Update access control of show under hostAPI
Update the detection mechanism of show interface under the host API. Replacement detection mode, and add policy for host show API. Change-Id: I76ca1251cd14da6c777bd48a28906d8362d836b0 Closes-Bug: #1732808
This commit is contained in:
parent
bfbff1ef64
commit
f39c3fac2c
|
@ -146,9 +146,7 @@ class HostController(wsgi.Controller):
|
|||
"""
|
||||
host = id
|
||||
context = req.environ['cinder.context']
|
||||
if not context.is_admin:
|
||||
msg = _("Describe-resource is admin only functionality")
|
||||
raise webob.exc.HTTPForbidden(explanation=msg)
|
||||
context.authorize(policy.MANAGE_POLICY)
|
||||
|
||||
# Not found exception will be handled at the wsgi level
|
||||
host_ref = objects.Service.get_by_host_and_topic(
|
||||
|
|
|
@ -24,7 +24,7 @@ hosts_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
name=MANAGE_POLICY,
|
||||
check_str=base.RULE_ADMIN_API,
|
||||
description="List or update hosts for a project.",
|
||||
description="List, update or show hosts for a project.",
|
||||
operations=[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
@ -33,6 +33,10 @@ hosts_policies = [
|
|||
{
|
||||
'method': 'PUT',
|
||||
'path': '/os-hosts/{host_name}'
|
||||
},
|
||||
{
|
||||
'method': 'GET',
|
||||
'path': '/os-hosts/{host_id}'
|
||||
}
|
||||
])
|
||||
]
|
||||
|
|
|
@ -214,7 +214,7 @@ class HostTestCase(test.TestCase):
|
|||
def test_show_forbidden(self):
|
||||
self.req.environ['cinder.context'].is_admin = False
|
||||
dest = 'dummydest'
|
||||
self.assertRaises(webob.exc.HTTPForbidden,
|
||||
self.assertRaises(exception.PolicyNotAuthorized,
|
||||
self.controller.show,
|
||||
self.req, dest)
|
||||
self.req.environ['cinder.context'].is_admin = True
|
||||
|
|
Loading…
Reference in New Issue