Filter enviroment list by project id
Modified a "List Environments" API call to add an ability to filter environments by an owner project (tenant). The request now supports extra query parameter - tenant. If this parameter is passed the list of returned environments is filtered to return only the environments owned by the tenant with this id. This operation requires a 'list_environments_all_tenants' policy to be enabled for a caller user (by default it means that the user has to have an "admin" role). Implements-blueprint: list-environments-of-a-given-project ApiImpact Change-Id: I90b0dd672d5a431f63e52753d7f517fd3d0ec6eb
This commit is contained in:
Alexander Tivelkov
parent
f17a8f3dae
commit
8e7cb32077
@ -43,12 +43,17 @@ class Controller(object):
|
||||
@request_statistics.stats_count(API_NAME, 'Index')
|
||||
def index(self, request):
|
||||
all_tenants = request.GET.get('all_tenants', 'false').lower() == 'true'
|
||||
LOG.debug('Environments:List <all_tenants: {tenants}>'.format(
|
||||
tenants=all_tenants))
|
||||
tenant = request.GET.get('tenant', None)
|
||||
LOG.debug('Environments:List <all_tenants: {tenants}, '
|
||||
'tenant: {tenant}>'.format(tenants=all_tenants,
|
||||
tenant=tenant))
|
||||
|
||||
if all_tenants:
|
||||
policy.check('list_environments_all_tenants', request.context)
|
||||
filters = {}
|
||||
elif tenant:
|
||||
policy.check('list_environments_all_tenants', request.context)
|
||||
filters = {'tenant_id': tenant}
|
||||
else:
|
||||
policy.check('list_environments', request.context)
|
||||
# Only environments from same tenant as user should be returned
|
||||
|
||||
@ -60,12 +60,44 @@ class TestEnvironmentApi(tb.ControllerTest, tb.MuranoApiTestCase):
|
||||
tenant="other")
|
||||
req.get_response(self.api)
|
||||
|
||||
self._check_listing(False, 'list_environments', 0)
|
||||
self._check_listing(True, 'list_environments_all_tenants', 1)
|
||||
self._check_listing(False, None, 'list_environments', 0)
|
||||
self._check_listing(True, None, 'list_environments_all_tenants', 1)
|
||||
|
||||
def _check_listing(self, all_tenants, expected_check, expected_count):
|
||||
def test_list_given_tenant(self):
|
||||
self._set_policy_rules(
|
||||
{'list_environments': '@',
|
||||
'create_environment': '@',
|
||||
'list_environments_all_tenants': '@'}
|
||||
)
|
||||
self.expect_policy_check('create_environment')
|
||||
self.expect_policy_check('create_environment')
|
||||
self.expect_policy_check('create_environment')
|
||||
|
||||
body = {'name': 'my_env1'}
|
||||
req = self._post('/environments', jsonutils.dump_as_bytes(body),
|
||||
tenant="foo")
|
||||
req.get_response(self.api)
|
||||
body = {'name': 'my_env2'}
|
||||
req = self._post('/environments', jsonutils.dump_as_bytes(body),
|
||||
tenant="bar")
|
||||
req.get_response(self.api)
|
||||
|
||||
body = {'name': 'my_env3'}
|
||||
req = self._post('/environments', jsonutils.dump_as_bytes(body),
|
||||
tenant="bar")
|
||||
req.get_response(self.api)
|
||||
|
||||
self._check_listing(False, "foo", 'list_environments_all_tenants', 1)
|
||||
self._check_listing(False, "bar", 'list_environments_all_tenants', 2)
|
||||
self._check_listing(False, "other", 'list_environments_all_tenants', 0)
|
||||
|
||||
def _check_listing(self, all_tenants, tenant, expected_check,
|
||||
expected_count):
|
||||
self.expect_policy_check(expected_check)
|
||||
req = self._get('/environments', {'all_tenants': all_tenants})
|
||||
params = {'all_tenants': all_tenants}
|
||||
if tenant:
|
||||
params['tenant'] = tenant
|
||||
req = self._get('/environments', params)
|
||||
response = req.get_response(self.api)
|
||||
body = jsonutils.loads(response.body)
|
||||
self.assertEqual(200, response.status_code)
|
||||
|
||||
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- >
|
||||
"List Environments" API call is now able to filter environments by an owner
|
||||
project (tenant).
|
||||
Loading…
x
Reference in New Issue
Block a user