Merge "Add permission check when creating restore"

This commit is contained in:
Zuul 2018-11-26 01:16:12 +00:00 committed by Gerrit Code Review
commit 57c04d1eeb
4 changed files with 33 additions and 1 deletions

View File

@ -232,6 +232,8 @@ class RestoresController(wsgi.Controller):
# call restore rpc API of protection service
try:
self.protection_api.restore(context, restoreobj, restore_auth)
except exception.AccessCheckpointNotAllowed as error:
raise exc.HTTPForbidden(explanation=error.msg)
except Exception:
# update the status of restore
update_dict = {

View File

@ -182,7 +182,8 @@ class ProtectionManager(manager.Manager):
exception.CheckpointNotFound,
exception.CheckpointNotAvailable,
exception.FlowError,
exception.InvalidInput)
exception.InvalidInput,
exception.AccessCheckpointNotAllowed)
def restore(self, context, restore, restore_auth):
LOG.info("Starting restore service:restore action")
@ -197,6 +198,11 @@ class ProtectionManager(manager.Manager):
checkpoint_collection = provider.get_checkpoint_collection()
checkpoint = checkpoint_collection.get(checkpoint_id)
if not context.is_admin and (
checkpoint.project_id != context.project_id):
raise exception.AccessCheckpointNotAllowed(
checkpoint_id=checkpoint_id)
if checkpoint.status != constants.CHECKPOINT_STATUS_AVAILABLE:
raise exception.CheckpointNotAvailable(
checkpoint_id=checkpoint_id)

View File

@ -75,6 +75,16 @@ class RestoreApiTest(base.TestCase):
self.assertRaises(exception.ValidationError, self.controller.create,
req, body=body)
@mock.patch('karbor.services.protection.api.API.restore')
def test_restore_create_with_checkpoint_not_allowed_exception(
self, mock_restore):
mock_restore.side_effect = exception.AccessCheckpointNotAllowed
restore = self._restore_in_request_body()
body = {"restore": restore}
req = fakes.HTTPRequest.blank('/v1/restores')
self.assertRaises(exc.HTTPForbidden, self.controller.create,
req, body=body)
@mock.patch(
'karbor.api.v1.restores.RestoresController._get_all')
def test_restore_list_detail(self, moak_get_all):

View File

@ -146,6 +146,20 @@ class ProtectionServiceTest(base.TestCase):
None,
fakes.fake_protection_plan())
@mock.patch.object(provider.ProviderRegistry, 'show_provider')
def test_restore_with_project_id_not_same(self, mock_provider):
mock_provider.return_value = fakes.FakeProvider()
context = mock.MagicMock(project_id='fake_project_id_1',
is_admin=False)
fake_restore = {
'checkpoint_id': 'fake_checkpoint',
'provider_id': 'fake_provider_id',
'parameters': None
}
self.assertRaises(
oslo_messaging.ExpectedException, self.pro_manager.restore,
context, fake_restore, None)
@mock.patch.object(provider.ProviderRegistry, 'show_provider')
def test_list_checkpoints(self, mock_provider):
fake_provider = fakes.FakeProvider()