Merge "Add filter to secret list for acl secrets"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
a2f14e2b7b
@ -270,6 +270,11 @@ class SecretsController(controllers.ACLMixin):
|
|||||||
# the default should be used.
|
# the default should be used.
|
||||||
bits = 0
|
bits = 0
|
||||||
|
|
||||||
|
ctxt = controllers._get_barbican_context(pecan.request)
|
||||||
|
user_id = None
|
||||||
|
if ctxt:
|
||||||
|
user_id = ctxt.user
|
||||||
|
|
||||||
result = self.secret_repo.get_by_create_date(
|
result = self.secret_repo.get_by_create_date(
|
||||||
external_project_id,
|
external_project_id,
|
||||||
offset_arg=kw.get('offset', 0),
|
offset_arg=kw.get('offset', 0),
|
||||||
@ -278,7 +283,9 @@ class SecretsController(controllers.ACLMixin):
|
|||||||
alg=kw.get('alg'),
|
alg=kw.get('alg'),
|
||||||
mode=kw.get('mode'),
|
mode=kw.get('mode'),
|
||||||
bits=bits,
|
bits=bits,
|
||||||
suppress_exception=True
|
suppress_exception=True,
|
||||||
|
acl_only=kw.get('acl_only', None),
|
||||||
|
user_id=user_id
|
||||||
)
|
)
|
||||||
|
|
||||||
secrets, offset, limit, total = result
|
secrets, offset, limit, total = result
|
||||||
|
|||||||
@ -593,7 +593,7 @@ class SecretRepo(BaseRepo):
|
|||||||
def get_by_create_date(self, external_project_id, offset_arg=None,
|
def get_by_create_date(self, external_project_id, offset_arg=None,
|
||||||
limit_arg=None, name=None, alg=None, mode=None,
|
limit_arg=None, name=None, alg=None, mode=None,
|
||||||
bits=0, secret_type=None, suppress_exception=False,
|
bits=0, secret_type=None, suppress_exception=False,
|
||||||
session=None):
|
session=None, acl_only=None, user_id=None):
|
||||||
"""Returns a list of secrets
|
"""Returns a list of secrets
|
||||||
|
|
||||||
The returned secrets are ordered by the date they were created at
|
The returned secrets are ordered by the date they were created at
|
||||||
@ -625,8 +625,14 @@ class SecretRepo(BaseRepo):
|
|||||||
if secret_type:
|
if secret_type:
|
||||||
query = query.filter(models.Secret.secret_type == secret_type)
|
query = query.filter(models.Secret.secret_type == secret_type)
|
||||||
|
|
||||||
query = query.join(models.Project)
|
if acl_only and acl_only.lower() == 'true' and user_id:
|
||||||
query = query.filter(models.Project.external_id == external_project_id)
|
query = query.join(models.SecretACL)
|
||||||
|
query = query.join(models.SecretACLUser)
|
||||||
|
query = query.filter(models.SecretACLUser.user_id == user_id)
|
||||||
|
else:
|
||||||
|
query = query.join(models.Project)
|
||||||
|
query = query.filter(
|
||||||
|
models.Project.external_id == external_project_id)
|
||||||
|
|
||||||
total = query.count()
|
total = query.count()
|
||||||
end_offset = offset + limit
|
end_offset = offset + limit
|
||||||
|
|||||||
@ -490,6 +490,43 @@ class WhenTestingSecretACLsResource(utils.BarbicanAPIBaseTestCase,
|
|||||||
expect_errors=True)
|
expect_errors=True)
|
||||||
self.assertEqual(405, resp.status_int)
|
self.assertEqual(405, resp.status_int)
|
||||||
|
|
||||||
|
def test_list_secrets_with_no_acls_and_acl_only_should_be_empty(self):
|
||||||
|
"""Return list should be empty"""
|
||||||
|
creator_user_id = 'creatorUserID'
|
||||||
|
self._create_secret_with_creator_user(
|
||||||
|
self.app, creator_user_id)
|
||||||
|
|
||||||
|
resp = self.app.get(
|
||||||
|
'/secrets/?acl_only=TRUE')
|
||||||
|
self.assertEqual(200, resp.status_int)
|
||||||
|
self.assertEqual([], resp.json['secrets'])
|
||||||
|
|
||||||
|
def test_list_secrets_with_acls(self):
|
||||||
|
"""Return List should not include secrets with no ACL for user"""
|
||||||
|
creator_user_id = 'creatorUserID'
|
||||||
|
secret_uuid_acl_1 = self._create_secret_with_creator_user(
|
||||||
|
self.app, creator_user_id)
|
||||||
|
secret_uuid_acl_2 = self._create_secret_with_creator_user(
|
||||||
|
self.app, creator_user_id)
|
||||||
|
secret_uuid_no_acl = self._create_secret_with_creator_user(
|
||||||
|
self.app, creator_user_id)
|
||||||
|
create_acls(
|
||||||
|
self.app, 'secrets', secret_uuid_acl_1,
|
||||||
|
read_user_ids=[creator_user_id],
|
||||||
|
read_project_access=False)
|
||||||
|
|
||||||
|
create_acls(
|
||||||
|
self.app, 'secrets', secret_uuid_acl_2,
|
||||||
|
read_user_ids=[creator_user_id],
|
||||||
|
read_project_access=False)
|
||||||
|
resp = self.app.get(
|
||||||
|
'/secrets/?acl_only=TrUe')
|
||||||
|
self.assertEqual(200, resp.status_int)
|
||||||
|
secret_list = resp.json.get('secrets')
|
||||||
|
self.assertEqual(len(secret_list), 2)
|
||||||
|
|
||||||
|
self.assertNotIn(secret_uuid_no_acl, secret_list)
|
||||||
|
|
||||||
|
|
||||||
class WhenTestingContainerAclsResource(utils.BarbicanAPIBaseTestCase,
|
class WhenTestingContainerAclsResource(utils.BarbicanAPIBaseTestCase,
|
||||||
TestACLsWithContextMixin):
|
TestACLsWithContextMixin):
|
||||||
|
|||||||
@ -17,23 +17,26 @@ make a separate call to get the secret details to view the secret.
|
|||||||
Parameters
|
Parameters
|
||||||
**********
|
**********
|
||||||
|
|
||||||
+--------+---------+----------------------------------------------------------------+
|
+----------+---------+----------------------------------------------------------------+
|
||||||
| Name | Type | Description |
|
| Name | Type | Description |
|
||||||
+========+=========+================================================================+
|
+==========+=========+================================================================+
|
||||||
| offset | integer | The starting index within the total list of the secrets that |
|
| offset | integer | The starting index within the total list of the secrets that |
|
||||||
| | | you would like to retrieve. |
|
| | | you would like to retrieve. |
|
||||||
+--------+---------+----------------------------------------------------------------+
|
+----------+---------+----------------------------------------------------------------+
|
||||||
| limit | integer | The maximum number of records to return (up to 100). The |
|
| limit | integer | The maximum number of records to return (up to 100). The |
|
||||||
| | | default limit is 10. |
|
| | | default limit is 10. |
|
||||||
+--------+---------+----------------------------------------------------------------+
|
+----------+---------+----------------------------------------------------------------+
|
||||||
| name | string | Selects all secrets with name equal to this value. |
|
| name | string | Selects all secrets with name equal to this value. |
|
||||||
+--------+---------+----------------------------------------------------------------+
|
+----------+---------+----------------------------------------------------------------+
|
||||||
| bits | integer | Selects all secrets with bit_length equal to this value. |
|
| bits | integer | Selects all secrets with bit_length equal to this value. |
|
||||||
+--------+---------+----------------------------------------------------------------+
|
+----------+---------+----------------------------------------------------------------+
|
||||||
| alg | string | Selects all secrets with algorithm equal to this value. |
|
| alg | string | Selects all secrets with algorithm equal to this value. |
|
||||||
+--------+---------+----------------------------------------------------------------+
|
+----------+---------+----------------------------------------------------------------+
|
||||||
| mode | string | Selects all secrets with mode equal to this value. |
|
| mode | string | Selects all secrets with mode equal to this value. |
|
||||||
+--------+---------+----------------------------------------------------------------+
|
+----------+---------+----------------------------------------------------------------+
|
||||||
|
| acl_only | boolean | Selects all secrets with an ACL that contains the user. |
|
||||||
|
| | | Project scope is ignored. |
|
||||||
|
+----------+---------+----------------------------------------------------------------+
|
||||||
|
|
||||||
.. _secret_response_attributes:
|
.. _secret_response_attributes:
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user