Change default authorized role

monasca-user role is more sufficient then admin role.

Story: 2001895
Task: 14380
Change-Id: I16091dbd631a5e94d08598a23eeb3bdf97cf0a92
This commit is contained in:
Adrian Czarnecki 2018-04-23 12:30:03 +02:00
parent 9ebde65af9
commit 2e078cdd87
4 changed files with 30 additions and 17 deletions

View File

@ -123,7 +123,7 @@ middleware:
connPoolMinIdleTime: 600000
connRetryTimes: 2
connRetryInterval: 50
defaultAuthorizedRoles: [user, domainuser, domainadmin, monasca-user, admin]
defaultAuthorizedRoles: [monasca-user]
readOnlyAuthorizedRoles: [monasca-read-only-user]
agentAuthorizedRoles: [monasca-agent]
delegateAuthorizedRole: admin

View File

@ -841,7 +841,7 @@ function configure_monasca_api_python {
iniset "$MONASCA_API_CONF" keystone_authtoken identity_uri "http://$SERVICE_HOST:35357"
iniset "$MONASCA_API_CONF" keystone_authtoken auth_uri "http://$SERVICE_HOST:5000"
iniset "$MONASCA_API_CONF" security default_authorized_roles "user, domainuser, domainadmin, monasca-user"
iniset "$MONASCA_API_CONF" security default_authorized_roles "monasca-user"
iniset "$MONASCA_API_CONF" security agent_authorized_roles "monasca-agent"
iniset "$MONASCA_API_CONF" security read_only_authorized_roles "monasca-read-only-user"
iniset "$MONASCA_API_CONF" security delegate_authorized_roles "admin"

View File

@ -17,7 +17,7 @@
from oslo_config import cfg
security_opts = [
cfg.ListOpt('default_authorized_roles', default=['admin'],
cfg.ListOpt('default_authorized_roles', default=['monasca-user'],
help='''
Roles that are allowed full access to the API
'''),

View File

@ -189,7 +189,7 @@ class TestAlarmsStateHistory(AlarmTestBase):
response = self.simulate_request(
u'/v2.0/alarms/%s/state-history/' % ALARM_HISTORY[u"alarm_id"],
headers={
'X-Roles': 'admin',
'X-Roles': CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID,
})
@ -241,7 +241,9 @@ class TestAlarmDefinition(AlarmTestBase):
}
response = self.simulate_request("/v2.0/alarm-definitions/",
headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID},
headers={'X-Roles':
CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID},
method="POST",
body=json.dumps(alarm_def))
@ -297,7 +299,9 @@ class TestAlarmDefinition(AlarmTestBase):
alarm_def[u'expression'] = expression
expected_data[u'expression'] = expression
response = self.simulate_request("/v2.0/alarm-definitions/",
headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID},
headers={'X-Roles':
CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID},
method="POST",
body=json.dumps(alarm_def))
@ -321,7 +325,8 @@ class TestAlarmDefinition(AlarmTestBase):
for expression in bad_expressions:
alarm_def[u'expression'] = expression
self.simulate_request("/v2.0/alarm-definitions/",
headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID},
headers={'X-Roles': CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID},
method="POST",
body=json.dumps(alarm_def))
@ -400,7 +405,9 @@ class TestAlarmDefinition(AlarmTestBase):
}
result = self.simulate_request("/v2.0/alarm-definitions/%s" % expected_def[u'id'],
headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID},
headers={'X-Roles':
CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID},
method="PUT",
body=json.dumps(alarm_def))
@ -416,7 +423,7 @@ class TestAlarmDefinition(AlarmTestBase):
self.simulate_request(
"/v2.0/alarm-definitions/",
headers={
'X-Roles': 'admin',
'X-Roles': CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID},
method="PATCH",
body=json.dumps(alarm_def))
@ -431,7 +438,7 @@ class TestAlarmDefinition(AlarmTestBase):
self.simulate_request(
"/v2.0/alarm-definitions/",
headers={
'X-Roles': 'admin',
'X-Roles': CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID},
method="PUT",
body=json.dumps(alarm_def))
@ -443,7 +450,7 @@ class TestAlarmDefinition(AlarmTestBase):
self.simulate_request(
"/v2.0/alarm-definitions/",
headers={
'X-Roles': 'admin',
'X-Roles': CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID},
method="DELETE")
@ -519,7 +526,9 @@ class TestAlarmDefinition(AlarmTestBase):
}
result = self.simulate_request("/v2.0/alarm-definitions/%s" % expected_def[u'id'],
headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID},
headers={'X-Roles':
CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID},
method="PATCH",
body=json.dumps(alarm_def))
@ -629,7 +638,9 @@ class TestAlarmDefinition(AlarmTestBase):
}
result = self.simulate_request("/v2.0/alarm-definitions/%s" % expected_def[u'id'],
headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID},
headers={'X-Roles':
CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID},
method="PUT",
body=json.dumps(alarm_def))
@ -641,7 +652,9 @@ class TestAlarmDefinition(AlarmTestBase):
del alarm_def[key]
self.simulate_request("/v2.0/alarm-definitions/%s" % expected_def[u'id'],
headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID},
headers={'X-Roles':
CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID},
method="PUT",
body=json.dumps(alarm_def))
self.assertEqual(self.srmock.status, "422 Unprocessable Entity",
@ -683,7 +696,7 @@ class TestAlarmDefinition(AlarmTestBase):
response = self.simulate_request(
'/v2.0/alarm-definitions/%s' % (expected_data[u'id']),
headers={
'X-Roles': 'admin',
'X-Roles': CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID,
})
@ -722,7 +735,7 @@ class TestAlarmDefinition(AlarmTestBase):
response = self.simulate_request(
'/v2.0/alarm-definitions/%s' % (expected_data[u'id']),
headers={
'X-Roles': 'admin',
'X-Roles': CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID,
})
@ -760,7 +773,7 @@ class TestAlarmDefinition(AlarmTestBase):
response = self.simulate_request(
'/v2.0/alarm-definitions/%s' % (expected_data[u'id']),
headers={
'X-Roles': 'admin',
'X-Roles': CONF.security.default_authorized_roles[0],
'X-Tenant-Id': TENANT_ID,
}
)