From 2b619e271624eb84947a9a9596745d06efe81b08 Mon Sep 17 00:00:00 2001 From: Janis Gengeris Date: Tue, 1 Jan 2013 22:28:41 +0200 Subject: Adds os-volume_attachments 'volume_id' validation If you POST to os-volume_attachments but give the name of the volume instead of a UUID, it returns a 404 error; this is invalid HTTP. 404 means that the Request-URI has not been found. In fact, the Request-URI has been found, but a child attribute has been incorrectly specified. Some other error could be used. This fixes the problem by returning 'BadRequest' in place of 'NotFound'. The 'volumeId' is checked to be a valid UUID string before moving further. Fixes bug #1062494 Change-Id: Icc5dbc7ac94051514709997457cafb16e870bea9 --- nova/api/openstack/compute/contrib/volumes.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'nova/api') diff --git a/nova/api/openstack/compute/contrib/volumes.py b/nova/api/openstack/compute/contrib/volumes.py index abdef3a7d..9564921f4 100644 --- a/nova/api/openstack/compute/contrib/volumes.py +++ b/nova/api/openstack/compute/contrib/volumes.py @@ -26,6 +26,7 @@ from nova.api.openstack import xmlutil from nova import compute from nova import exception from nova.openstack.common import log as logging +from nova.openstack.common import uuidutils from nova import utils from nova import volume @@ -365,6 +366,12 @@ class VolumeAttachmentController(wsgi.Controller): instance['uuid'], assigned_mountpoint)} + def _validate_volume_id(self, volume_id): + if not uuidutils.is_uuid_like(volume_id): + msg = _("Bad volumeId format: volumeId is " + "not in proper format (%s)") % volume_id + raise exc.HTTPBadRequest(explanation=msg) + @wsgi.serializers(xml=VolumeAttachmentTemplate) def create(self, req, server_id, body): """Attach a volume to an instance.""" @@ -377,6 +384,8 @@ class VolumeAttachmentController(wsgi.Controller): volume_id = body['volumeAttachment']['volumeId'] device = body['volumeAttachment'].get('device') + self._validate_volume_id(volume_id) + msg = _("Attach volume %(volume_id)s to instance %(server_id)s" " at %(device)s") % locals() LOG.audit(msg, context=context) -- cgit