import os
import shutil
import functools
+import re
# import logging
from deepdiff import DeepDiff
__author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
+valid_helm_chart_re = re.compile(
+ r"^[a-z0-9]([-a-z0-9]*[a-z0-9]/)?([a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
+)
+
class DescriptorTopic(BaseTopic):
def __init__(self, db, fs, msg, auth):
- BaseTopic.__init__(self, db, fs, msg, auth)
+ super().__init__(db, fs, msg, auth)
def _validate_input_new(self, indata, storage_params, force=False):
return indata
self.validate_internal_virtual_links(indata)
self.validate_monitoring_params(indata)
self.validate_scaling_group_descriptor(indata)
+ self.validate_helm_chart(indata)
return indata
+ @staticmethod
+ def validate_helm_chart(indata):
+ kdus = indata.get("kdu", [])
+ for kdu in kdus:
+ helm_chart_value = kdu.get("helm-chart")
+ if not helm_chart_value:
+ continue
+ if not valid_helm_chart_re.match(helm_chart_value):
+ raise EngineException(
+ "helm-chart '{}' is not valid".format(helm_chart_value),
+ http_code=HTTPStatus.UNPROCESSABLE_ENTITY,
+ )
+
@staticmethod
def validate_mgmt_interface_connection_point(indata):
if not indata.get("vdu"):
topic_msg = "nsd"
def __init__(self, db, fs, msg, auth):
- DescriptorTopic.__init__(self, db, fs, msg, auth)
+ super().__init__(db, fs, msg, auth)
def pyangbind_validation(self, item, data, force=False):
if self._descriptor_data_is_in_old_format(data):
from time import time
from osm_common import dbbase, fsbase, msgbase
from osm_nbi import authconn
-from osm_nbi.tests.test_pkg_descriptors import db_vnfds_text, db_nsds_text
+from osm_nbi.tests.test_pkg_descriptors import (
+ db_vnfds_text,
+ db_nsds_text,
+ vnfd_exploit_text,
+ vnfd_exploit_fixed_text,
+)
from osm_nbi.descriptor_topics import VnfdTopic, NsdTopic
from osm_nbi.engine import EngineException
from osm_common.dbbase import DbException
import yaml
+import tempfile
+import collections
+import collections.abc
+
+collections.MutableSequence = collections.abc.MutableSequence
test_name = "test-user"
db_vnfd_content = yaml.safe_load(db_vnfds_text)[0]
"public": False,
"allow_show_user_project_role": True,
}
+UUID = "00000000-0000-0000-0000-000000000000"
+
+
+def admin_value():
+ return {"projects_read": []}
+
+def setup_mock_fs(fs):
+ fs.path = ""
+ fs.get_params.return_value = {}
+ fs.file_exists.return_value = False
+ fs.file_open.side_effect = lambda path, mode: tempfile.TemporaryFile(mode="a+b")
-def norm(str):
+
+def norm(s: str):
"""Normalize string for checking"""
- return " ".join(str.strip().split()).lower()
+ return " ".join(s.strip().split()).lower()
def compare_desc(tc, d1, d2, k):
self.topic.check_quota = Mock(return_value=None) # skip quota
@contextmanager
- def assertNotRaises(self, exception_type):
+ def assertNotRaises(self, exception_type=Exception):
try:
yield None
except exception_type:
return old_desc, new_desc
def prepare_vnfd_creation(self):
- self.fs.path = ""
- self.fs.get_params.return_value = {}
- self.fs.file_exists.return_value = False
- self.fs.file_open.side_effect = lambda path, mode: open(
- "/tmp/" + str(uuid4()), "a+b"
- )
+ setup_mock_fs(self.fs)
test_vnfd = deepcopy(db_vnfd_content)
did = db_vnfd_content["_id"]
self.db.create.return_value = did
]
return did, test_vnfd
+ def prepare_vnfd(self, vnfd_text):
+ setup_mock_fs(self.fs)
+ test_vnfd = yaml.safe_load(vnfd_text)
+ self.db.create.return_value = UUID
+ self.db.get_one.side_effect = [
+ {"_id": UUID, "_admin": admin_value()},
+ None,
+ ]
+ return UUID, test_vnfd
+
def prepare_test_vnfd(self, test_vnfd):
del test_vnfd["_id"]
del test_vnfd["_admin"]
self.assertEqual(admin["revision"], 1, "Wrong revision number")
compare_desc(self, test_vnfd, db_args[2], "VNFD")
+ @patch("osm_nbi.descriptor_topics.shutil")
+ @patch("osm_nbi.descriptor_topics.os.rename")
+ def test_new_vnfd_exploit(self, mock_rename, mock_shutil):
+ id, test_vnfd = self.prepare_vnfd(vnfd_exploit_text)
+
+ with self.assertRaises(EngineException):
+ self.topic.upload_content(
+ fake_session, id, test_vnfd, {}, {"Content-Type": []}
+ )
+
+ @patch("osm_nbi.descriptor_topics.shutil")
+ @patch("osm_nbi.descriptor_topics.os.rename")
+ def test_new_vnfd_valid_helm_chart(self, mock_rename, mock_shutil):
+ id, test_vnfd = self.prepare_vnfd(vnfd_exploit_fixed_text)
+
+ with self.assertNotRaises():
+ self.topic.upload_content(
+ fake_session, id, test_vnfd, {}, {"Content-Type": []}
+ )
+
@patch("osm_nbi.descriptor_topics.shutil")
@patch("osm_nbi.descriptor_topics.os.rename")
def test_new_vnfd_check_pyangbind_validation_additional_properties(
did = db_nsd_content["_id"]
self.fs.get_params.return_value = {}
self.fs.file_exists.return_value = False
- self.fs.file_open.side_effect = lambda path, mode: open(
- "/tmp/" + str(uuid4()), "a+b"
+ self.fs.file_open.side_effect = lambda path, mode: tempfile.TemporaryFile(
+ mode="a+b"
)
self.db.get_one.side_effect = [
{"_id": did, "_admin": deepcopy(db_nsd_content["_admin"])},
projects / osm / NBI.git / commitdiff