diff options
| author | Tim Potter <tpot@hp.com> | 2013-01-29 22:30:12 +1100 |
|---|---|---|
| committer | Tim Potter <tpot@hp.com> | 2013-02-11 15:49:10 +1100 |
| commit | a92445e33d2cb27bc37a6db2fb736007fe7a7a16 (patch) | |
| tree | 1e207bb9ec3454c6244ebd52eaef2b801675ef0d /nova/tests | |
| parent | ce09c50c9253131396f713edbf11ca427341be0e (diff) | |
Disallow setting /0 for network other than 0.0.0.0
If something like 15.0.0.0/0 is set as an IP address range it ends up
being identical to 0.0.0.0/0 (i.e all access) which I don't think is
the intent of the user when they make the API call.
Change-Id: I3fc05371f461112feae4f1097777fede5fc6b948
Diffstat (limited to 'nova/tests')
| -rw-r--r-- | nova/tests/api/openstack/compute/contrib/test_security_groups.py | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/nova/tests/api/openstack/compute/contrib/test_security_groups.py b/nova/tests/api/openstack/compute/contrib/test_security_groups.py index ccb58f858..58f1862c3 100644 --- a/nova/tests/api/openstack/compute/contrib/test_security_groups.py +++ b/nova/tests/api/openstack/compute/contrib/test_security_groups.py @@ -1011,6 +1011,38 @@ class TestSecurityGroupRules(test.TestCase): self.controller.create, req, {'security_group_rule': rule}) + def test_create_rule_cidr_allow_all(self): + rule = security_group_rule_template(cidr='0.0.0.0/0') + + req = fakes.HTTPRequest.blank('/v2/fake/os-security-group-rules') + res_dict = self.controller.create(req, {'security_group_rule': rule}) + + security_group_rule = res_dict['security_group_rule'] + self.assertNotEquals(security_group_rule['id'], 0) + self.assertEquals(security_group_rule['parent_group_id'], + self.parent_security_group['id']) + self.assertEquals(security_group_rule['ip_range']['cidr'], + "0.0.0.0/0") + + def test_create_rule_cidr_allow_some(self): + rule = security_group_rule_template(cidr='15.0.0.0/8') + + req = fakes.HTTPRequest.blank('/v2/fake/os-security-group-rules') + res_dict = self.controller.create(req, {'security_group_rule': rule}) + + security_group_rule = res_dict['security_group_rule'] + self.assertNotEquals(security_group_rule['id'], 0) + self.assertEquals(security_group_rule['parent_group_id'], + self.parent_security_group['id']) + self.assertEquals(security_group_rule['ip_range']['cidr'], + "15.0.0.0/8") + + def test_create_rule_cidr_bad_netmask(self): + rule = security_group_rule_template(cidr='15.0.0.0/0') + req = fakes.HTTPRequest.blank('/v2/fake/os-security-group-rules') + self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, + req, {'security_group_rule': rule}) + class TestSecurityGroupRulesXMLDeserializer(test.TestCase): |