diff options
| author | Jenkins <jenkins@review.openstack.org> | 2013-02-12 13:45:43 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-02-12 13:45:43 +0000 |
| commit | b64c53e0368ea63d8cd4beb71dabce9987b9bb54 (patch) | |
| tree | f2a80700f5bf237353f8fb027c4286c0daf2c962 /nova/api | |
| parent | 31f08a3869f3f88fa0cc3af48b920bda0394f4c5 (diff) | |
| parent | a92445e33d2cb27bc37a6db2fb736007fe7a7a16 (diff) | |
| download | nova-b64c53e0368ea63d8cd4beb71dabce9987b9bb54.tar.gz nova-b64c53e0368ea63d8cd4beb71dabce9987b9bb54.tar.xz nova-b64c53e0368ea63d8cd4beb71dabce9987b9bb54.zip | |
Merge "Disallow setting /0 for network other than 0.0.0.0"
Diffstat (limited to 'nova/api')
| -rw-r--r-- | nova/api/openstack/compute/contrib/security_groups.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/nova/api/openstack/compute/contrib/security_groups.py b/nova/api/openstack/compute/contrib/security_groups.py index a15c395ae..c49e7af70 100644 --- a/nova/api/openstack/compute/contrib/security_groups.py +++ b/nova/api/openstack/compute/contrib/security_groups.py @@ -30,6 +30,7 @@ from nova.compute import api as compute_api from nova import db from nova import exception from nova.openstack.common import log as logging +from nova.virt import netutils LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('compute', 'security_groups') @@ -332,6 +333,12 @@ class SecurityGroupRulesController(SecurityGroupControllerBase): values['parent_group_id'] = security_group.id + if 'cidr' in values: + net, prefixlen = netutils.get_net_and_prefixlen(values['cidr']) + if net != '0.0.0.0' and prefixlen == '0': + msg = _("Bad prefix for network in cidr %s") % values['cidr'] + raise exc.HTTPBadRequest(explanation=msg) + if self.security_group_api.rule_exists(security_group, values): msg = _('This rule already exists in group %s') % parent_group_id raise exc.HTTPBadRequest(explanation=msg) |