Validate rule uuids provided for update_policy

Add corresponding validation method to fwaas extension Change-Id: I643c10a996813d251684d3b5de04c8826729129f Closes-Bug: #1281083
2014-02-17 16:35:09 +04:00 · 2014-02-17 16:35:09 +04:00 · abca726e40
commit abca726e40
parent 368b7f858e
3 changed files with 15 additions and 1 deletions
--- a/neutron/extensions/firewall.py
+++ b/neutron/extensions/firewall.py
@ -243,6 +243,7 @@ RESOURCE_ATTRIBUTE_MAP = {
                   'is_visible': True, 'required_by_policy': True,
                   'enforce_policy': True},
        'firewall_rules': {'allow_post': True, 'allow_put': True,
+                           'validate': {'type:uuid_list': None},
                           'convert_to': attr.convert_none_to_empty_list,
                           'default': None, 'is_visible': True},
        'audited': {'allow_post': True, 'allow_put': True,
--- a/neutron/tests/unit/db/firewall/test_db_firewall.py
+++ b/neutron/tests/unit/db/firewall/test_db_firewall.py
@ -29,6 +29,7 @@ from neutron.db.firewall import firewall_db as fdb
 import neutron.extensions
 from neutron.extensions import firewall
 from neutron.openstack.common import importutils
+from neutron.openstack.common import uuidutils
 from neutron.plugins.common import constants
 from neutron.tests.unit import test_db_plugin

@ -477,7 +478,8 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase):
                                   self.firewall_rule(name='fwr2',
                                                      no_delete=True)) as fr:
                fw_rule_ids = [r['firewall_rule']['id'] for r in fr]
-                fw_rule_ids.append('12345')  # non-existent rule
+                # appending non-existent rule
+                fw_rule_ids.append(uuidutils.generate_uuid())
                data = {'firewall_policy':
                        {'firewall_rules': fw_rule_ids}}
                req = self.new_update_request('firewall_policies', data,
--- a/neutron/tests/unit/test_extension_firewall.py
+++ b/neutron/tests/unit/test_extension_firewall.py
@ -378,6 +378,17 @@ class FirewallExtensionTestCase(testlib_api.WebTestCase):
        self.assertIn('firewall_policy', res)
        self.assertEqual(res['firewall_policy'], return_value)

+    def test_firewall_policy_update_malformed_rules(self):
+        # emulating client request when no rule uuids are provided for
+        # --firewall_rules parameter
+        update_data = {'firewall_policy': {'firewall_rules': True}}
+        # have to check for generic AppError
+        self.assertRaises(
+            webtest.AppError,
+            self.api.put,
+            _get_path('fw/firewall_policies', id=_uuid(), fmt=self.fmt),
+            self.serialize(update_data))
+
    def test_firewall_policy_delete(self):
        self._test_entity_delete('firewall_policy')