neutron

neutron-lbaas tempest v2 api negative test-cases with invalid tenant-id fails

Bug #1441512 reported by santosh on 2015-04-08

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	neutron	Expired	Undecided	venkata anil

Bug Description

Tempest v2 api negative tests for invalid or empty tenantid fails as tenant id is not validated at plugin layer.

1. In Case of looging noop driver (no validation is done by driver ) ,
In test , create returns success whereas it excepts BadRequest.

0} neutron_lbaas.tests.tempest.v2.api.test_members.MemberTestJSON.test_create_member_empty_tenant_id [0.590837s] ... FAILED

Captured traceback:
~~~~~~~~~~~~~~~~~~~
    Traceback (most recent call last):
      File "neutron_lbaas/tests/tempest/v2/api/test_members.py", line 244, in test_create_member_empty_tenant_id
        self.pool_id, **member_opts)
      File "/opt/stack/neutron-lbaas/.tox/tempest/local/lib/python2.7/site-packages/testtools/testcase.py", line 422, in assertRaises
        self.assertThat(our_callable, matcher)
      File "/opt/stack/neutron-lbaas/.tox/tempest/local/lib/python2.7/site-packages/testtools/testcase.py", line 435, in assertThat
        raise mismatch_error
    testtools.matchers._impl.MismatchError: <bound method type._create_member of <class 'neutron_lbaas.tests.tempest.v2.api.test_members.MemberTestJSON'>> returned {u'protocol_port': 80, u'weight': 1, u'admin_state_up': True, u'subnet_id': u'e20c013e-33d0-4752-883d-b78bd45ef0ea', u'tenant_id': u'', u'address': u'127.0.0.1', u'id': u'3f8d811f-ab69-44f8-ae18-8fc20a94b228'}

2.In case of if Backend Driver (Say NetScaler) ,driver is raising BadRequest .
==================================================================
       return self._callable_object(*self._args, **self._kwargs)
      File "neutron_lbaas/tests/tempest/v2/api/base.py", line 252, in _create_member
        member = cls.members_client.create_member(pool_id, **member_kwargs)
      File "neutron_lbaas/tests/tempest/v2/clients/members_client.py", line 51, in create_member
        resp, body = self.post(url, post_body)
      File "/opt/stack/neutron-lbaas/.tox/tempest/local/lib/python2.7/site-packages/tempest_lib/common/rest_client.py", line 252, in post
        return self.request('POST', url, extra_headers, headers, body)
      File "/opt/stack/neutron-lbaas/.tox/tempest/src/tempest/tempest/common/service_client.py", line 83, in request
        raise exceptions.ServerFault(ex)
    tempest.exceptions.ServerFault: Got server fault
    Details: Got server fault
    Details: An error happened in the driver
===================================================================

Above behavior is observed as ,at plugin layer all Exceptions from Driver is raised as same Driver Exception.

plugin.y
     def _call_driver_operation(self, context, driver_method, db_entity,
                               old_db_entity=None):
        manager_method = "%s.%s" % (driver_method.__self__.__class__.__name__,
                                    driver_method.__name__)
        LOG.info(_LI("Calling driver operation %s") % manager_method)
        try:
            if old_db_entity:
                driver_method(context, old_db_entity, db_entity)
            else:
                driver_method(context, db_entity)
        # catching and reraising agent issues
        except (lbaas_agentschedulerv2.NoEligibleLbaasAgent,
                lbaas_agentschedulerv2.NoActiveLbaasAgent) as no_agent:
            raise no_agent
        except Exception:
            LOG.exception(_LE("There was an error in the driver"))
            self._handle_driver_error(context, db_entity)
            raise loadbalancerv2.DriverError() #<-------------- bad request is raised as Driver Error

Negative Testcases:-

test_create_listener_invalid_tenant_id()
test_create_listener_invalid_empty_tenant_id()
test_create_member_invalid_tenant_id()
test_create_member_empty_tenant_id()

Tags:

Revision history for this message

Eugene Nikanorov (enikanorov) wrote on 2015-04-08:

I don't think it makes sense to file bugs about tenant_id validation until OS-wide design decision is made about this.

To abuse API with incorrect tenant id one needs to be admin; so currently the issue brings low risks.

Changed in neutron:
status:	New → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-06-08:

[Expired for neutron because there has been no activity for 60 days.]

Changed in neutron:
status:	Incomplete → Expired

venkata anil (anil-venkata) on 2015-06-09

Changed in neutron:
assignee:	nobody → venkata anil (anil-venkata)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.