Merge "Add authorization checks to flavormanage extension"
This commit is contained in:
commit
6a239cb7a2
@ -22,6 +22,7 @@
|
||||
"compute_extension:disk_config": [],
|
||||
"compute_extension:extended_status": [["rule:admin_api"]],
|
||||
"compute_extension:flavorextraspecs": [],
|
||||
"compute_extension:flavormanage": [["rule:admin_api"]],
|
||||
"compute_extension:floating_ip_dns": [],
|
||||
"compute_extension:floating_ip_pools": [],
|
||||
"compute_extension:floating_ips": [],
|
||||
|
@ -12,20 +12,19 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License
|
||||
|
||||
import urlparse
|
||||
|
||||
import webob
|
||||
|
||||
from nova.api.openstack import extensions
|
||||
from nova.api.openstack import wsgi
|
||||
from nova.api.openstack.compute import flavors as flavors_api
|
||||
from nova.api.openstack.compute.views import flavors as flavors_view
|
||||
from nova.api.openstack import extensions
|
||||
from nova.api.openstack import wsgi
|
||||
from nova.compute import instance_types
|
||||
from nova import log as logging
|
||||
from nova import exception
|
||||
from nova import log as logging
|
||||
|
||||
|
||||
LOG = logging.getLogger('nova.api.openstack.compute.contrib.flavormanage')
|
||||
authorize = extensions.extension_authorizer('compute', 'flavormanage')
|
||||
|
||||
|
||||
class FlavorManageController(wsgi.Controller):
|
||||
@ -40,9 +39,7 @@ class FlavorManageController(wsgi.Controller):
|
||||
@wsgi.action("delete")
|
||||
def _delete(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
|
||||
if not context.is_admin:
|
||||
return webob.Response(status_int=403)
|
||||
authorize(context)
|
||||
|
||||
try:
|
||||
flavor = instance_types.get_instance_type_by_flavor_id(id)
|
||||
@ -57,9 +54,7 @@ class FlavorManageController(wsgi.Controller):
|
||||
@wsgi.serializers(xml=flavors_api.FlavorTemplate)
|
||||
def _create(self, req, body):
|
||||
context = req.environ['nova.context']
|
||||
|
||||
if not context.is_admin:
|
||||
return webob.Response(status_int=403)
|
||||
authorize(context)
|
||||
|
||||
vals = body['flavor']
|
||||
name = vals['name']
|
||||
|
@ -85,23 +85,14 @@ class FlavorManageTest(test.TestCase):
|
||||
super(FlavorManageTest, self).tearDown()
|
||||
|
||||
def test_delete(self):
|
||||
req = fakes.HTTPRequest.blank(
|
||||
'/v2/123/flavor/delete/1234',
|
||||
use_admin_context=True)
|
||||
|
||||
req = fakes.HTTPRequest.blank('/v2/123/flavors/1234')
|
||||
res = self.controller._delete(req, id)
|
||||
self.assertEqual(res.status_int, 202)
|
||||
|
||||
# subsequent delete should fail
|
||||
self.assertRaises(webob.exc.HTTPNotFound,
|
||||
self.controller._delete, req, "failtest")
|
||||
|
||||
req = fakes.HTTPRequest.blank(
|
||||
'/v2/123/flavor/delete/1234',
|
||||
use_admin_context=False)
|
||||
|
||||
res = self.controller._delete(req, id)
|
||||
self.assertEqual(res.status_int, 403)
|
||||
|
||||
def test_create(self):
|
||||
body = {
|
||||
"flavor": {
|
||||
@ -115,16 +106,7 @@ class FlavorManageTest(test.TestCase):
|
||||
}
|
||||
}
|
||||
|
||||
req = fakes.HTTPRequest.blank(
|
||||
'/v2/123/flavor/create/',
|
||||
use_admin_context=True)
|
||||
|
||||
req = fakes.HTTPRequest.blank('/v2/123/flavors')
|
||||
res = self.controller._create(req, body)
|
||||
for key in body["flavor"]:
|
||||
self.assertEquals(res["flavor"][key], body["flavor"][key])
|
||||
|
||||
req = fakes.HTTPRequest.blank(
|
||||
'/v2/123/flavor/create/',
|
||||
use_admin_context=False)
|
||||
res = self.controller._create(req, body)
|
||||
self.assertEqual(res.status_int, 403)
|
||||
|
@ -81,6 +81,7 @@
|
||||
"compute_extension:disk_config": [],
|
||||
"compute_extension:extended_status": [],
|
||||
"compute_extension:flavorextraspecs": [],
|
||||
"compute_extension:flavormanage": [],
|
||||
"compute_extension:floating_ip_dns": [],
|
||||
"compute_extension:floating_ip_pools": [],
|
||||
"compute_extension:floating_ips": [],
|
||||
|
Loading…
Reference in New Issue
Block a user