Reviewed: https://review.openstack.org/387895
Committed:
https://git.openstack.org/cgit/openstack/neutron/commit/?id=9204b34afc887edd927d1f16d577e0e3385000f6
Submitter: Jenkins
Branch: master
commit 9204b34afc887edd927d1f16d577e0e3385000f6
Author: Dongcan Ye <hellocho...@gmail.com>
Date: Tue Oct 18 17:44:04 2016 +0800
Validate type of allowed_address_pairs
If user don't pass "type=dict list=true" in create/update port
with allowed_address_pairs attribute, we will hit Quota exceed
exception. So we need to check address_pairs type in validation,
if allowed address pairs is not Python list, we should raise an
exception.
Change-Id: I7c84b728e8e660b678f251122cc332cd0ce5c576
Closes-Bug: #1631432
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1631432
Title:
port-update fails if allowed_address_pair is not a dict
Status in neutron:
Fix Released
Status in python-neutronclient:
In Progress
Bug description:
CLI help is misleading. Neutron port-update called with parameters
according to documentation returns an error.
neutron help port-update
..
--allowed-address-pair ip_address=IP_ADDR[,mac_address=MAC_ADDR]
Allowed address pair associated with the port.You can
repeat this option.
# neutron port-update 3f36328f-0629-4e41-afa8-e2992815bcd0
--allowed-address-pairs ip_address=10.0.0.1
The number of allowed address pair exceeds the maximum 10.
Neutron server returns request_ids:
['req-62e258cc-d47d-4ab7-8e69-a13c50865042']
Work correctly when specific data type is enforced:
# neutron port-update 3f36328f-0629-4e41-afa8-e2992815bcd0
--allowed-address-pairs type=dict list=true ip_address=10.0.0.1
Updated port: 3f36328f-0629-4e41-afa8-e2992815bcd0
It always should be a list of dict, even when only one pair is given.
CLI doc should be corrected.
Furthermore, input data in neutron-server seem to be not validated correctly.
The reason of misleading exception about exceeded number of address pairs is an
implicit test of length of user data. In case of list of dict it is a number of
elements of list - number of address pairs. When only one pair is given, it
returns length of string "ip_address=10.0.0.1" == 20 what is greater than 10.
There is a try-except clause for TypeError exception, but it is not thrown in
this case.
This bug is observed if there is no other pairs already defined on given
port. In other case lists are merged and type error is thrown.
def _validate_allowed_address_pairs(address_pairs, valid_values=None):
..
try:
if len(address_pairs) > cfg.CONF.max_allowed_address_pair:
raise AllowedAddressPairExhausted(
quota=cfg.CONF.max_allowed_address_pair)
except TypeError:
raise webob.exc.HTTPBadRequest(
_("Allowed address pairs must be a list."))
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1631432/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
