Add upload policy for glance v2 api
Related to bug 1250918 There currently exists no check in set_data function for glance api v2 in the policy layer. This patch adds upload_image policy. DocImpact Change-Id: Ibccc78f8bccff3baa5aca574cf17bd14c5403ca2
This commit is contained in:
parent
14d8fe408a
commit
d35bcee6ab
|
@ -50,6 +50,10 @@ The actions that may have a rule enforced on them are:
|
|||
* ``GET /v1/images/<IMAGE_ID>``
|
||||
* ``GET /v2/images/<IMAGE_ID>/file``
|
||||
|
||||
* ``upload_image`` - Upload binary image data
|
||||
|
||||
* ``PUT /v2/images/<IMAGE_ID>/file``
|
||||
|
||||
* ``add_image`` - Create an image entity
|
||||
|
||||
* ``POST /v1/images``
|
||||
|
|
|
@ -4,12 +4,14 @@
|
|||
|
||||
"add_image": "",
|
||||
"delete_image": "",
|
||||
"download_image": "",
|
||||
"get_image": "",
|
||||
"get_images": "",
|
||||
"modify_image": "",
|
||||
"publicize_image": "",
|
||||
|
||||
"download_image": "",
|
||||
"upload_image": "",
|
||||
|
||||
"delete_image_location": "",
|
||||
"get_image_location": "",
|
||||
"set_image_location": "",
|
||||
|
|
|
@ -233,6 +233,10 @@ class ImageProxy(glance.domain.proxy.Image):
|
|||
self.policy.enforce(self.context, 'download_image', {})
|
||||
return self.image.get_data(*args, **kwargs)
|
||||
|
||||
def set_data(self, *args, **kwargs):
|
||||
self.policy.enforce(self.context, 'upload_image', {})
|
||||
return self.image.set_data(*args, **kwargs)
|
||||
|
||||
def get_member_repo(self, **kwargs):
|
||||
member_repo = self.image.get_member_repo(**kwargs)
|
||||
return ImageMemberRepoProxy(member_repo, self.context, self.policy)
|
||||
|
|
|
@ -5,12 +5,14 @@
|
|||
|
||||
"add_image": "",
|
||||
"delete_image": "",
|
||||
"download_image": "",
|
||||
"get_image": "",
|
||||
"get_images": "",
|
||||
"modify_image": "",
|
||||
"publicize_image": "",
|
||||
|
||||
"download_image": "",
|
||||
"upload_image": "",
|
||||
|
||||
"delete_image_location": "",
|
||||
"get_image_location": "",
|
||||
"set_image_location": "",
|
||||
|
|
|
@ -268,6 +268,12 @@ class TestImagePolicy(test_utils.BaseTestCase):
|
|||
self.assertRaises(exception.Forbidden, image.get_data)
|
||||
self.policy.enforce.assert_called_once_with({}, "download_image", {})
|
||||
|
||||
def test_image_set_data(self):
|
||||
self.policy.enforce.side_effect = exception.Forbidden
|
||||
image = glance.api.policy.ImageProxy(self.image_stub, {}, self.policy)
|
||||
self.assertRaises(exception.Forbidden, image.set_data)
|
||||
self.policy.enforce.assert_called_once_with({}, "upload_image", {})
|
||||
|
||||
|
||||
class TestMemberPolicy(test_utils.BaseTestCase):
|
||||
def setUp(self):
|
||||
|
|
Loading…
Reference in New Issue