Commit 11df26b7 authored by Dionysis Grigoropoulos's avatar Dionysis Grigoropoulos
Browse files

cyclades: Fix numerous bugs in plankton views

* Check if the user specified an invalid disk/container format when
registering an image.
* Check if the user provided a valid disk/container format when
updating a registered image.
* Check if the user provided an image ID when registering/updating an
image.
* Check if the store type is within acceptable values.
* Properly handle unicode user input
parent 9f021a39
......@@ -70,6 +70,12 @@ ADD_FIELDS = ('name', 'id', 'store', 'disk_format', 'container_format', 'size',
UPDATE_FIELDS = ('name', 'disk_format', 'container_format', 'is_public',
'owner', 'properties', 'status')
DISK_FORMATS = ('diskdump', 'extdump', 'ntfsdump')
CONTAINER_FORMATS = ('aki', 'ari', 'ami', 'bare', 'ovf')
STORE_TYPES = ('pithos')
log = getLogger('synnefo.plankton')
......@@ -81,10 +87,10 @@ def _create_image_response(image):
if key == 'properties':
for k, v in image.get('properties', {}).items():
name = 'x-image-meta-property-' + k.replace('_', '-')
response[name] = v
response[name] = uenc(v)
else:
name = 'x-image-meta-' + key.replace('_', '-')
response[name] = image.get(key, '')
response[name] = uenc(image.get(key, ''))
return response
......@@ -157,6 +163,8 @@ def add_image(request):
except InvalidLocation:
raise faults.BadRequest("Invalid location '%s'" % location)
validate_fields(params)
if location:
with image_backend(request.user_uniq) as backend:
image = backend.register(name, location, params)
......@@ -376,6 +384,8 @@ def update_image(request, image_id):
if not set(meta.keys()).issubset(set(UPDATE_FIELDS)):
raise faults.BadRequest("Invalid metadata")
validate_fields(meta)
with image_backend(request.user_uniq) as backend:
image = backend.update_metadata(image_id, meta)
return _create_image_response(image)
......@@ -404,3 +414,23 @@ def update_image_members(request, image_id):
with image_backend(request.user_uniq) as backend:
backend.replace_users(image_id, members)
return HttpResponse(status=204)
def validate_fields(params):
if "id" in params:
raise faults.BadRequest("Setting the image ID is not supported")
if "store" in params:
if params["store"] not in STORE_TYPES:
raise faults.BadRequest("Invalid store type '%s'" %
params["store"])
if "disk_format" in params:
if params["disk_format"] not in DISK_FORMATS:
raise faults.BadRequest("Invalid disk format '%s'" %
params['disk_format'])
if "container_format" in params:
if params["container_format"] not in CONTAINER_FORMATS:
raise faults.BadRequest("Invalid container format '%s'" %
params['container_format'])
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment