From e34ee792a8c1acf3e69cac8879fd92e51b6255e0 Mon Sep 17 00:00:00 2001
From: Taylor Peoples <tpeoples@us.ibm.com>
Date: Thu, 21 Jan 2016 08:40:13 +0100
Subject: [PATCH] Validate audit template UUID on audit create

The audit template UUID should be validated during the creation of an
audit.  An HTTP 400 error is returned to the client if an invalid audit
template UUID is passed as part of the body when creating an audit.

APIImpact
Closes-Bug: #1510188

Change-Id: I0543d22751b77f6641ddef6a7f0f4acce61180fd
---
 watcher/api/controllers/v1/audit.py |  6 ++++++
 watcher/tests/api/v1/test_audits.py | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/watcher/api/controllers/v1/audit.py b/watcher/api/controllers/v1/audit.py
index 8a3d5c91b..4cf7ea60e 100644
--- a/watcher/api/controllers/v1/audit.py
+++ b/watcher/api/controllers/v1/audit.py
@@ -57,6 +57,7 @@ import wsme
 from wsme import types as wtypes
 import wsmeext.pecan as wsme_pecan
 
+from watcher._i18n import _
 from watcher.api.controllers import base
 from watcher.api.controllers import link
 from watcher.api.controllers.v1 import collection
@@ -355,6 +356,11 @@ class AuditsController(rest.RestController):
         if self.from_audits:
             raise exception.OperationNotPermitted
 
+        if not audit._audit_template_uuid:
+            raise exception.Invalid(
+                message=_('The audit template UUID or name specified is '
+                          'invalid'))
+
         audit_dict = audit.as_dict()
         context = pecan.request.context
         new_audit = objects.Audit(context, **audit_dict)
diff --git a/watcher/tests/api/v1/test_audits.py b/watcher/tests/api/v1/test_audits.py
index e0f4a6307..343184dd6 100644
--- a/watcher/tests/api/v1/test_audits.py
+++ b/watcher/tests/api/v1/test_audits.py
@@ -451,6 +451,24 @@ class TestPost(api_base.FunctionalTest):
             response.json['created_at']).replace(tzinfo=None)
         self.assertEqual(test_time, return_created_at)
 
+    @mock.patch('oslo_utils.timeutils.utcnow')
+    def test_create_audit_invalid_audit_template_uuid(self, mock_utcnow):
+        test_time = datetime.datetime(2000, 1, 1, 0, 0)
+        mock_utcnow.return_value = test_time
+
+        audit_dict = post_get_test_audit()
+        # Make the audit template UUID some garbage value
+        audit_dict['audit_template_uuid'] = (
+            '01234567-8910-1112-1314-151617181920')
+
+        response = self.post_json('/audits', audit_dict, expect_errors=True)
+        self.assertEqual(400, response.status_int)
+        self.assertEqual("application/json", response.content_type)
+        expected_error_msg = ('The audit template UUID or name specified is '
+                              'invalid')
+        self.assertTrue(response.json['error_message'])
+        self.assertTrue(expected_error_msg in response.json['error_message'])
+
     @mock.patch.object(deapi.DecisionEngineAPI, 'trigger_audit')
     def test_create_audit_doesnt_contain_id(self, mock_trigger_audit):
         mock_trigger_audit.return_value = mock.ANY