Fix policy check for API 'security service update'
Manila API for update of security service reads policy for "show" operation but should do it for "update" operation. Change-Id: I675f834fcb75f3b7864094601e47c15f60a0864b Closes-Bug: #1459631
This commit is contained in:
Valeriy Ponomaryov
parent
eff9f92f01
commit
df6ca7ee5f
@ -171,7 +171,7 @@ class SecurityServiceController(wsgi.Controller):
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
security_service = db.security_service_get(context, id)
|
security_service = db.security_service_get(context, id)
|
||||||
policy.check_policy(context, RESOURCE_NAME, 'show',
|
policy.check_policy(context, RESOURCE_NAME, 'update',
|
||||||
security_service)
|
security_service)
|
||||||
except exception.NotFound:
|
except exception.NotFound:
|
||||||
raise exc.HTTPNotFound()
|
raise exc.HTTPNotFound()
|
||||||
|
|||||||
@ -160,6 +160,7 @@ class ShareApiTest(test.TestCase):
|
|||||||
new = self.ss_active_directory.copy()
|
new = self.ss_active_directory.copy()
|
||||||
updated = self.ss_active_directory.copy()
|
updated = self.ss_active_directory.copy()
|
||||||
updated['name'] = 'new'
|
updated['name'] = 'new'
|
||||||
|
self.mock_object(security_service.policy, 'check_policy')
|
||||||
db.security_service_get = mock.Mock(return_value=new)
|
db.security_service_get = mock.Mock(return_value=new)
|
||||||
db.security_service_update = mock.Mock(return_value=updated)
|
db.security_service_update = mock.Mock(return_value=updated)
|
||||||
db.share_network_get_all_by_security_service = mock.Mock(
|
db.share_network_get_all_by_security_service = mock.Mock(
|
||||||
@ -173,11 +174,17 @@ class ShareApiTest(test.TestCase):
|
|||||||
self.assertEqual(res_dict['name'], updated['name'])
|
self.assertEqual(res_dict['name'], updated['name'])
|
||||||
db.share_network_get_all_by_security_service.assert_called_once_with(
|
db.share_network_get_all_by_security_service.assert_called_once_with(
|
||||||
req.environ['manila.context'], 1)
|
req.environ['manila.context'], 1)
|
||||||
|
self.assertEqual(2, security_service.policy.check_policy.call_count)
|
||||||
|
security_service.policy.check_policy.assert_has_calls([
|
||||||
|
mock.call(req.environ['manila.context'],
|
||||||
|
security_service.RESOURCE_NAME, 'update', new)
|
||||||
|
])
|
||||||
|
|
||||||
def test_security_service_update_description(self):
|
def test_security_service_update_description(self):
|
||||||
new = self.ss_active_directory.copy()
|
new = self.ss_active_directory.copy()
|
||||||
updated = self.ss_active_directory.copy()
|
updated = self.ss_active_directory.copy()
|
||||||
updated['description'] = 'new'
|
updated['description'] = 'new'
|
||||||
|
self.mock_object(security_service.policy, 'check_policy')
|
||||||
db.security_service_get = mock.Mock(return_value=new)
|
db.security_service_get = mock.Mock(return_value=new)
|
||||||
db.security_service_update = mock.Mock(return_value=updated)
|
db.security_service_update = mock.Mock(return_value=updated)
|
||||||
db.share_network_get_all_by_security_service = mock.Mock(
|
db.share_network_get_all_by_security_service = mock.Mock(
|
||||||
@ -191,16 +198,21 @@ class ShareApiTest(test.TestCase):
|
|||||||
self.assertEqual(res_dict['description'], updated['description'])
|
self.assertEqual(res_dict['description'], updated['description'])
|
||||||
db.share_network_get_all_by_security_service.assert_called_once_with(
|
db.share_network_get_all_by_security_service.assert_called_once_with(
|
||||||
req.environ['manila.context'], 1)
|
req.environ['manila.context'], 1)
|
||||||
|
self.assertEqual(2, security_service.policy.check_policy.call_count)
|
||||||
|
security_service.policy.check_policy.assert_has_calls([
|
||||||
|
mock.call(req.environ['manila.context'],
|
||||||
|
security_service.RESOURCE_NAME, 'update', new)
|
||||||
|
])
|
||||||
|
|
||||||
@mock.patch.object(db, 'security_service_get', mock.Mock())
|
@mock.patch.object(db, 'security_service_get', mock.Mock())
|
||||||
@mock.patch.object(db, 'share_network_get_all_by_security_service',
|
@mock.patch.object(db, 'share_network_get_all_by_security_service',
|
||||||
mock.Mock())
|
mock.Mock())
|
||||||
def test_security_service_update_invalid_keys_sh_server_exists(self):
|
def test_security_service_update_invalid_keys_sh_server_exists(self):
|
||||||
|
self.mock_object(security_service.policy, 'check_policy')
|
||||||
db.share_network_get_all_by_security_service.return_value = [
|
db.share_network_get_all_by_security_service.return_value = [
|
||||||
{'id': 'fake_id', 'share_servers': 'fake_share_servers'},
|
{'id': 'fake_id', 'share_servers': 'fake_share_servers'},
|
||||||
]
|
]
|
||||||
security_service = self.ss_active_directory.copy()
|
db.security_service_get.return_value = self.ss_active_directory.copy()
|
||||||
db.security_service_get.return_value = security_service
|
|
||||||
body = {'security_service': {'user_id': 'new_user'}}
|
body = {'security_service': {'user_id': 'new_user'}}
|
||||||
req = fakes.HTTPRequest.blank('/security_services/1')
|
req = fakes.HTTPRequest.blank('/security_services/1')
|
||||||
self.assertRaises(webob.exc.HTTPForbidden, self.controller.update,
|
self.assertRaises(webob.exc.HTTPForbidden, self.controller.update,
|
||||||
@ -209,12 +221,19 @@ class ShareApiTest(test.TestCase):
|
|||||||
req.environ['manila.context'], 1)
|
req.environ['manila.context'], 1)
|
||||||
db.share_network_get_all_by_security_service.assert_called_once_with(
|
db.share_network_get_all_by_security_service.assert_called_once_with(
|
||||||
req.environ['manila.context'], 1)
|
req.environ['manila.context'], 1)
|
||||||
|
self.assertEqual(1, security_service.policy.check_policy.call_count)
|
||||||
|
security_service.policy.check_policy.assert_has_calls([
|
||||||
|
mock.call(req.environ['manila.context'],
|
||||||
|
security_service.RESOURCE_NAME, 'update',
|
||||||
|
db.security_service_get.return_value)
|
||||||
|
])
|
||||||
|
|
||||||
@mock.patch.object(db, 'security_service_get', mock.Mock())
|
@mock.patch.object(db, 'security_service_get', mock.Mock())
|
||||||
@mock.patch.object(db, 'security_service_update', mock.Mock())
|
@mock.patch.object(db, 'security_service_update', mock.Mock())
|
||||||
@mock.patch.object(db, 'share_network_get_all_by_security_service',
|
@mock.patch.object(db, 'share_network_get_all_by_security_service',
|
||||||
mock.Mock())
|
mock.Mock())
|
||||||
def test_security_service_update_valid_keys_sh_server_exists(self):
|
def test_security_service_update_valid_keys_sh_server_exists(self):
|
||||||
|
self.mock_object(security_service.policy, 'check_policy')
|
||||||
db.share_network_get_all_by_security_service.return_value = [
|
db.share_network_get_all_by_security_service.return_value = [
|
||||||
{'id': 'fake_id', 'share_servers': 'fake_share_servers'},
|
{'id': 'fake_id', 'share_servers': 'fake_share_servers'},
|
||||||
]
|
]
|
||||||
@ -240,6 +259,11 @@ class ShareApiTest(test.TestCase):
|
|||||||
req.environ['manila.context'], 1)
|
req.environ['manila.context'], 1)
|
||||||
db.security_service_update.assert_called_once_with(
|
db.security_service_update.assert_called_once_with(
|
||||||
req.environ['manila.context'], 1, body['security_service'])
|
req.environ['manila.context'], 1, body['security_service'])
|
||||||
|
self.assertEqual(2, security_service.policy.check_policy.call_count)
|
||||||
|
security_service.policy.check_policy.assert_has_calls([
|
||||||
|
mock.call(req.environ['manila.context'],
|
||||||
|
security_service.RESOURCE_NAME, 'update', old)
|
||||||
|
])
|
||||||
|
|
||||||
def test_security_service_list(self):
|
def test_security_service_list(self):
|
||||||
db.security_service_get_all_by_project = mock.Mock(
|
db.security_service_get_all_by_project = mock.Mock(
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user