diff options
| author | Jenkins <jenkins@review.openstack.org> | 2012-06-05 18:26:44 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2012-06-05 18:26:44 +0000 |
| commit | d68ef5864e535e939db5fa9349cd1be55aa8d315 (patch) | |
| tree | dbbc80168e8ef5a1fe6898995fc9a49272c27671 | |
| parent | 7fbb4d225f7d439f0ed04a26df7000618922f395 (diff) | |
| parent | 1d146f5c32e58a73a677d308370f147a3271c2cb (diff) | |
Merge "Require authz for service CRUD (bug 1006822)"
| -rw-r--r-- | keystone/catalog/core.py | 7 | ||||
| -rw-r--r-- | tests/test_content_types.py | 33 |
2 files changed, 40 insertions, 0 deletions
diff --git a/keystone/catalog/core.py b/keystone/catalog/core.py index 68bcae24..afff7cf8 100644 --- a/keystone/catalog/core.py +++ b/keystone/catalog/core.py @@ -116,29 +116,36 @@ class Driver(object): class ServiceController(wsgi.Application): def __init__(self): self.catalog_api = Manager() + self.identity_api = identity.Manager() + self.policy_api = policy.Manager() + self.token_api = token.Manager() super(ServiceController, self).__init__() # CRUD extensions # NOTE(termie): this OS-KSADM stuff is not very consistent def get_services(self, context): + self.assert_admin(context) service_list = self.catalog_api.list_services(context) service_refs = [self.catalog_api.get_service(context, x) for x in service_list] return {'OS-KSADM:services': service_refs} def get_service(self, context, service_id): + self.assert_admin(context) service_ref = self.catalog_api.get_service(context, service_id) if not service_ref: raise exception.ServiceNotFound(service_id=service_id) return {'OS-KSADM:service': service_ref} def delete_service(self, context, service_id): + self.assert_admin(context) service_ref = self.catalog_api.get_service(context, service_id) if not service_ref: raise exception.ServiceNotFound(service_id=service_id) self.catalog_api.delete_service(context, service_id) def create_service(self, context, OS_KSADM_service): + self.assert_admin(context) service_id = uuid.uuid4().hex service_ref = OS_KSADM_service.copy() service_ref['id'] = service_id diff --git a/tests/test_content_types.py b/tests/test_content_types.py index 639a03dc..df73dff6 100644 --- a/tests/test_content_types.py +++ b/tests/test_content_types.py @@ -16,6 +16,7 @@ import httplib import json +import uuid from lxml import etree import nose.exc @@ -554,6 +555,38 @@ class JsonTestCase(RestfulTestCase, CoreApiTests): def assertValidVersionResponse(self, r): self.assertValidVersion(r.body.get('version')) + def test_service_crud_requires_auth(self): + """Service CRUD should 401 without an X-Auth-Token (bug 1006822).""" + # values here don't matter because we should 401 before they're checked + service_path = '/v2.0/OS-KSADM/services/%s' % uuid.uuid4().hex + service_body = { + 'OS-KSADM:service': { + 'name': uuid.uuid4().hex, + 'type': uuid.uuid4().hex, + }, + } + + r = self.admin_request(method='GET', + path='/v2.0/OS-KSADM/services', + expected_status=401) + self.assertValidErrorResponse(r) + + r = self.admin_request(method='POST', + path='/v2.0/OS-KSADM/services', + body=service_body, + expected_status=401) + self.assertValidErrorResponse(r) + + r = self.admin_request(method='GET', + path=service_path, + expected_status=401) + self.assertValidErrorResponse(r) + + r = self.admin_request(method='DELETE', + path=service_path, + expected_status=401) + self.assertValidErrorResponse(r) + class XmlTestCase(RestfulTestCase, CoreApiTests): xmlns = 'http://docs.openstack.org/identity/api/v2.0' |