Merge "[Pecan] Fix custom tenant_id project_id matching" into stable/newton

2017-07-06 12:12:46 +00:00 · 2017-07-06 12:12:46 +00:00 · 13826b34e9
parent 4c6afa54b1 7f207a7e1e
commit 13826b34e9
2 changed files with 33 additions and 0 deletions
--- a/neutron/pecan_wsgi/hooks/policy_enforcement.py
+++ b/neutron/pecan_wsgi/hooks/policy_enforcement.py
@ -210,6 +210,13 @@ class PolicyHook(hooks.PecanHook):
        """
        attributes_to_exclude = []
        for attr_name in data.keys():
+            # TODO(amotoki): All attribute maps have tenant_id and
+            # it determines excluded attributes based on tenant_id.
+            # We need to migrate tenant_id to project_id later
+            # as attr_info is referred to in various places and we need
+            # to check all logs carefully.
+            if attr_name == 'project_id':
+                continue
            attr_data = controller.resource_info.get(attr_name)
            if attr_data and attr_data['is_visible']:
                if policy.check(
@ -225,4 +232,9 @@ class PolicyHook(hooks.PecanHook):
            # if the code reaches this point then either the policy check
            # failed or the attribute was not visible in the first place
            attributes_to_exclude.append(attr_name)
+            # TODO(amotoki): As mentioned in the above TODO,
+            # we treat project_id and tenant_id equivalently.
+            # This should be migrated to project_id later.
+            if attr_name == 'tenant_id':
+                attributes_to_exclude.append('project_id')
        return attributes_to_exclude
--- a/neutron/tests/functional/pecan_wsgi/test_controllers.py
+++ b/neutron/tests/functional/pecan_wsgi/test_controllers.py
@ -850,3 +850,24 @@ class TestMemberActionController(test_functional.PecanFunctionalTest):
        url = '/v2.0/{}/something/put_meh.json'.format(self.collection)
        resp = self.app.get(url, expect_errors=True)
        self.assertEqual(405, resp.status_int)
+
+
+class TestExcludeAttributePolicy(test_functional.PecanFunctionalTest):
+
+    def setUp(self):
+        super(TestExcludeAttributePolicy, self).setUp()
+        policy.init()
+        self.addCleanup(policy.reset)
+        plugin = manager.NeutronManager.get_plugin()
+        ctx = context.get_admin_context()
+        self.network_id = pecan_utils.create_network(ctx, plugin)['id']
+        mock.patch('neutron.pecan_wsgi.controllers.resource.'
+                   'CollectionsController.get').start()
+
+    def test_get_networks(self):
+        response = self.app.get('/v2.0/networks/%s.json' % self.network_id,
+                headers={'X-Project-Id': 'tenid'})
+        json_body = jsonutils.loads(response.body)
+        self.assertEqual(response.status_int, 200)
+        self.assertEqual('tenid', json_body['network']['project_id'])
+        self.assertEqual('tenid', json_body['network']['tenant_id'])