Check all_tenants value in security_service api

Add manila.utils.is_all_tenants to check all_tenants value.

Partial-Bug: #1777551
Co-Authored-By: Yu Weizhong <yuweizhong@cmss.chinamobile.com>
Change-Id: I1c8068cb0d4652f1f0349dc5a8d0a2d3af2318e0
This commit is contained in:
zhangqing 2018-11-26 10:01:07 +08:00 committed by Goutham Pacha Ravi
parent b2787fded5
commit bb8859f8ac
3 changed files with 29 additions and 1 deletions

View File

@ -28,6 +28,7 @@ from manila import db
from manila import exception
from manila.i18n import _
from manila import policy
from manila import utils
RESOURCE_NAME = 'security_service'
@ -106,7 +107,7 @@ class SecurityServiceController(wsgi.Controller):
security_services = share_nw['security_services']
del search_opts['share_network_id']
else:
if 'all_tenants' in search_opts and context.is_admin:
if context.is_admin and utils.is_all_tenants(search_opts):
policy.check_policy(context, RESOURCE_NAME,
'get_all_security_services')
security_services = db.security_service_get_all(context)

View File

@ -313,6 +313,25 @@ class ShareApiTest(test.TestCase):
fake_context, fake_context.project_id
)
@mock.patch.object(db, 'security_service_get_all', mock.Mock())
def test_security_services_list_all_tenants_with_invalid_value(self):
req = fakes.HTTPRequest.blank(
'/security-services?all_tenants=nerd',
use_admin_context=True)
self.assertRaises(exception.InvalidInput, self.controller.index, req)
@mock.patch.object(db, 'security_service_get_all_by_project', mock.Mock())
def test_security_services_list_all_tenants_with_value_zero(self):
db.security_service_get_all_by_project.return_value = []
req = fakes.HTTPRequest.blank(
'/security-services?all_tenants=0',
use_admin_context=True)
res_dict = self.controller.index(req)
self.assertEqual({'security_services': []}, res_dict)
db.security_service_get_all_by_project.assert_called_once_with(
req.environ['manila.context'],
req.environ['manila.context'].project_id)
@mock.patch.object(db, 'security_service_get_all_by_project', mock.Mock())
def test_security_services_list_admin_context_invalid_opts(self):
db.security_service_get_all_by_project.return_value = [

View File

@ -0,0 +1,8 @@
---
fixes:
- |
The ``all_tenants`` query parameter in the security services API (GET
/v2/{project_id}/security-services) has been fixed to accept 'f',
'false', 'off', 'n', 'no', or '0'. Setting the flag to any of these values
will retrieve security services only from the requester's project
namespace.