add access_key to access_list API's response
Expose access credentials/keys returned by storage backends (e.g. Ceph) with an internal authentication system for client identities that are granted share access. Partially implements bp auth-access-keys Depends-On: I486064f117cf3001dba7735ca92a7d89aee3ce5b Change-Id: I312dd311fcee74a7c62bfc62823e5e3cbf2371ec
This commit is contained in:
Ramana Raja
@@ -27,7 +27,7 @@ from manilaclient import utils
|
|||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
MAX_VERSION = '2.19'
|
MAX_VERSION = '2.21'
|
||||||
MIN_VERSION = '2.0'
|
MIN_VERSION = '2.0'
|
||||||
DEPRECATED_VERSION = '1.0'
|
DEPRECATED_VERSION = '1.0'
|
||||||
_VERSIONED_METHOD_MAP = {}
|
_VERSIONED_METHOD_MAP = {}
|
||||||
|
|||||||
@@ -16,6 +16,7 @@
|
|||||||
import ddt
|
import ddt
|
||||||
from tempest.lib import exceptions as tempest_lib_exc
|
from tempest.lib import exceptions as tempest_lib_exc
|
||||||
|
|
||||||
|
from manilaclient import api_versions
|
||||||
from manilaclient import config
|
from manilaclient import config
|
||||||
from manilaclient.tests.functional import base
|
from manilaclient.tests.functional import base
|
||||||
|
|
||||||
@@ -75,7 +76,7 @@ class ShareAccessReadWriteBase(base.BaseTestCase):
|
|||||||
|
|
||||||
return access
|
return access
|
||||||
|
|
||||||
@ddt.data("1.0", "2.0", "2.6", "2.7")
|
@ddt.data("1.0", "2.0", "2.6", "2.7", "2.21")
|
||||||
def test_create_list_access_rule_for_share(self, microversion):
|
def test_create_list_access_rule_for_share(self, microversion):
|
||||||
self.skip_if_microversion_not_supported(microversion)
|
self.skip_if_microversion_not_supported(microversion)
|
||||||
access = self._test_create_list_access_rule_for_share(
|
access = self._test_create_list_access_rule_for_share(
|
||||||
@@ -90,6 +91,11 @@ class ShareAccessReadWriteBase(base.BaseTestCase):
|
|||||||
self.assertTrue(any(a['access_to'] is not None for a in access_list))
|
self.assertTrue(any(a['access_to'] is not None for a in access_list))
|
||||||
self.assertTrue(any(a['access_level'] is not None
|
self.assertTrue(any(a['access_level'] is not None
|
||||||
for a in access_list))
|
for a in access_list))
|
||||||
|
if (api_versions.APIVersion(microversion) >=
|
||||||
|
api_versions.APIVersion("2.21")):
|
||||||
|
self.assertTrue(all('access_key' in a for a in access_list))
|
||||||
|
else:
|
||||||
|
self.assertTrue(all('access_key' not in a for a in access_list))
|
||||||
|
|
||||||
@ddt.data("1.0", "2.0", "2.6", "2.7")
|
@ddt.data("1.0", "2.0", "2.6", "2.7")
|
||||||
def test_create_list_access_rule_for_share_select_column(
|
def test_create_list_access_rule_for_share_select_column(
|
||||||
@@ -126,6 +132,11 @@ class ShareAccessReadWriteBase(base.BaseTestCase):
|
|||||||
self.assertEqual(access_to.replace('\\\\', '\\'),
|
self.assertEqual(access_to.replace('\\\\', '\\'),
|
||||||
access.get('access_to'))
|
access.get('access_to'))
|
||||||
self.assertEqual(self.access_level, access.get('access_level'))
|
self.assertEqual(self.access_level, access.get('access_level'))
|
||||||
|
if (api_versions.APIVersion(microversion) >=
|
||||||
|
api_versions.APIVersion("2.21")):
|
||||||
|
self.assertIn('access_key', access)
|
||||||
|
else:
|
||||||
|
self.assertNotIn('access_key', access)
|
||||||
|
|
||||||
self.user_client.wait_for_access_rule_status(share_id, access['id'])
|
self.user_client.wait_for_access_rule_status(share_id, access['id'])
|
||||||
self.user_client.access_deny(share_id, access['id'])
|
self.user_client.access_deny(share_id, access['id'])
|
||||||
@@ -134,17 +145,17 @@ class ShareAccessReadWriteBase(base.BaseTestCase):
|
|||||||
self.assertRaises(tempest_lib_exc.NotFound,
|
self.assertRaises(tempest_lib_exc.NotFound,
|
||||||
self.user_client.get_access, share_id, access['id'])
|
self.user_client.get_access, share_id, access['id'])
|
||||||
|
|
||||||
@ddt.data("1.0", "2.0", "2.6", "2.7")
|
@ddt.data("1.0", "2.0", "2.6", "2.7", "2.21")
|
||||||
def test_create_delete_ip_access_rule(self, microversion):
|
def test_create_delete_ip_access_rule(self, microversion):
|
||||||
self._create_delete_access_rule(
|
self._create_delete_access_rule(
|
||||||
self.share_id, 'ip', self.access_to['ip'].pop(), microversion)
|
self.share_id, 'ip', self.access_to['ip'].pop(), microversion)
|
||||||
|
|
||||||
@ddt.data("1.0", "2.0", "2.6", "2.7")
|
@ddt.data("1.0", "2.0", "2.6", "2.7", "2.21")
|
||||||
def test_create_delete_user_access_rule(self, microversion):
|
def test_create_delete_user_access_rule(self, microversion):
|
||||||
self._create_delete_access_rule(
|
self._create_delete_access_rule(
|
||||||
self.share_id, 'user', CONF.username_for_user_rules, microversion)
|
self.share_id, 'user', CONF.username_for_user_rules, microversion)
|
||||||
|
|
||||||
@ddt.data("1.0", "2.0", "2.6", "2.7")
|
@ddt.data("1.0", "2.0", "2.6", "2.7", "2.21")
|
||||||
def test_create_delete_cert_access_rule(self, microversion):
|
def test_create_delete_cert_access_rule(self, microversion):
|
||||||
self._create_delete_access_rule(
|
self._create_delete_access_rule(
|
||||||
self.share_id, 'cert', self.access_to['cert'].pop(), microversion)
|
self.share_id, 'cert', self.access_to['cert'].pop(), microversion)
|
||||||
|
|||||||
@@ -1362,7 +1362,8 @@ class ShellTest(test_utils.TestCase):
|
|||||||
self.run_command("access-list 1111")
|
self.run_command("access-list 1111")
|
||||||
cliutils.print_list.assert_called_with(
|
cliutils.print_list.assert_called_with(
|
||||||
mock.ANY,
|
mock.ANY,
|
||||||
['id', 'access_type', 'access_to', 'access_level', 'state'])
|
['id', 'access_type', 'access_to', 'access_level', 'state',
|
||||||
|
'access_key'])
|
||||||
|
|
||||||
@mock.patch.object(cliutils, 'print_list', mock.Mock())
|
@mock.patch.object(cliutils, 'print_list', mock.Mock())
|
||||||
def test_access_list_select_column(self):
|
def test_access_list_select_column(self):
|
||||||
|
|||||||
@@ -1113,6 +1113,7 @@ def do_access_deny(cs, args):
|
|||||||
share.deny(args.id)
|
share.deny(args.id)
|
||||||
|
|
||||||
|
|
||||||
|
@api_versions.wraps("1.0", "2.20")
|
||||||
@cliutils.arg(
|
@cliutils.arg(
|
||||||
'share',
|
'share',
|
||||||
metavar='<share>',
|
metavar='<share>',
|
||||||
@@ -1127,7 +1128,34 @@ def do_access_deny(cs, args):
|
|||||||
def do_access_list(cs, args):
|
def do_access_list(cs, args):
|
||||||
"""Show access list for share."""
|
"""Show access list for share."""
|
||||||
list_of_keys = [
|
list_of_keys = [
|
||||||
'id', 'access_type', 'access_to', 'access_level', 'state'
|
'id', 'access_type', 'access_to', 'access_level', 'state',
|
||||||
|
]
|
||||||
|
|
||||||
|
if args.columns is not None:
|
||||||
|
list_of_keys = _split_columns(columns=args.columns)
|
||||||
|
|
||||||
|
share = _find_share(cs, args.share)
|
||||||
|
access_list = share.access_list()
|
||||||
|
cliutils.print_list(access_list, list_of_keys)
|
||||||
|
|
||||||
|
|
||||||
|
@api_versions.wraps("2.21") # noqa
|
||||||
|
@cliutils.arg(
|
||||||
|
'share',
|
||||||
|
metavar='<share>',
|
||||||
|
help='Name or ID of the share.')
|
||||||
|
@cliutils.arg(
|
||||||
|
'--columns',
|
||||||
|
metavar='<columns>',
|
||||||
|
type=str,
|
||||||
|
default=None,
|
||||||
|
help='Comma separated list of columns to be displayed '
|
||||||
|
'e.g. --columns "access_type,access_to"')
|
||||||
|
def do_access_list(cs, args):
|
||||||
|
"""Show access list for share."""
|
||||||
|
list_of_keys = [
|
||||||
|
'id', 'access_type', 'access_to', 'access_level', 'state',
|
||||||
|
'access_key'
|
||||||
]
|
]
|
||||||
|
|
||||||
if args.columns is not None:
|
if args.columns is not None:
|
||||||
|
|||||||
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- Returns ``access_key`` as part of ``access_list`` API
|
||||||
|
response for API microversions >= '2.21'.
|
||||||
Reference in New Issue
Block a user