diff options
| author | Jenkins <jenkins@review.openstack.org> | 2012-02-02 00:01:58 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2012-02-02 00:01:58 +0000 |
| commit | 11f26257407a68cd73ff4474ed10fb45b480836a (patch) | |
| tree | de02703e364e0cc3fd518b257767458270daf681 | |
| parent | 7e078d915c85236550d5a787f5406432a913c99e (diff) | |
| parent | 6e35b5785d12513dc0076145f4de5e1f98034250 (diff) | |
| download | nova-11f26257407a68cd73ff4474ed10fb45b480836a.tar.gz nova-11f26257407a68cd73ff4474ed10fb45b480836a.tar.xz nova-11f26257407a68cd73ff4474ed10fb45b480836a.zip | |
Merge "Add 'all_tenants' filter to GET /servers."
| -rw-r--r-- | nova/api/openstack/compute/servers.py | 11 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/test_servers.py | 44 |
2 files changed, 55 insertions, 0 deletions
diff --git a/nova/api/openstack/compute/servers.py b/nova/api/openstack/compute/servers.py index 925c6d42c..8f9ee01df 100644 --- a/nova/api/openstack/compute/servers.py +++ b/nova/api/openstack/compute/servers.py @@ -450,6 +450,17 @@ class Controller(wsgi.Controller): # No 'changes-since', so we only want non-deleted servers search_opts['deleted'] = False + # NOTE(dprince) This prevents computes' get_all() from returning + # instances from multiple tenants when an admin accounts is used. + # By default non-admin accounts are always limited to project/user + # both here and in the compute API. + if not context.is_admin or (context.is_admin and 'all_tenants' + not in search_opts): + if context.project_id: + search_opts['project_id'] = context.project_id + else: + search_opts['user_id'] = context.user_id + instance_list = self.compute_api.get_all(context, search_opts=search_opts) diff --git a/nova/tests/api/openstack/compute/test_servers.py b/nova/tests/api/openstack/compute/test_servers.py index 8d1deb6b5..c6438380e 100644 --- a/nova/tests/api/openstack/compute/test_servers.py +++ b/nova/tests/api/openstack/compute/test_servers.py @@ -803,6 +803,50 @@ class ServersControllerTest(test.TestCase): self.assertTrue('servers' in res) + def test_admin_restricted_tenant(self): + def fake_get_all(context, filters=None, instances=None): + self.assertNotEqual(filters, None) + self.assertEqual(filters['project_id'], 'fake') + return [fakes.stub_instance(100)] + + self.stubs.Set(nova.db, 'instance_get_all_by_filters', + fake_get_all) + + req = fakes.HTTPRequest.blank('/v2/fake/servers', + use_admin_context=True) + res = self.controller.index(req) + + self.assertTrue('servers' in res) + + def test_admin_all_tenants(self): + def fake_get_all(context, filters=None, instances=None): + self.assertNotEqual(filters, None) + self.assertTrue('project_id' not in filters) + return [fakes.stub_instance(100)] + + self.stubs.Set(nova.db, 'instance_get_all_by_filters', + fake_get_all) + + req = fakes.HTTPRequest.blank('/v2/fake/servers?all_tenants=1', + use_admin_context=True) + res = self.controller.index(req) + + self.assertTrue('servers' in res) + + def test_all_tenants(self): + def fake_get_all(context, filters=None, instances=None): + self.assertNotEqual(filters, None) + self.assertEqual(filters['project_id'], 'fake') + return [fakes.stub_instance(100)] + + self.stubs.Set(nova.db, 'instance_get_all_by_filters', + fake_get_all) + + req = fakes.HTTPRequest.blank('/v2/fake/servers?all_tenants=1') + res = self.controller.index(req) + + self.assertTrue('servers' in res) + def test_get_servers_allows_flavor(self): server_uuid = str(utils.gen_uuid()) |