diff --git a/devstack/files/monasca-api/api-config.yml b/devstack/files/monasca-api/api-config.yml index 64e820530..31a38c501 100644 --- a/devstack/files/monasca-api/api-config.yml +++ b/devstack/files/monasca-api/api-config.yml @@ -123,7 +123,7 @@ middleware: connPoolMinIdleTime: 600000 connRetryTimes: 2 connRetryInterval: 50 - defaultAuthorizedRoles: [user, domainuser, domainadmin, monasca-user, admin] + defaultAuthorizedRoles: [monasca-user] readOnlyAuthorizedRoles: [monasca-read-only-user] agentAuthorizedRoles: [monasca-agent] delegateAuthorizedRole: admin diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 9d61fce40..80c27f4f0 100755 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -841,7 +841,7 @@ function configure_monasca_api_python { iniset "$MONASCA_API_CONF" keystone_authtoken identity_uri "http://$SERVICE_HOST:35357" iniset "$MONASCA_API_CONF" keystone_authtoken auth_uri "http://$SERVICE_HOST:5000" - iniset "$MONASCA_API_CONF" security default_authorized_roles "user, domainuser, domainadmin, monasca-user" + iniset "$MONASCA_API_CONF" security default_authorized_roles "monasca-user" iniset "$MONASCA_API_CONF" security agent_authorized_roles "monasca-agent" iniset "$MONASCA_API_CONF" security read_only_authorized_roles "monasca-read-only-user" iniset "$MONASCA_API_CONF" security delegate_authorized_roles "admin" diff --git a/monasca_api/conf/security.py b/monasca_api/conf/security.py index 268f11f12..b80e80009 100644 --- a/monasca_api/conf/security.py +++ b/monasca_api/conf/security.py @@ -17,7 +17,7 @@ from oslo_config import cfg security_opts = [ - cfg.ListOpt('default_authorized_roles', default=['admin'], + cfg.ListOpt('default_authorized_roles', default=['monasca-user'], help=''' Roles that are allowed full access to the API '''), diff --git a/monasca_api/tests/test_alarms.py b/monasca_api/tests/test_alarms.py index 14bc7c52a..698a5c8ba 100644 --- a/monasca_api/tests/test_alarms.py +++ b/monasca_api/tests/test_alarms.py @@ -189,7 +189,7 @@ class TestAlarmsStateHistory(AlarmTestBase): response = self.simulate_request( u'/v2.0/alarms/%s/state-history/' % ALARM_HISTORY[u"alarm_id"], headers={ - 'X-Roles': 'admin', + 'X-Roles': CONF.security.default_authorized_roles[0], 'X-Tenant-Id': TENANT_ID, }) @@ -241,7 +241,9 @@ class TestAlarmDefinition(AlarmTestBase): } response = self.simulate_request("/v2.0/alarm-definitions/", - headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID}, + headers={'X-Roles': + CONF.security.default_authorized_roles[0], + 'X-Tenant-Id': TENANT_ID}, method="POST", body=json.dumps(alarm_def)) @@ -297,7 +299,9 @@ class TestAlarmDefinition(AlarmTestBase): alarm_def[u'expression'] = expression expected_data[u'expression'] = expression response = self.simulate_request("/v2.0/alarm-definitions/", - headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID}, + headers={'X-Roles': + CONF.security.default_authorized_roles[0], + 'X-Tenant-Id': TENANT_ID}, method="POST", body=json.dumps(alarm_def)) @@ -321,7 +325,8 @@ class TestAlarmDefinition(AlarmTestBase): for expression in bad_expressions: alarm_def[u'expression'] = expression self.simulate_request("/v2.0/alarm-definitions/", - headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID}, + headers={'X-Roles': CONF.security.default_authorized_roles[0], + 'X-Tenant-Id': TENANT_ID}, method="POST", body=json.dumps(alarm_def)) @@ -400,7 +405,9 @@ class TestAlarmDefinition(AlarmTestBase): } result = self.simulate_request("/v2.0/alarm-definitions/%s" % expected_def[u'id'], - headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID}, + headers={'X-Roles': + CONF.security.default_authorized_roles[0], + 'X-Tenant-Id': TENANT_ID}, method="PUT", body=json.dumps(alarm_def)) @@ -416,7 +423,7 @@ class TestAlarmDefinition(AlarmTestBase): self.simulate_request( "/v2.0/alarm-definitions/", headers={ - 'X-Roles': 'admin', + 'X-Roles': CONF.security.default_authorized_roles[0], 'X-Tenant-Id': TENANT_ID}, method="PATCH", body=json.dumps(alarm_def)) @@ -431,7 +438,7 @@ class TestAlarmDefinition(AlarmTestBase): self.simulate_request( "/v2.0/alarm-definitions/", headers={ - 'X-Roles': 'admin', + 'X-Roles': CONF.security.default_authorized_roles[0], 'X-Tenant-Id': TENANT_ID}, method="PUT", body=json.dumps(alarm_def)) @@ -443,7 +450,7 @@ class TestAlarmDefinition(AlarmTestBase): self.simulate_request( "/v2.0/alarm-definitions/", headers={ - 'X-Roles': 'admin', + 'X-Roles': CONF.security.default_authorized_roles[0], 'X-Tenant-Id': TENANT_ID}, method="DELETE") @@ -519,7 +526,9 @@ class TestAlarmDefinition(AlarmTestBase): } result = self.simulate_request("/v2.0/alarm-definitions/%s" % expected_def[u'id'], - headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID}, + headers={'X-Roles': + CONF.security.default_authorized_roles[0], + 'X-Tenant-Id': TENANT_ID}, method="PATCH", body=json.dumps(alarm_def)) @@ -629,7 +638,9 @@ class TestAlarmDefinition(AlarmTestBase): } result = self.simulate_request("/v2.0/alarm-definitions/%s" % expected_def[u'id'], - headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID}, + headers={'X-Roles': + CONF.security.default_authorized_roles[0], + 'X-Tenant-Id': TENANT_ID}, method="PUT", body=json.dumps(alarm_def)) @@ -641,7 +652,9 @@ class TestAlarmDefinition(AlarmTestBase): del alarm_def[key] self.simulate_request("/v2.0/alarm-definitions/%s" % expected_def[u'id'], - headers={'X-Roles': 'admin', 'X-Tenant-Id': TENANT_ID}, + headers={'X-Roles': + CONF.security.default_authorized_roles[0], + 'X-Tenant-Id': TENANT_ID}, method="PUT", body=json.dumps(alarm_def)) self.assertEqual(self.srmock.status, "422 Unprocessable Entity", @@ -683,7 +696,7 @@ class TestAlarmDefinition(AlarmTestBase): response = self.simulate_request( '/v2.0/alarm-definitions/%s' % (expected_data[u'id']), headers={ - 'X-Roles': 'admin', + 'X-Roles': CONF.security.default_authorized_roles[0], 'X-Tenant-Id': TENANT_ID, }) @@ -722,7 +735,7 @@ class TestAlarmDefinition(AlarmTestBase): response = self.simulate_request( '/v2.0/alarm-definitions/%s' % (expected_data[u'id']), headers={ - 'X-Roles': 'admin', + 'X-Roles': CONF.security.default_authorized_roles[0], 'X-Tenant-Id': TENANT_ID, }) @@ -760,7 +773,7 @@ class TestAlarmDefinition(AlarmTestBase): response = self.simulate_request( '/v2.0/alarm-definitions/%s' % (expected_data[u'id']), headers={ - 'X-Roles': 'admin', + 'X-Roles': CONF.security.default_authorized_roles[0], 'X-Tenant-Id': TENANT_ID, } )