From 76e3183ead6ac52fc744f51313bc0fd3b5f4d610 Mon Sep 17 00:00:00 2001
From: Wu Wenxiang <wu.wenxiang@99cloud.net>
Date: Sun, 16 Jun 2013 04:18:05 +0800
Subject: Http 400 when project enabled is not a boolean

Having enabled="true" in json data when updating tenant will produce 500

When updating a project, no type check was performed on the enabled
attribute. Therefore, if enabled value in JSON/XML is not a boolean but
a string, keystone responds with an incorrect Http 500 error code and
the stacktrace.

The change introduces a type validation of the enabled attribute at
identity manager. If the type is not a boolean, keystone now returns an
appropriate Http 400 error code with a message pointing a bad format for
the attribute.

Test cases have been added to file test_backend and test_content_types
for testing the case when enabled attribute is a string or int when
updating project.

Fixes bug #1191384

Change-Id: I86dd7e71d4bac1e3fd6fcabaa1a2136a47722e5f
---
 tests/test_backend.py | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'tests/test_backend.py')

diff --git a/tests/test_backend.py b/tests/test_backend.py
index 9e506928..e8042ab1 100644
--- a/tests/test_backend.py
+++ b/tests/test_backend.py
@@ -1553,6 +1553,25 @@ class IdentityTests(object):
                           'fake1',
                           user)
 
+    def test_update_project_invalid_enabled_type_string(self):
+            project = {'id': uuid.uuid4().hex,
+                       'name': uuid.uuid4().hex,
+                       'enabled': True,
+                       'domain_id': DEFAULT_DOMAIN_ID}
+            self.identity_man.create_project(EMPTY_CONTEXT,
+                                             project['id'],
+                                             project)
+            project_ref = self.identity_api.get_project(project['id'])
+            self.assertEqual(project_ref['enabled'], True)
+
+            # Strings are not valid boolean values
+            project['enabled'] = "false"
+            self.assertRaises(exception.ValidationError,
+                              self.identity_man.update_project,
+                              EMPTY_CONTEXT,
+                              project['id'],
+                              project)
+
     def test_create_project_invalid_enabled_type_string(self):
         project = {'id': uuid.uuid4().hex,
                    'name': uuid.uuid4().hex,
@@ -1773,11 +1792,22 @@ class IdentityTests(object):
         tenant_ref = self.identity_api.get_project('fake1')
         self.assertEqual(tenant_ref['enabled'], tenant['enabled'])
 
+        # If not present, enabled field should not be updated
+        del tenant['enabled']
+        self.identity_api.update_project('fake1', tenant)
+        tenant_ref = self.identity_api.get_project('fake1')
+        self.assertEqual(tenant_ref['enabled'], False)
+
         tenant['enabled'] = True
         self.identity_api.update_project('fake1', tenant)
         tenant_ref = self.identity_api.get_project('fake1')
         self.assertEqual(tenant_ref['enabled'], tenant['enabled'])
 
+        del tenant['enabled']
+        self.identity_api.update_project('fake1', tenant)
+        tenant_ref = self.identity_api.get_project('fake1')
+        self.assertEqual(tenant_ref['enabled'], True)
+
     def test_add_user_to_group(self):
         domain = self._get_domain_fixture()
         new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'],
-- 
cgit