDeleteSecurityGroup(test_quark_plugin.TestQuarkPlugin): class TestQuarkDeleteSecurityGroup(test_quark_plugin.TestQuarkPlugin):
@contextlib.contextmanager @contextlib.contextmanager