Reviewed: https://review.openstack.org/387895 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=9204b34afc887edd927d1f16d577e0e3385000f6 Submitter: Jenkins Branch: master
commit 9204b34afc887edd927d1f16d577e0e3385000f6 Author: Dongcan Ye <hellocho...@gmail.com> Date: Tue Oct 18 17:44:04 2016 +0800 Validate type of allowed_address_pairs If user don't pass "type=dict list=true" in create/update port with allowed_address_pairs attribute, we will hit Quota exceed exception. So we need to check address_pairs type in validation, if allowed address pairs is not Python list, we should raise an exception. Change-Id: I7c84b728e8e660b678f251122cc332cd0ce5c576 Closes-Bug: #1631432 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1631432 Title: port-update fails if allowed_address_pair is not a dict Status in neutron: Fix Released Status in python-neutronclient: In Progress Bug description: CLI help is misleading. Neutron port-update called with parameters according to documentation returns an error. neutron help port-update .. --allowed-address-pair ip_address=IP_ADDR[,mac_address=MAC_ADDR] Allowed address pair associated with the port.You can repeat this option. # neutron port-update 3f36328f-0629-4e41-afa8-e2992815bcd0 --allowed-address-pairs ip_address=10.0.0.1 The number of allowed address pair exceeds the maximum 10. Neutron server returns request_ids: ['req-62e258cc-d47d-4ab7-8e69-a13c50865042'] Work correctly when specific data type is enforced: # neutron port-update 3f36328f-0629-4e41-afa8-e2992815bcd0 --allowed-address-pairs type=dict list=true ip_address=10.0.0.1 Updated port: 3f36328f-0629-4e41-afa8-e2992815bcd0 It always should be a list of dict, even when only one pair is given. CLI doc should be corrected. Furthermore, input data in neutron-server seem to be not validated correctly. The reason of misleading exception about exceeded number of address pairs is an implicit test of length of user data. In case of list of dict it is a number of elements of list - number of address pairs. When only one pair is given, it returns length of string "ip_address=10.0.0.1" == 20 what is greater than 10. There is a try-except clause for TypeError exception, but it is not thrown in this case. This bug is observed if there is no other pairs already defined on given port. In other case lists are merged and type error is thrown. def _validate_allowed_address_pairs(address_pairs, valid_values=None): .. try: if len(address_pairs) > cfg.CONF.max_allowed_address_pair: raise AllowedAddressPairExhausted( quota=cfg.CONF.max_allowed_address_pair) except TypeError: raise webob.exc.HTTPBadRequest( _("Allowed address pairs must be a list.")) To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1631432/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp