Browse Source

Fix: show volume by name for non-admins

Currently we don't pop the all_tenants field for non-admins resulting
in database not able to process it and no records are displayed.
Cinderclient passes it for most APIs since it doesn't have the context
and cannot determine if the user is admin or non-admin.
On the API side, we need to filter out the all_tenants key for non-admins
since it is only valid for admin operations.
This only happens incase of general filtering API which was introduced
in microversion 3.31, prior to this all invalid filters were removed.

Closes-Bug: #1917574
Change-Id: Idf619b4dbb64318f6e2231b13b8bacce3deaa43b
changes/73/778373/11
Rajat Dhasmana 7 months ago
parent
commit
b675b66d4f
  1. 4
      cinder/api/common.py
  2. 10
      cinder/tests/unit/api/test_common.py
  3. 7
      releasenotes/notes/fix-show-volume-non-admins-1bc5238398e73981.yaml

4
cinder/api/common.py

@ -446,7 +446,11 @@ def reject_invalid_filters(context, filters, resource,
invalid_filters.append(key)
if invalid_filters:
if 'all_tenants' in invalid_filters:
# NOTE: this is a special case: the cinderclient always adds
# 'all_tenants', so we don't want to hold that against a non-admin
# user and we silently ignore it. See Bug #1917574.
invalid_filters.remove('all_tenants')
filters.pop('all_tenants')
if len(invalid_filters) == 0:
return
raise webob.exc.HTTPBadRequest(

10
cinder/tests/unit/api/test_common.py

@ -417,7 +417,15 @@ class GeneralFiltersTest(test.TestCase):
'is_admin': False,
'result': {'volume_type': ["is_public"]},
'expected': {'is_public': True},
'resource': 'volume_type'})
'resource': 'volume_type'},
{'filters': {'key1': 'value1',
'all_tenants': 'value2',
'key3': 'value3'},
'is_admin': False,
'result': {'fake_resource': ['key1', 'key3']},
'expected': {'key1': 'value1',
'key3': 'value3'},
'resource': 'fake_resource'})
@ddt.unpack
@mock.patch('cinder.api.common.get_enabled_resource_filters')
def test_reject_invalid_filters(self, mock_get, filters,

7
releasenotes/notes/fix-show-volume-non-admins-1bc5238398e73981.yaml

@ -0,0 +1,7 @@
---
fixes:
- |
`Bug #1917574 <https://bugs.launchpad.net/cinder/+bug/1917574>`_:
Fixed issue when cinderclient requests to show volume by name for
non-admin users would result in the volume not being found for
microversions 3.31 or later.
Loading…
Cancel
Save