diff options
author | Zuul <zuul@review.opendev.org> | 2021-06-01 19:12:05 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2021-06-01 19:12:05 +0000 |
commit | 2f139acded9309993b9819a7b65f0383ef0a54e2 (patch) | |
tree | 2519fc7b81cc6ca0ee76cda8dfd3c23477e50463 /ironic/tests/unit/api | |
parent | 26cf25d98a1495d0db4a236bfaa6a0dbac7b9e37 (diff) | |
parent | 6cd6457479803ecd1d9ec271a868a565fab244e8 (diff) | |
download | ironic-2f139acded9309993b9819a7b65f0383ef0a54e2.tar.gz |
Merge "Secure RBAC - Efficent node santiziation"
Diffstat (limited to 'ironic/tests/unit/api')
-rw-r--r-- | ironic/tests/unit/api/controllers/v1/test_node.py | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/ironic/tests/unit/api/controllers/v1/test_node.py b/ironic/tests/unit/api/controllers/v1/test_node.py index 4a94671a9..085623796 100644 --- a/ironic/tests/unit/api/controllers/v1/test_node.py +++ b/ironic/tests/unit/api/controllers/v1/test_node.py @@ -17,6 +17,7 @@ import datetime from http import client as http_client import json import os +import sys import tempfile from unittest import mock from urllib import parse as urlparse @@ -141,6 +142,40 @@ class TestListNodes(test_api_base.BaseApiTest): self.assertNotIn('lessee', data['nodes'][0]) self.assertNotIn('network_data', data['nodes'][0]) + @mock.patch.object(policy, 'check', autospec=True) + @mock.patch.object(policy, 'check_policy', autospec=True) + def test_one_field_specific_santization(self, mock_check_policy, + mock_check): + py_ver = sys.version_info + if py_ver.major == 3 and py_ver.minor == 6: + self.skipTest('Test fails to work on python 3.6 when ' + 'matching mock.ANY.') + obj_utils.create_test_node(self.context, + chassis_id=self.chassis.id, + last_error='meow') + mock_check_policy.return_value = False + data = self.get_json( + '/nodes?fields=uuid,provision_state,maintenance,instance_uuid,' + 'last_error', + headers={api_base.Version.string: str(api_v1.max_version())}) + self.assertIn('uuid', data['nodes'][0]) + self.assertIn('provision_state', data['nodes'][0]) + self.assertIn('maintenance', data['nodes'][0]) + self.assertIn('instance_uuid', data['nodes'][0]) + self.assertNotIn('driver_info', data['nodes'][0]) + mock_check_policy.assert_has_calls([ + mock.call('baremetal:node:get:filter_threshold', + mock.ANY, mock.ANY)]) + mock_check.assert_has_calls([ + mock.call('is_admin', mock.ANY, mock.ANY), + mock.call('show_password', mock.ANY, mock.ANY), + mock.call('show_instance_secrets', mock.ANY, mock.ANY), + # Last error is populated above and should trigger a check. + mock.call('baremetal:node:get:last_error', mock.ANY, mock.ANY), + mock.call().__bool__(), + mock.call().__bool__(), + ]) + def test_get_one(self): node = obj_utils.create_test_node(self.context, chassis_id=self.chassis.id) |