Disallow invalid characters in project tags

Change-Id: I94060392fcc20291ccba2a460868afe63e5a379b

orm/services/customer_manager/cms_rest/controllers/v1/orm/customer/metadata.py

@@ -3,6 +3,7 @@ from wsmeext.pecan import wsexpose
 
 from orm.common.orm_common.utils import api_error_utils as err_utils
 from orm.common.orm_common.utils import utils
+from orm.services.customer_manager.cms_rest.data.sql_alchemy.models import CustomerMetadata
 from orm.services.customer_manager.cms_rest.logger import get_logger
 from orm.services.customer_manager.cms_rest.logic.error_base import ErrorStatus
 import orm.services.customer_manager.cms_rest.logic.metadata_logic as logic
@@ -13,10 +14,17 @@ LOG = get_logger(__name__)
 
 
 class MetadataController(rest.RestController):
+
+    def check_metadata_values(self, metadata):
+        cust_metadata = CustomerMetadata()
+        for key, value in metadata.metadata.iteritems():
+            cust_metadata.validate_metadata(key, value)
+
     @wsexpose(CustomerResultWrapper, str, body=MetadataWrapper, rest_content_types='json')
     def post(self, customer_uuid, metadata):
         authentication.authorize(request, 'customers:add_metadata')
         try:
+            self.check_metadata_values(metadata)
             res = logic.add_customer_metadata(customer_uuid, metadata, request.transaction_id)
 
             event_details = 'Customer {} metadata added'.format(customer_uuid)
@@ -30,10 +38,13 @@ class MetadataController(rest.RestController):
         except ValueError as ex:
             raise err_utils.get_error(request.transaction_id,
                                       message=ex.message, status_code=404)
+
         except ErrorStatus as ex:
                 LOG.log_exception("MetaDataController - Failed to add metadata", ex)
                 raise err_utils.get_error(request.transaction_id,
+                                          message=ex.message,
                                           status_code=ex.status_code)
+
         except LookupError as ex:
             LOG.log_exception("MetaDataController - {0}".format(ex.message), ex)
             raise err_utils.get_error(request.transaction_id,
@@ -47,6 +58,8 @@ class MetadataController(rest.RestController):
     def put(self, customer_uuid, metadata):
         authentication.authorize(request, 'customers:update_metadata')
         try:
+
+            self.check_metadata_values(metadata)
             res = logic.update_customer_metadata(customer_uuid, metadata, request.transaction_id)
 
             event_details = 'Customer {} metadata updated'.format(customer_uuid)
@@ -63,6 +76,7 @@ class MetadataController(rest.RestController):
         except ErrorStatus as ex:
             LOG.log_exception("MetaDataController - Failed to add metadata", ex)
             raise err_utils.get_error(request.transaction_id,
+                                      message=ex.message,
                                       status_code=ex.status_code)
         except LookupError as ex:
             LOG.log_exception("MetaDataController - {0}".format(ex.message), ex)

orm/services/customer_manager/cms_rest/data/sql_alchemy/models.py

@@ -1,7 +1,9 @@
 from orm.services.customer_manager.cms_rest.data.sql_alchemy.base import Base
+from orm.services.customer_manager.cms_rest.logic.error_base import ErrorStatus
 import orm.services.customer_manager.cms_rest.model.GroupModels as GroupWsmeModels
 import orm.services.customer_manager.cms_rest.model.Models as WsmeModels
 from oslo_db.sqlalchemy import models
+import re
 
 from sqlalchemy import Column, ForeignKey, Integer, SmallInteger, String
 from sqlalchemy.orm import relationship
@@ -538,18 +540,40 @@ class Customer(Base, CMSBaseModel):
 
 
 '''
-' CustomerMetadata is a DataObject and contains all the fields defined in customer_metadata table record.
+' CustomerMetadata is a DataObject and contains all the fields defined in customer_metadata
-' defined as SqlAlchemy model map to a table
+'  table record, defined as SqlAlchemy model map to a table
 '''
 
 
 class CustomerMetadata(Base, CMSBaseModel):
     __tablename__ = "customer_metadata"
 
-    customer_id = Column(Integer, ForeignKey('customer.id'), primary_key=True, nullable=False)
+    customer_id = Column(Integer, ForeignKey('customer.id'), primary_key=True,
+                         nullable=False)
     field_key = Column(String(64), primary_key=True, nullable=False)
     field_value = Column(String(64), nullable=False)
 
+    def validate_metadata(self, field_key, field_value):
+        ''' Check invalid chars in metadata key/value pair
+
+        Metadata key/value strings must not have special
+        characters listed inside square bracket
+        as follows  [ ',' '/', ':', '=', '?']
+        '''
+
+        invalid_chars = '[/,?=:]'
+        bad_key = re.findall(invalid_chars, field_key)
+        bad_value = re.findall(invalid_chars, field_value)
+
+        if bad_key:
+            raise ErrorStatus(
+                400, "Metadata key '%s' contains one or more invalid "
+                     "characters %s" % (field_key, str(list(set(bad_key)))))
+        if bad_value:
+            raise ErrorStatus(
+                400, "Metadata value '%s' contains one or more invalid "
+                     "characters %s" % (field_value, str(list(set(bad_value)))))
+
     def __json__(self):
         return dict(
             customer_id=self.customer_id,

orm/services/customer_manager/cms_rest/logic/customer_logic.py

@@ -20,6 +20,7 @@ LOG = get_logger(__name__)
 
 class CustomerLogic(object):
     def build_full_customer(self, customer, uuid, datamanager):
+        cust_metadata = CustomerMetadata()
         if any(char in ":" for char in customer.name):
             raise ErrorStatus(400, "Customer Name does not allow colon(:).")
 
@@ -29,6 +30,7 @@ class CustomerLogic(object):
         sql_customer = datamanager.add_customer(customer, uuid)
 
         for key, value in customer.metadata.iteritems():
+            cust_metadata.validate_metadata(key, value)
             metadata = CustomerMetadata(field_key=key, field_value=value)
             sql_customer.customer_metadata.append(metadata)