Merge "Check all_tenants value in security_service api"

This commit is contained in:
Zuul 2019-03-20 09:58:21 +00:00 committed by Gerrit Code Review
commit 131c19050a
3 changed files with 29 additions and 1 deletions

View File

@ -28,6 +28,7 @@ from manila import db
from manila import exception
from manila.i18n import _
from manila import policy
from manila import utils
RESOURCE_NAME = 'security_service'
@ -106,7 +107,7 @@ class SecurityServiceController(wsgi.Controller):
security_services = share_nw['security_services']
del search_opts['share_network_id']
else:
if 'all_tenants' in search_opts and context.is_admin:
if context.is_admin and utils.is_all_tenants(search_opts):
policy.check_policy(context, RESOURCE_NAME,
'get_all_security_services')
security_services = db.security_service_get_all(context)

View File

@ -313,6 +313,25 @@ class ShareApiTest(test.TestCase):
fake_context, fake_context.project_id
)
@mock.patch.object(db, 'security_service_get_all', mock.Mock())
def test_security_services_list_all_tenants_with_invalid_value(self):
req = fakes.HTTPRequest.blank(
'/security-services?all_tenants=nerd',
use_admin_context=True)
self.assertRaises(exception.InvalidInput, self.controller.index, req)
@mock.patch.object(db, 'security_service_get_all_by_project', mock.Mock())
def test_security_services_list_all_tenants_with_value_zero(self):
db.security_service_get_all_by_project.return_value = []
req = fakes.HTTPRequest.blank(
'/security-services?all_tenants=0',
use_admin_context=True)
res_dict = self.controller.index(req)
self.assertEqual({'security_services': []}, res_dict)
db.security_service_get_all_by_project.assert_called_once_with(
req.environ['manila.context'],
req.environ['manila.context'].project_id)
@mock.patch.object(db, 'security_service_get_all_by_project', mock.Mock())
def test_security_services_list_admin_context_invalid_opts(self):
db.security_service_get_all_by_project.return_value = [

View File

@ -0,0 +1,8 @@
---
fixes:
- |
The ``all_tenants`` query parameter in the security services API (GET
/v2/{project_id}/security-services) has been fixed to accept 'f',
'false', 'off', 'n', 'no', or '0'. Setting the flag to any of these values
will retrieve security services only from the requester's project
namespace.