3fb9b981b0
In manila/api/v1/security_service.py, the context.is_admin check is removed, allowing the subsequent policy check to determine whether the user can retrieve all security services. Authorization is determined by the RBAC policy "security_services:get_all_security_services". In manila/tests/api/v1/test_security_service.py, unit tests for listing security services based on admin context were replaced with unit tests for listing security services based on whether the user is authorized or not. The unit test test_security_services_list_all_tenants_policy_authorized asserts that the security services are retrieved when policy.check_policy returns True. The unit test test_security_services_list_all_tenants_policy_not_authorized asserts that security services are not retrieved when policy.check_policy raises a NotAuthorized exception. Closes-Bug: #1916102 Change-Id: I6cce61237f5ee3ce60d8165f6fac5e7e5a63b4dd Depends-On: https://review.opendev.org/c/openstack/manila-tempest-plugin/+/840727
7 lines
192 B
YAML
7 lines
192 B
YAML
---
|
|
fixes:
|
|
- |
|
|
Decoupled the RBAC ``share:get_all_security_services`` from
|
|
``context_is_admin``, potentially allowing the use of the
|
|
``all_tenants`` query by non-administrators.
|