[Pecan] Fix custom tenant_id project_id matching
This patch fixes the missing custom tenant_id and project_id
matching on policy_enforcement.py
Change-Id: I278759f6b65cce7caa4f66fa694488b75f0459b6
Closes-Bug: #1674517
(cherry picked from commit 0193777e60
)
This commit is contained in:
parent
633b452e28
commit
0c0c60fecb
|
@ -220,6 +220,13 @@ class PolicyHook(hooks.PecanHook):
|
|||
"""
|
||||
attributes_to_exclude = []
|
||||
for attr_name in data.keys():
|
||||
# TODO(amotoki): All attribute maps have tenant_id and
|
||||
# it determines excluded attributes based on tenant_id.
|
||||
# We need to migrate tenant_id to project_id later
|
||||
# as attr_info is referred to in various places and we need
|
||||
# to check all logs carefully.
|
||||
if attr_name == 'project_id':
|
||||
continue
|
||||
attr_data = controller.resource_info.get(attr_name)
|
||||
if attr_data and attr_data['is_visible']:
|
||||
if policy.check(
|
||||
|
@ -235,4 +242,9 @@ class PolicyHook(hooks.PecanHook):
|
|||
# if the code reaches this point then either the policy check
|
||||
# failed or the attribute was not visible in the first place
|
||||
attributes_to_exclude.append(attr_name)
|
||||
# TODO(amotoki): As mentioned in the above TODO,
|
||||
# we treat project_id and tenant_id equivalently.
|
||||
# This should be migrated to project_id later.
|
||||
if attr_name == 'tenant_id':
|
||||
attributes_to_exclude.append('project_id')
|
||||
return attributes_to_exclude
|
||||
|
|
|
@ -1002,3 +1002,24 @@ class TestParentSubresourceController(test_functional.PecanFunctionalTest):
|
|||
self.assertEqual(200, resp.status_int)
|
||||
self.assertEqual({'fake_duplicates': [{'fake': 'something'}]},
|
||||
resp.json)
|
||||
|
||||
|
||||
class TestExcludeAttributePolicy(test_functional.PecanFunctionalTest):
|
||||
|
||||
def setUp(self):
|
||||
super(TestExcludeAttributePolicy, self).setUp()
|
||||
policy.init()
|
||||
self.addCleanup(policy.reset)
|
||||
plugin = directory.get_plugin()
|
||||
ctx = context.get_admin_context()
|
||||
self.network_id = pecan_utils.create_network(ctx, plugin)['id']
|
||||
mock.patch('neutron.pecan_wsgi.controllers.resource.'
|
||||
'CollectionsController.get').start()
|
||||
|
||||
def test_get_networks(self):
|
||||
response = self.app.get('/v2.0/networks/%s.json' % self.network_id,
|
||||
headers={'X-Project-Id': 'tenid'})
|
||||
json_body = jsonutils.loads(response.body)
|
||||
self.assertEqual(response.status_int, 200)
|
||||
self.assertEqual('tenid', json_body['network']['project_id'])
|
||||
self.assertEqual('tenid', json_body['network']['tenant_id'])
|
||||
|
|
Loading…
Reference in New Issue