x/quark
Code Issues Proposed changes

RM5458

Browse Source 
Ensures the diagnostics API extension is admin only always.
This commit is contained in:
Matt Dietz
2014-08-09 19:11:16 +00:00
parent 4430449246
commit cb26a0f970
6 changed files with 41 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
quark/plugin_modules/networks.py
View File

@@ -250,6 +250,9 @@ def _diag_network(context, network, fields):
def diagnose_network(context, id, fields):
if not context.is_admin:
raise exceptions.NotAuthorized()
if id == "*":
return {'networks': [_diag_network(context, net, fields) for
net in db_api.network_find(context, scope=db_api.ALL)]}

3
quark/plugin_modules/ports.py
View File

@@ -465,6 +465,9 @@ def _diag_port(context, port, fields):
def diagnose_port(context, id, fields):
if not context.is_admin:
raise exceptions.NotAuthorized()
if id == "*":
return {'ports': [_diag_port(context, port, fields) for
port in db_api.port_find(context).all()]}

3
quark/plugin_modules/subnets.py
View File

@@ -428,6 +428,9 @@ def delete_subnet(context, id):
def diagnose_subnet(context, id, fields):
if not context.is_admin:
raise exceptions.NotAuthorized()
if id == "*":
return {'subnets': get_subnets(context, filters={})}
return {'subnets': get_subnet(context, id)}

15
quark/tests/plugin_modules/test_networks.py
View File

@@ -392,13 +392,21 @@ class TestQuarkDiagnoseNetworks(test_quark_plugin.TestQuarkPlugin):
def test_diagnose_network_no_network_found(self):
with self._stubs():
with self.assertRaises(exceptions.NetworkNotFound):
self.plugin.diagnose_network(self.context, "12345", None)
self.plugin.diagnose_network(self.context.elevated(), "12345",
None)
def test_diagnose_network_not_authorized(self):
with self._stubs():
with self.assertRaises(exceptions.NotAuthorized):
self.plugin.diagnose_network(self.context, "12345",
None)
def test_diagnose_network_with_wildcard_and_no_networks(self):
db_mod = "quark.db.api"
with mock.patch("%s.network_find" % db_mod) as net_find:
net_find.return_value = []
actual = self.plugin.diagnose_network(self.context, "*", {})
actual = self.plugin.diagnose_network(self.context.elevated(),
"*", {})
expected = {'networks': []}
self.assertEqual(expected, actual)
@@ -410,7 +418,8 @@ class TestQuarkDiagnoseNetworks(test_quark_plugin.TestQuarkPlugin):
db_mod = "quark.db.api"
with mock.patch("%s.network_find" % db_mod) as net_find:
net_find.return_value = [net]
nets = self.plugin.diagnose_network(self.context, "*", {})
nets = self.plugin.diagnose_network(self.context.elevated(),
"*", {})
net.pop("network_plugin")
for key in net.keys():
self.assertEqual(nets['networks'][0][key], net[key])

12
quark/tests/plugin_modules/test_ports.py
View File

@@ -827,7 +827,7 @@ class TestPortDiagnose(test_quark_plugin.TestQuarkPlugin):
backend_key="foo", fixed_ips=fixed_ips,
network_plugin="UNMANAGED"))
with self._stubs(port=port):
diag = self.plugin.diagnose_port(self.context, 1, [])
diag = self.plugin.diagnose_port(self.context.elevated(), 1, [])
ports = diag["ports"]
# All none because we're using the unmanaged driver, which
# doesn't do anything with these
@@ -851,7 +851,7 @@ class TestPortDiagnose(test_quark_plugin.TestQuarkPlugin):
backend_key="foo", fixed_ips=fixed_ips,
network_plugin="UNMANAGED"))
with self._stubs(port=port, list_format=True):
diag = self.plugin.diagnose_port(self.context, '*', [])
diag = self.plugin.diagnose_port(self.context.elevated(), '*', [])
ports = diag["ports"]
# All none because we're using the unmanaged driver, which
# doesn't do anything with these
@@ -875,7 +875,8 @@ class TestPortDiagnose(test_quark_plugin.TestQuarkPlugin):
backend_key="foo", fixed_ips=fixed_ips,
network_plugin="UNMANAGED"))
with self._stubs(port=port, list_format=True):
diag = self.plugin.diagnose_port(self.context, '*', ["config"])
diag = self.plugin.diagnose_port(self.context.elevated(), '*',
["config"])
ports = diag["ports"]
# All none because we're using the unmanaged driver, which
# doesn't do anything with these
@@ -892,6 +893,11 @@ class TestPortDiagnose(test_quark_plugin.TestQuarkPlugin):
def test_port_diagnose_no_port_raises(self):
with self._stubs(port=None):
with self.assertRaises(exceptions.PortNotFound):
self.plugin.diagnose_port(self.context.elevated(), 1, [])
def test_port_diagnose_not_authorized(self):
with self._stubs(port=None):
with self.assertRaises(exceptions.NotAuthorized):
self.plugin.diagnose_port(self.context, 1, [])

14
quark/tests/plugin_modules/test_subnets.py
View File

@@ -1129,9 +1129,15 @@ class TestQuarkDiagnoseSubnets(test_quark_plugin.TestQuarkPlugin):
def test_diagnose_subnet_with_wildcard_id_no_existing_subnets(self):
with self._stubs(subnets=[], routes=[]):
expected = {'subnets': []}
actual = self.plugin.diagnose_subnet(self.context, "*", None)
actual = self.plugin.diagnose_subnet(self.context.elevated(), "*",
None)
self.assertEqual(expected, actual)
def test_diagnose_subnet_not_authorized(self):
with self._stubs(subnets=[], routes=[]):
with self.assertRaises(exceptions.NotAuthorized):
self.plugin.diagnose_subnet(self.context, "*", None)
def test_diagnose_subnet_with_wildcard_with_existing_subnets(self):
subnet_id = str(uuid.uuid4())
route = dict(id=1, cidr="0.0.0.0/0", gateway="192.168.0.1")
@@ -1143,7 +1149,8 @@ class TestQuarkDiagnoseSubnets(test_quark_plugin.TestQuarkPlugin):
enable_dhcp=None)
with self._stubs(subnets=[subnet], routes=[route]):
actual = self.plugin.diagnose_subnet(self.context, "*", None)
actual = self.plugin.diagnose_subnet(self.context.elevated(), "*",
None)
self.maxDiff = None
self.assertEqual(subnet["id"], actual["subnets"][0]["id"])
@@ -1158,7 +1165,8 @@ class TestQuarkDiagnoseSubnets(test_quark_plugin.TestQuarkPlugin):
enable_dhcp=None)
with self._stubs(subnets=subnet, routes=[route]):
actual = self.plugin.diagnose_subnet(self.context, subnet_id, None)
actual = self.plugin.diagnose_subnet(self.context.elevated(),
subnet_id, None)
self.assertEqual(subnet["id"], actual["subnets"]["id"])