Forbid to attach security services with same type to share network
Manila should not allow attach several security services with same type to a share network, for example, two LDAPs or two Active Directory services. Add unit tests and fix tempest tests. Closes-bug: #1358652 Change-Id: Id37e986e537941fe8f9086b8b150d6073c97d1ed
This commit is contained in:
parent
0f76ed578b
commit
4f17b8d837
|
@ -33,7 +33,7 @@ class SecServicesMappingNegativeTest(base.BaseSharesTest):
|
|||
resp, __ = self.cl.add_sec_service_to_share_network(self.sn["id"],
|
||||
self.ss["id"])
|
||||
self.assertIn(int(resp["status"]), test.HTTP_SUCCESS)
|
||||
self.assertRaises(exceptions.BadRequest,
|
||||
self.assertRaises(exceptions.Conflict,
|
||||
self.cl.add_sec_service_to_share_network,
|
||||
self.sn["id"], self.ss["id"])
|
||||
|
||||
|
@ -86,7 +86,7 @@ class SecServicesMappingNegativeTest(base.BaseSharesTest):
|
|||
"wrong_id", "wrong_id")
|
||||
|
||||
@test.attr(type=["gate", "smoke", "negative"])
|
||||
def test_try_map_same_ss_to_sn_twice(self):
|
||||
def test_try_map_two_ss_with_same_type_to_sn(self):
|
||||
# create share network
|
||||
data = self.generate_share_network_data()
|
||||
|
||||
|
@ -94,22 +94,24 @@ class SecServicesMappingNegativeTest(base.BaseSharesTest):
|
|||
self.assertIn(int(resp["status"]), test.HTTP_SUCCESS)
|
||||
self.assertDictContainsSubset(data, sn)
|
||||
|
||||
# create security service
|
||||
data = self.generate_security_service_data()
|
||||
|
||||
resp, ss = self.create_security_service(client=self.cl, **data)
|
||||
self.assertIn(int(resp["status"]), test.HTTP_SUCCESS)
|
||||
self.assertDictContainsSubset(data, ss)
|
||||
# create security services with same type
|
||||
security_services = []
|
||||
for i in range(2):
|
||||
data = self.generate_security_service_data()
|
||||
resp, ss = self.create_security_service(client=self.cl, **data)
|
||||
self.assertIn(int(resp["status"]), test.HTTP_SUCCESS)
|
||||
self.assertDictContainsSubset(data, ss)
|
||||
security_services.insert(i, ss)
|
||||
|
||||
# Add security service to share network
|
||||
resp, __ = self.cl.add_sec_service_to_share_network(sn["id"],
|
||||
ss["id"])
|
||||
resp, __ = self.cl.add_sec_service_to_share_network(
|
||||
sn["id"], security_services[0]["id"])
|
||||
self.assertIn(int(resp["status"]), test.HTTP_SUCCESS)
|
||||
|
||||
# Try add same security service one more time
|
||||
self.assertRaises(exceptions.BadRequest,
|
||||
# Try to add security service with same type
|
||||
self.assertRaises(exceptions.Conflict,
|
||||
self.cl.add_sec_service_to_share_network,
|
||||
sn["id"], ss["id"])
|
||||
sn["id"], security_services[1]["id"])
|
||||
|
||||
@test.attr(type=["gate", "smoke", "negative"])
|
||||
def test_try_delete_ss_that_assigned_to_sn(self):
|
||||
|
|
|
@ -249,6 +249,16 @@ class ShareNetworkController(wsgi.Controller):
|
|||
if share_network['share_servers']:
|
||||
msg = _("Cannot add security services. Share network is used.")
|
||||
raise exc.HTTPForbidden(explanation=msg)
|
||||
security_service = db_api.security_service_get(
|
||||
context, data['security_service_id'])
|
||||
for attached_service in share_network['security_services']:
|
||||
if attached_service['type'] == security_service['type']:
|
||||
msg = _("Cannot add security service to share network. "
|
||||
"Security service with '%(ss_type)s' type already "
|
||||
"added to '%(sn_id)s' share network") % {
|
||||
'ss_type': security_service['type'],
|
||||
'sn_id': share_network['id']}
|
||||
raise exc.HTTPConflict(explanation=msg)
|
||||
try:
|
||||
share_network = db_api.share_network_add_security_service(
|
||||
context,
|
||||
|
|
|
@ -293,6 +293,30 @@ class ShareNetworkAPITest(test.TestCase):
|
|||
self.controller._add_security_service.assert_called_once_with(
|
||||
self.req, share_network_id, body['add_security_service'])
|
||||
|
||||
@mock.patch.object(db_api, 'share_network_get', mock.Mock())
|
||||
@mock.patch.object(db_api, 'security_service_get', mock.Mock())
|
||||
def test_action_add_security_service_conflict(self):
|
||||
share_network = fake_share_network.copy()
|
||||
share_network['security_services'] = [{'id': 'security_service_1',
|
||||
'type': 'ldap'}]
|
||||
security_service = {'id': ' security_service_2',
|
||||
'type': 'ldap'}
|
||||
body = {'add_security_service': {'security_service_id':
|
||||
security_service['id']}}
|
||||
|
||||
db_api.security_service_get.return_value = security_service
|
||||
db_api.share_network_get.return_value = share_network
|
||||
|
||||
self.assertRaises(webob_exc.HTTPConflict,
|
||||
self.controller.action,
|
||||
self.req,
|
||||
share_network['id'],
|
||||
body)
|
||||
db_api.share_network_get.assert_called_once_with(
|
||||
self.req.environ['manila.context'], share_network['id'])
|
||||
db_api.security_service_get.assert_called_once_with(
|
||||
self.req.environ['manila.context'], security_service['id'])
|
||||
|
||||
def test_action_remove_security_service(self):
|
||||
share_network_id = 'fake network id'
|
||||
security_service_id = 'fake ss id'
|
||||
|
|
Loading…
Reference in New Issue