Do not allow bad keys while updating quota

Raise 400 (bad request) error instead of 200 (ok) if bad keys are passed to the update quota request Closes-Bug: #1248815 Change-Id: Iaefaa4961dd3783dfab15f843cbb2dcb12195a7d
openstack · Nov 13, 2013 · 0d91b1a · 0d91b1a
1 parent fac9cf8
commit 0d91b1a
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 11 deletions.
diff --git a/cinder/api/contrib/quotas.py b/cinder/api/contrib/quotas.py
@@ -23,11 +23,13 @@
 from cinder import db
 from cinder.db.sqlalchemy import api as sqlalchemy_api
 from cinder import exception
+from cinder.openstack.common.gettextutils import _
 from cinder.openstack.common import strutils
 from cinder import quota
 
 
 QUOTAS = quota.QUOTAS
+NON_QUOTA_KEYS = ['tenant_id', 'id']
 
 
 authorize_update = extensions.extension_authorizer('volume', 'quotas:update')
@@ -96,16 +98,29 @@ def update(self, req, id, body):
         context = req.environ['cinder.context']
         authorize_update(context)
         project_id = id
+        bad_keys = []
+
+        for key, value in body['quota_set'].items():
+            if (key not in QUOTAS and key not in NON_QUOTA_KEYS):
+                bad_keys.append(key)
+                continue
+
+        if len(bad_keys) > 0:
+            msg = _("Bad key(s) in quota set: %s") % ",".join(bad_keys)
+            raise webob.exc.HTTPBadRequest(explanation=msg)
+
         for key in body['quota_set'].keys():
-            if key in QUOTAS:
-                self._validate_quota_limit(body['quota_set'][key])
-                value = int(body['quota_set'][key])
-                try:
-                    db.quota_update(context, project_id, key, value)
-                except exception.ProjectQuotaNotFound:
-                    db.quota_create(context, project_id, key, value)
-                except exception.AdminRequired:
-                    raise webob.exc.HTTPForbidden()
+            if key in NON_QUOTA_KEYS:
+                continue
+
+            self._validate_quota_limit(body['quota_set'][key])
+            value = int(body['quota_set'][key])
+            try:
+                db.quota_update(context, project_id, key, value)
+            except exception.ProjectQuotaNotFound:
+                db.quota_create(context, project_id, key, value)
+            except exception.AdminRequired:
+                raise webob.exc.HTTPForbidden()
         return {'quota_set': self._get_quotas(context, id)}
 
     @wsgi.serializers(xml=QuotaTemplate)

diff --git a/cinder/tests/api/contrib/test_quotas.py b/cinder/tests/api/contrib/test_quotas.py
@@ -83,8 +83,8 @@ def test_update(self):
 
     def test_update_wrong_key(self):
         body = {'quota_set': {'bad': 'bad'}}
-        result = self.controller.update(self.req, 'foo', body)
-        self.assertDictMatch(result, make_body(tenant_id=None))
+        self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update,
+                          self.req, 'foo', body)
 
     def test_update_invalid_key_value(self):
         body = {'quota_set': {'gigabytes': "should_be_int"}}