From 7f207a7e1e93e911d83010fe8ed5c19ee640149c Mon Sep 17 00:00:00 2001 From: Anindita Das Date: Tue, 21 Mar 2017 03:37:25 +0000 Subject: [PATCH] [Pecan] Fix custom tenant_id project_id matching This patch fixes the missing custom tenant_id and project_id matching on policy_enforcement.py Conflicts: neutron/tests/functional/pecan_wsgi/test_controllers.py Newton changes: neutron-lib did not have directory module, falling back to neutron.manager. Change-Id: I278759f6b65cce7caa4f66fa694488b75f0459b6 Closes-Bug: #1674517 (cherry picked from commit 0193777e60216844019963f785cd28ca205c42a4) --- .../pecan_wsgi/hooks/policy_enforcement.py | 12 +++++++++++ .../functional/pecan_wsgi/test_controllers.py | 21 +++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/neutron/pecan_wsgi/hooks/policy_enforcement.py b/neutron/pecan_wsgi/hooks/policy_enforcement.py index d9169f1371c..881f714671e 100644 --- a/neutron/pecan_wsgi/hooks/policy_enforcement.py +++ b/neutron/pecan_wsgi/hooks/policy_enforcement.py @@ -210,6 +210,13 @@ class PolicyHook(hooks.PecanHook): """ attributes_to_exclude = [] for attr_name in data.keys(): + # TODO(amotoki): All attribute maps have tenant_id and + # it determines excluded attributes based on tenant_id. + # We need to migrate tenant_id to project_id later + # as attr_info is referred to in various places and we need + # to check all logs carefully. + if attr_name == 'project_id': + continue attr_data = controller.resource_info.get(attr_name) if attr_data and attr_data['is_visible']: if policy.check( @@ -225,4 +232,9 @@ class PolicyHook(hooks.PecanHook): # if the code reaches this point then either the policy check # failed or the attribute was not visible in the first place attributes_to_exclude.append(attr_name) + # TODO(amotoki): As mentioned in the above TODO, + # we treat project_id and tenant_id equivalently. + # This should be migrated to project_id later. + if attr_name == 'tenant_id': + attributes_to_exclude.append('project_id') return attributes_to_exclude diff --git a/neutron/tests/functional/pecan_wsgi/test_controllers.py b/neutron/tests/functional/pecan_wsgi/test_controllers.py index 748e45f7132..8b2468c5d25 100644 --- a/neutron/tests/functional/pecan_wsgi/test_controllers.py +++ b/neutron/tests/functional/pecan_wsgi/test_controllers.py @@ -850,3 +850,24 @@ class TestMemberActionController(test_functional.PecanFunctionalTest): url = '/v2.0/{}/something/put_meh.json'.format(self.collection) resp = self.app.get(url, expect_errors=True) self.assertEqual(405, resp.status_int) + + +class TestExcludeAttributePolicy(test_functional.PecanFunctionalTest): + + def setUp(self): + super(TestExcludeAttributePolicy, self).setUp() + policy.init() + self.addCleanup(policy.reset) + plugin = manager.NeutronManager.get_plugin() + ctx = context.get_admin_context() + self.network_id = pecan_utils.create_network(ctx, plugin)['id'] + mock.patch('neutron.pecan_wsgi.controllers.resource.' + 'CollectionsController.get').start() + + def test_get_networks(self): + response = self.app.get('/v2.0/networks/%s.json' % self.network_id, + headers={'X-Project-Id': 'tenid'}) + json_body = jsonutils.loads(response.body) + self.assertEqual(response.status_int, 200) + self.assertEqual('tenid', json_body['network']['project_id']) + self.assertEqual('tenid', json_body['network']['tenant_id'])