[Kimchi-devel] [PATCH 1/5] authorization: Update authorization rules per API
Daniel H Barboza
danielhb at linux.vnet.ibm.com
Thu Jul 17 17:39:36 UTC 2014
Reviewed-by: Daniel Barboza <danielhb at linux.vnet.ibm.com>
Tested-by: Daniel Barboza <danielhb at linux.vnet.ibm.com>
On 07/16/2014 06:52 PM, alinefm at linux.vnet.ibm.com wrote:
> From: Aline Manera <alinefm at linux.vnet.ibm.com>
>
> Each API must specify which requests methods are exclusive for the admin
> role.
>
> Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
> ---
> src/kimchi/control/debugreports.py | 2 +-
> src/kimchi/control/host.py | 2 +-
> src/kimchi/control/interfaces.py | 2 +-
> src/kimchi/control/networks.py | 2 +-
> src/kimchi/control/storagepools.py | 2 +-
> src/kimchi/control/storageservers.py | 2 +-
> src/kimchi/control/templates.py | 2 +-
> tests/test_authorization.py | 8 ++++----
> 8 files changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/src/kimchi/control/debugreports.py b/src/kimchi/control/debugreports.py
> index 444cb07..d651eb1 100644
> --- a/src/kimchi/control/debugreports.py
> +++ b/src/kimchi/control/debugreports.py
> @@ -22,7 +22,7 @@
> from kimchi.control.utils import UrlSubNode
>
>
> - at UrlSubNode("debugreports", True, ['GET', 'PUT', 'POST'])
> + at UrlSubNode("debugreports", True, ['GET', 'PUT', 'POST', 'DELETE'])
> class DebugReports(AsyncCollection):
> def __init__(self, model):
> super(DebugReports, self).__init__(model)
> diff --git a/src/kimchi/control/host.py b/src/kimchi/control/host.py
> index ebf1bed..9158565 100644
> --- a/src/kimchi/control/host.py
> +++ b/src/kimchi/control/host.py
> @@ -25,7 +25,7 @@
> from kimchi.template import render
>
>
> - at UrlSubNode("host", True, ['POST'])
> + at UrlSubNode("host", True, ['GET', 'PUT', 'POST', 'DELETE'])
> class Host(Resource):
> def __init__(self, model, id=None):
> super(Host, self).__init__(model, id)
> diff --git a/src/kimchi/control/interfaces.py b/src/kimchi/control/interfaces.py
> index 3f353a9..6ae688d 100644
> --- a/src/kimchi/control/interfaces.py
> +++ b/src/kimchi/control/interfaces.py
> @@ -21,7 +21,7 @@
> from kimchi.control.utils import UrlSubNode
>
>
> - at UrlSubNode("interfaces")
> + at UrlSubNode("interfaces", True, ['GET'])
> class Interfaces(Collection):
> def __init__(self, model):
> super(Interfaces, self).__init__(model)
> diff --git a/src/kimchi/control/networks.py b/src/kimchi/control/networks.py
> index b905891..431a01f 100644
> --- a/src/kimchi/control/networks.py
> +++ b/src/kimchi/control/networks.py
> @@ -21,7 +21,7 @@
> from kimchi.control.utils import UrlSubNode
>
>
> - at UrlSubNode("networks", True, ['POST', 'DELETE'])
> + at UrlSubNode("networks", True, ['PUT', 'POST', 'DELETE'])
> class Networks(Collection):
> def __init__(self, model):
> super(Networks, self).__init__(model)
> diff --git a/src/kimchi/control/storagepools.py b/src/kimchi/control/storagepools.py
> index b75bca0..2adaa30 100644
> --- a/src/kimchi/control/storagepools.py
> +++ b/src/kimchi/control/storagepools.py
> @@ -28,7 +28,7 @@
> from kimchi.control.utils import UrlSubNode
>
>
> - at UrlSubNode("storagepools", True, ['POST', 'DELETE'])
> + at UrlSubNode("storagepools", True, ['PUT', 'POST', 'DELETE'])
> class StoragePools(Collection):
> def __init__(self, model):
> super(StoragePools, self).__init__(model)
> diff --git a/src/kimchi/control/storageservers.py b/src/kimchi/control/storageservers.py
> index 515120f..068f9ae 100644
> --- a/src/kimchi/control/storageservers.py
> +++ b/src/kimchi/control/storageservers.py
> @@ -22,7 +22,7 @@
> from kimchi.control.utils import get_class_name, model_fn, UrlSubNode
>
>
> - at UrlSubNode("storageservers", True)
> + at UrlSubNode("storageservers", True, ['GET'])
> class StorageServers(Collection):
> def __init__(self, model):
> super(StorageServers, self).__init__(model)
> diff --git a/src/kimchi/control/templates.py b/src/kimchi/control/templates.py
> index a535960..7a203a5 100644
> --- a/src/kimchi/control/templates.py
> +++ b/src/kimchi/control/templates.py
> @@ -21,7 +21,7 @@
> from kimchi.control.utils import UrlSubNode
>
>
> - at UrlSubNode("templates", True, ['PUT', 'DELETE'])
> + at UrlSubNode("templates", True, ['GET', 'PUT', 'POST', 'DELETE'])
> class Templates(Collection):
> def __init__(self, model):
> super(Templates, self).__init__(model)
> diff --git a/tests/test_authorization.py b/tests/test_authorization.py
> index 196625e..03f8a88 100644
> --- a/tests/test_authorization.py
> +++ b/tests/test_authorization.py
> @@ -61,11 +61,11 @@ def setUp(self):
> def test_nonroot_access(self):
> # Non-root users can access static host information
> resp = self.request('/host', '{}', 'GET')
> - self.assertEquals(200, resp.status)
> + self.assertEquals(403, resp.status)
>
> # Non-root users can access host stats
> resp = self.request('/host/stats', '{}', 'GET')
> - self.assertEquals(200, resp.status)
> + self.assertEquals(403, resp.status)
>
> # Non-root users can not reboot/shutdown host system
> resp = self.request('/host/reboot', '{}', 'POST')
> @@ -102,10 +102,10 @@ def test_nonroot_access(self):
> # Non-root users can not update or delete a template
> # but he can get and create a new one
> resp = self.request('/templates', '{}', 'GET')
> - self.assertEquals(200, resp.status)
> + self.assertEquals(403, resp.status)
> req = json.dumps({'name': 'test', 'cdrom': '/nonexistent.iso'})
> resp = self.request('/templates', req, 'POST')
> - self.assertEquals(201, resp.status)
> + self.assertEquals(403, resp.status)
> resp = self.request('/templates/test', '{}', 'PUT')
> self.assertEquals(403, resp.status)
> resp = self.request('/templates/test', '{}', 'DELETE')
More information about the Kimchi-devel
mailing list