openstack/ironic
Code Issues Proposed changes

Stop sending custom context values over RPC

Browse Source 
Starting with this change, we stop sending the custom fields in
the context object when communicating over RPC, and remove them
from to_policy_values method, meaning that they can not be used
in policy checks anymore.

Closes-Bug: #1695104
Change-Id: Iefc771a9706cde39db9e9d31c475dfb11b262373
This commit is contained in:
Vladyslav Drok
2017-05-25 13:28:26 +03:00
committed by Dmitry Tantsur
parent 7af1da47ca
commit 099e88a407
2 changed files with 3 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ironic/common/context.py
+3 -20
View File
@@ -30,34 +30,17 @@ class RequestContext(context.RequestContext):
def to_policy_values(self):
policy_values = super(RequestContext, self).to_policy_values()
# TODO(vdrok): remove all of these apart from is_public_api and
# project_name after deprecation period
policy_values.update({
'user': self.user,
'domain_id': self.user_domain,
'domain_name': self.user_domain_name,
'tenant': self.tenant,
'project_name': self.project_name,
'is_public_api': self.is_public_api,
})
return policy_values
def to_dict(self):
# TODO(vdrok): reuse the base class to_dict in Pike
return {'auth_token': self.auth_token,
'user': self.user,
'tenant': self.tenant,
'is_admin': self.is_admin,
'read_only': self.read_only,
'show_deleted': self.show_deleted,
'request_id': self.request_id,
'domain_id': self.user_domain,
'roles': self.roles,
'domain_name': self.user_domain_name,
'is_public_api': self.is_public_api}
@classmethod
def from_dict(cls, values, **kwargs):
# TODO(vdrok): these are left so that if older service communicates
# with a new one, new one could still understand what old one sends,
# remove in Queens
kwargs.setdefault('is_public_api', values.get('is_public_api', False))
if 'domain_id' in values:
kwargs.setdefault('user_domain', values['domain_id'])
ironic/tests/unit/common/test_context.py
-26
View File
@@ -44,22 +44,6 @@ class RequestContextTestCase(tests_base.TestCase):
context_mock.assert_called_once_with()
self.assertFalse(test_context.is_public_api)
def test_to_dict(self):
ctx = context.RequestContext(**self.context_dict)
ctx_dict = ctx.to_dict()
self.assertEqual('auth_token1', ctx_dict['auth_token'])
self.assertEqual('user1', ctx_dict['user'])
self.assertEqual('tenant1', ctx_dict['tenant'])
self.assertTrue(ctx_dict['is_admin'])
self.assertTrue(ctx_dict['read_only'])
self.assertTrue(ctx_dict['show_deleted'])
self.assertEqual('id1', ctx_dict['request_id'])
self.assertTrue(ctx_dict['is_public_api'])
self.assertEqual('domain_id3', ctx_dict['domain_id'])
self.assertEqual('TreeDomain', ctx_dict['domain_name'])
self.assertEqual([], ctx_dict['roles'])
self.assertNotIn('overwrite', ctx_dict)
def test_from_dict(self):
test_context = context.RequestContext.from_dict(
{'project_name': 'demo', 'is_public_api': True,
@@ -71,18 +55,8 @@ class RequestContextTestCase(tests_base.TestCase):
def test_to_policy_values(self):
ctx = context.RequestContext(**self.context_dict)
ctx_dict = ctx.to_policy_values()
self.assertEqual('user1', ctx_dict['user'])
self.assertEqual('user1', ctx_dict['user_id'])
self.assertEqual('tenant1', ctx_dict['tenant'])
self.assertEqual('tenant1', ctx_dict['project_id'])
self.assertEqual('somename', ctx_dict['project_name'])
self.assertTrue(ctx_dict['is_public_api'])
self.assertTrue(ctx_dict['is_admin_project'])
self.assertEqual('domain_id3', ctx_dict['domain_id'])
self.assertEqual('TreeDomain', ctx_dict['domain_name'])
self.assertEqual('domain_id3', ctx_dict['user_domain_id'])
self.assertEqual('domain_id4', ctx_dict['project_domain_id'])
self.assertEqual([], ctx_dict['roles'])
def test_get_admin_context(self):
admin_context = context.get_admin_context()