x/ranger
Code Issues Proposed changes

Disallow invalid characters in project tags

Browse Source 
Change-Id: I94060392fcc20291ccba2a460868afe63e5a379b
This commit is contained in:
stewie925 2019-06-06 16:22:23 -07:00
parent 0eb5de0fca
commit bb91786345
3 changed files with 46 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
orm/services/customer_manager/cms_rest/controllers/v1/orm/customer/metadata.py
View File

@ -3,6 +3,7 @@ from wsmeext.pecan import wsexpose
from orm.common.orm_common.utils import api_error_utils as err_utils
from orm.common.orm_common.utils import utils
from orm.services.customer_manager.cms_rest.data.sql_alchemy.models import CustomerMetadata
from orm.services.customer_manager.cms_rest.logger import get_logger
from orm.services.customer_manager.cms_rest.logic.error_base import ErrorStatus
import orm.services.customer_manager.cms_rest.logic.metadata_logic as logic
@ -13,10 +14,17 @@ LOG = get_logger(__name__)
class MetadataController(rest.RestController):
def check_metadata_values(self, metadata):
cust_metadata = CustomerMetadata()
for key, value in metadata.metadata.iteritems():
cust_metadata.validate_metadata(key, value)
@wsexpose(CustomerResultWrapper, str, body=MetadataWrapper, rest_content_types='json')
def post(self, customer_uuid, metadata):
authentication.authorize(request, 'customers:add_metadata')
try:
self.check_metadata_values(metadata)
res = logic.add_customer_metadata(customer_uuid, metadata, request.transaction_id)
event_details = 'Customer {} metadata added'.format(customer_uuid)
@ -30,10 +38,13 @@ class MetadataController(rest.RestController):
except ValueError as ex:
raise err_utils.get_error(request.transaction_id,
message=ex.message, status_code=404)
except ErrorStatus as ex:
LOG.log_exception("MetaDataController - Failed to add metadata", ex)
raise err_utils.get_error(request.transaction_id,
status_code=ex.status_code)
LOG.log_exception("MetaDataController - Failed to add metadata", ex)
raise err_utils.get_error(request.transaction_id,
message=ex.message,
status_code=ex.status_code)
except LookupError as ex:
LOG.log_exception("MetaDataController - {0}".format(ex.message), ex)
raise err_utils.get_error(request.transaction_id,
@ -47,6 +58,8 @@ class MetadataController(rest.RestController):
def put(self, customer_uuid, metadata):
authentication.authorize(request, 'customers:update_metadata')
try:
self.check_metadata_values(metadata)
res = logic.update_customer_metadata(customer_uuid, metadata, request.transaction_id)
event_details = 'Customer {} metadata updated'.format(customer_uuid)
@ -63,6 +76,7 @@ class MetadataController(rest.RestController):
except ErrorStatus as ex:
LOG.log_exception("MetaDataController - Failed to add metadata", ex)
raise err_utils.get_error(request.transaction_id,
message=ex.message,
status_code=ex.status_code)
except LookupError as ex:
LOG.log_exception("MetaDataController - {0}".format(ex.message), ex)

30
orm/services/customer_manager/cms_rest/data/sql_alchemy/models.py
View File

@ -1,7 +1,9 @@
from orm.services.customer_manager.cms_rest.data.sql_alchemy.base import Base
from orm.services.customer_manager.cms_rest.logic.error_base import ErrorStatus
import orm.services.customer_manager.cms_rest.model.GroupModels as GroupWsmeModels
import orm.services.customer_manager.cms_rest.model.Models as WsmeModels
from oslo_db.sqlalchemy import models
import re
from sqlalchemy import Column, ForeignKey, Integer, SmallInteger, String
from sqlalchemy.orm import relationship
@ -538,18 +540,40 @@ class Customer(Base, CMSBaseModel):
'''
' CustomerMetadata is a DataObject and contains all the fields defined in customer_metadata table record.
' defined as SqlAlchemy model map to a table
' CustomerMetadata is a DataObject and contains all the fields defined in customer_metadata
' table record, defined as SqlAlchemy model map to a table
'''
class CustomerMetadata(Base, CMSBaseModel):
__tablename__ = "customer_metadata"
customer_id = Column(Integer, ForeignKey('customer.id'), primary_key=True, nullable=False)
customer_id = Column(Integer, ForeignKey('customer.id'), primary_key=True,
nullable=False)
field_key = Column(String(64), primary_key=True, nullable=False)
field_value = Column(String(64), nullable=False)
def validate_metadata(self, field_key, field_value):
''' Check invalid chars in metadata key/value pair
Metadata key/value strings must not have special
characters listed inside square bracket
as follows [ ',' '/', ':', '=', '?']
'''
invalid_chars = '[/,?=:]'
bad_key = re.findall(invalid_chars, field_key)
bad_value = re.findall(invalid_chars, field_value)
if bad_key:
raise ErrorStatus(
400, "Metadata key '%s' contains one or more invalid "
"characters %s" % (field_key, str(list(set(bad_key)))))
if bad_value:
raise ErrorStatus(
400, "Metadata value '%s' contains one or more invalid "
"characters %s" % (field_value, str(list(set(bad_value)))))
def __json__(self):
return dict(
customer_id=self.customer_id,

2
orm/services/customer_manager/cms_rest/logic/customer_logic.py
View File

@ -20,6 +20,7 @@ LOG = get_logger(__name__)
class CustomerLogic(object):
def build_full_customer(self, customer, uuid, datamanager):
cust_metadata = CustomerMetadata()
if any(char in ":" for char in customer.name):
raise ErrorStatus(400, "Customer Name does not allow colon(:).")
@ -29,6 +30,7 @@ class CustomerLogic(object):
sql_customer = datamanager.add_customer(customer, uuid)
for key, value in customer.metadata.iteritems():
cust_metadata.validate_metadata(key, value)
metadata = CustomerMetadata(field_key=key, field_value=value)
sql_customer.customer_metadata.append(metadata)