diff options
| author | Jenkins <jenkins@review.openstack.org> | 2014-11-23 04:12:50 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2014-11-23 04:12:50 +0000 |
| commit | f6b1b5e076e23d217ac732999e0e9f7c5e8eaabb (patch) | |
| tree | d96129dafb88d312c3508a918dc57a5af2cdeb98 | |
| parent | f54fa8fa56d3708d5ef5b0173d9f6e4dce7130f2 (diff) | |
| parent | bd92689e4915f6dfe4ca72c802146ecd5d206bcf (diff) | |
| download | keystone-f6b1b5e076e23d217ac732999e0e9f7c5e8eaabb.tar.gz | |
Merge "Adds IPv6 url validation support" into stable/juno
| -rw-r--r-- | keystone/common/validation/parameter_types.py | 16 | ||||
| -rw-r--r-- | keystone/tests/test_validation.py | 75 |
2 files changed, 60 insertions, 31 deletions
diff --git a/keystone/common/validation/parameter_types.py b/keystone/common/validation/parameter_types.py index 4ee08e132..c5908836e 100644 --- a/keystone/common/validation/parameter_types.py +++ b/keystone/common/validation/parameter_types.py @@ -45,18 +45,10 @@ url = { 'type': 'string', 'minLength': 0, 'maxLength': 225, - # NOTE(lbragstad): Using a regular expression here instead of the - # FormatChecker object that is built into jsonschema. The FormatChecker - # can validate URI formats but it depends on rfc3987 to do that - # validation, and rfc3987 is GPL licensed. For our purposes here we will - # use a regex and not rely on rfc3987 to validate URIs. - 'pattern': '^https?://' - '(?:(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)' - '+[a-zA-Z]{2,6}\.?|' - 'localhost|' - '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' - '(?::\d+)?' - '(?:/?|[/?]\S+)$' + # NOTE(edmondsw): we could do more to validate per various RFCs, but + # decision was made to err on the side of leniency. The following is based + # on rfc1738 section 2.1 + 'pattern': '[a-zA-Z0-9+.-]+:.+' } email = { diff --git a/keystone/tests/test_validation.py b/keystone/tests/test_validation.py index 317b30b03..beff07c42 100644 --- a/keystone/tests/test_validation.py +++ b/keystone/tests/test_validation.py @@ -72,6 +72,20 @@ _VALID_ENABLED_FORMATS = [True, False] _INVALID_ENABLED_FORMATS = ['some string', 1, 0, 'True', 'False'] +_VALID_URLS = ['https://example.com', 'http://EXAMPLE.com/v3', + 'http://localhost', 'http://127.0.0.1:5000', + 'http://1.1.1.1', 'http://255.255.255.255', + 'http://[::1]', 'http://[::1]:35357', + 'http://[1::8]', 'http://[fe80::8%25eth0]', + 'http://[::1.2.3.4]', 'http://[2001:DB8::1.2.3.4]', + 'http://[::a:1.2.3.4]', 'http://[a::b:1.2.3.4]', + 'http://[1:2:3:4:5:6:7:8]', 'http://[1:2:3:4:5:6:1.2.3.4]', + 'http://[abcd:efAB:CDEF:1111:9999::]'] + +_INVALID_URLS = [False, 'this is not a URL', 1234, 'www.example.com', + 'localhost', 'http//something.com', + 'https//something.com'] + class EntityValidationTestCase(testtools.TestCase): @@ -156,22 +170,14 @@ class EntityValidationTestCase(testtools.TestCase): def test_create_entity_with_valid_urls_validates(self): """Test that proper urls are successfully validated.""" - valid_urls = ['https://169.254.0.1', 'https://example.com', - 'https://EXAMPLE.com', 'https://127.0.0.1:35357', - 'https://localhost'] - - for valid_url in valid_urls: + for valid_url in _VALID_URLS: request_to_validate = {'name': self.resource_name, 'url': valid_url} self.create_schema_validator.validate(request_to_validate) def test_create_entity_with_invalid_urls_fails(self): """Test that an exception is raised when validating improper urls.""" - invalid_urls = ['http//something.com', - 'https//something.com', - 'https://9.9.9'] - - for invalid_url in invalid_urls: + for invalid_url in _INVALID_URLS: request_to_validate = {'name': self.resource_name, 'url': invalid_url} self.assertRaises(exception.SchemaValidationError, @@ -706,11 +712,6 @@ class CredentialValidationTestCase(testtools.TestCase): class RegionValidationTestCase(testtools.TestCase): """Test for V3 Region API validation.""" - _valid_url_types = ['https://example.com', 'http://example.com', - 'http://localhost', 'http://127.0.0.1:5000'] - _invalid_url_types = [False, 'this is not a URL', 1234, 'www.example.com', - 'localhost'] - def setUp(self): super(RegionValidationTestCase, self).setUp() @@ -749,13 +750,13 @@ class RegionValidationTestCase(testtools.TestCase): def test_validate_region_create_succeeds_with_url(self): """Validate `url` attribute in region create request.""" - for url in self._valid_url_types: + for url in _VALID_URLS: request_to_validate = {'url': url} self.create_region_validator.validate(request_to_validate) def test_validate_region_create_fails_with_invalid_url(self): """Exception raised when passing invalid `url` in request.""" - for url in self._invalid_url_types: + for url in _INVALID_URLS: request_to_validate = {'url': url} self.assertRaises(exception.SchemaValidationError, self.create_region_validator.validate, @@ -783,13 +784,13 @@ class RegionValidationTestCase(testtools.TestCase): def test_validate_region_update_succeeds_with_url(self): """Validate `url` attribute in region update request.""" - for url in self._valid_url_types: + for url in _VALID_URLS: request_to_validate = {'url': url} self.update_region_validator.validate(request_to_validate) def test_validate_region_update_fails_with_invalid_url(self): """Exception raised when passing invalid `url` in request.""" - for url in self._invalid_url_types: + for url in _INVALID_URLS: request_to_validate = {'url': url} self.assertRaises(exception.SchemaValidationError, self.update_region_validator.validate, @@ -1035,6 +1036,24 @@ class EndpointValidationTestCase(testtools.TestCase): self.create_endpoint_validator.validate, request_to_validate) + def test_validate_endpoint_create_succeeds_with_url(self): + """Validate `url` attribute in endpoint create request.""" + request_to_validate = {'service_id': uuid.uuid4().hex, + 'interface': 'public'} + for url in _VALID_URLS: + request_to_validate['url'] = url + self.create_endpoint_validator.validate(request_to_validate) + + def test_validate_endpoint_create_fails_with_invalid_url(self): + """Exception raised when passing invalid `url` in request.""" + request_to_validate = {'service_id': uuid.uuid4().hex, + 'interface': 'public'} + for url in _INVALID_URLS: + request_to_validate['url'] = url + self.assertRaises(exception.SchemaValidationError, + self.create_endpoint_validator.validate, + request_to_validate) + def test_validate_endpoint_create_fails_with_invalid_interface(self): """Exception raised with invalid `interface`.""" request_to_validate = {'interface': uuid.uuid4().hex, @@ -1093,6 +1112,24 @@ class EndpointValidationTestCase(testtools.TestCase): 'other_attr': uuid.uuid4().hex} self.update_endpoint_validator.validate(request_to_validate) + def test_validate_endpoint_update_succeeds_with_url(self): + """Validate `url` attribute in endpoint update request.""" + request_to_validate = {'service_id': uuid.uuid4().hex, + 'interface': 'public'} + for url in _VALID_URLS: + request_to_validate['url'] = url + self.update_endpoint_validator.validate(request_to_validate) + + def test_validate_endpoint_update_fails_with_invalid_url(self): + """Exception raised when passing invalid `url` in request.""" + request_to_validate = {'service_id': uuid.uuid4().hex, + 'interface': 'public'} + for url in _INVALID_URLS: + request_to_validate['url'] = url + self.assertRaises(exception.SchemaValidationError, + self.update_endpoint_validator.validate, + request_to_validate) + class TrustValidationTestCase(testtools.TestCase): """Test for V3 Trust API validation.""" |