diff options
| author | Jenkins <jenkins@review.openstack.org> | 2012-01-29 04:06:20 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2012-01-29 04:06:20 +0000 |
| commit | 6a239cb7a2ea05a9382ed71469ca770afbb12212 (patch) | |
| tree | 336324bb46e752ee05d1e58b18358404a046f092 | |
| parent | 02b872625b94c3c63674d8c64b23f80215b04a15 (diff) | |
| parent | a043978419c600ee1e93baa0b83879e2c45c13f8 (diff) | |
| download | nova-6a239cb7a2ea05a9382ed71469ca770afbb12212.tar.gz nova-6a239cb7a2ea05a9382ed71469ca770afbb12212.tar.xz nova-6a239cb7a2ea05a9382ed71469ca770afbb12212.zip | |
Merge "Add authorization checks to flavormanage extension"
| -rw-r--r-- | etc/nova/policy.json | 1 | ||||
| -rw-r--r-- | nova/api/openstack/compute/contrib/flavormanage.py | 17 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/contrib/test_flavor_manage.py | 24 | ||||
| -rw-r--r-- | nova/tests/policy.json | 1 |
4 files changed, 11 insertions, 32 deletions
diff --git a/etc/nova/policy.json b/etc/nova/policy.json index 77a6302c2..a5bc4529d 100644 --- a/etc/nova/policy.json +++ b/etc/nova/policy.json @@ -22,6 +22,7 @@ "compute_extension:disk_config": [], "compute_extension:extended_status": [["rule:admin_api"]], "compute_extension:flavorextraspecs": [], + "compute_extension:flavormanage": [["rule:admin_api"]], "compute_extension:floating_ip_dns": [], "compute_extension:floating_ip_pools": [], "compute_extension:floating_ips": [], diff --git a/nova/api/openstack/compute/contrib/flavormanage.py b/nova/api/openstack/compute/contrib/flavormanage.py index 604f40766..d1dcee458 100644 --- a/nova/api/openstack/compute/contrib/flavormanage.py +++ b/nova/api/openstack/compute/contrib/flavormanage.py @@ -12,20 +12,19 @@ # License for the specific language governing permissions and limitations # under the License -import urlparse - import webob -from nova.api.openstack import extensions -from nova.api.openstack import wsgi from nova.api.openstack.compute import flavors as flavors_api from nova.api.openstack.compute.views import flavors as flavors_view +from nova.api.openstack import extensions +from nova.api.openstack import wsgi from nova.compute import instance_types -from nova import log as logging from nova import exception +from nova import log as logging LOG = logging.getLogger('nova.api.openstack.compute.contrib.flavormanage') +authorize = extensions.extension_authorizer('compute', 'flavormanage') class FlavorManageController(wsgi.Controller): @@ -40,9 +39,7 @@ class FlavorManageController(wsgi.Controller): @wsgi.action("delete") def _delete(self, req, id): context = req.environ['nova.context'] - - if not context.is_admin: - return webob.Response(status_int=403) + authorize(context) try: flavor = instance_types.get_instance_type_by_flavor_id(id) @@ -57,9 +54,7 @@ class FlavorManageController(wsgi.Controller): @wsgi.serializers(xml=flavors_api.FlavorTemplate) def _create(self, req, body): context = req.environ['nova.context'] - - if not context.is_admin: - return webob.Response(status_int=403) + authorize(context) vals = body['flavor'] name = vals['name'] diff --git a/nova/tests/api/openstack/compute/contrib/test_flavor_manage.py b/nova/tests/api/openstack/compute/contrib/test_flavor_manage.py index 1346e63d6..432632458 100644 --- a/nova/tests/api/openstack/compute/contrib/test_flavor_manage.py +++ b/nova/tests/api/openstack/compute/contrib/test_flavor_manage.py @@ -85,23 +85,14 @@ class FlavorManageTest(test.TestCase): super(FlavorManageTest, self).tearDown() def test_delete(self): - req = fakes.HTTPRequest.blank( - '/v2/123/flavor/delete/1234', - use_admin_context=True) - + req = fakes.HTTPRequest.blank('/v2/123/flavors/1234') res = self.controller._delete(req, id) self.assertEqual(res.status_int, 202) + # subsequent delete should fail self.assertRaises(webob.exc.HTTPNotFound, self.controller._delete, req, "failtest") - req = fakes.HTTPRequest.blank( - '/v2/123/flavor/delete/1234', - use_admin_context=False) - - res = self.controller._delete(req, id) - self.assertEqual(res.status_int, 403) - def test_create(self): body = { "flavor": { @@ -115,16 +106,7 @@ class FlavorManageTest(test.TestCase): } } - req = fakes.HTTPRequest.blank( - '/v2/123/flavor/create/', - use_admin_context=True) - + req = fakes.HTTPRequest.blank('/v2/123/flavors') res = self.controller._create(req, body) for key in body["flavor"]: self.assertEquals(res["flavor"][key], body["flavor"][key]) - - req = fakes.HTTPRequest.blank( - '/v2/123/flavor/create/', - use_admin_context=False) - res = self.controller._create(req, body) - self.assertEqual(res.status_int, 403) diff --git a/nova/tests/policy.json b/nova/tests/policy.json index 5c1fb71fe..2f40ff8b0 100644 --- a/nova/tests/policy.json +++ b/nova/tests/policy.json @@ -81,6 +81,7 @@ "compute_extension:disk_config": [], "compute_extension:extended_status": [], "compute_extension:flavorextraspecs": [], + "compute_extension:flavormanage": [], "compute_extension:floating_ip_dns": [], "compute_extension:floating_ip_pools": [], "compute_extension:floating_ips": [], |