Merge "Secure RBAC - Efficent node santiziation"

author: Zuul <zuul@review.opendev.org> 2021-06-01 19:12:05 +0000
committer: Gerrit Code Review <review@openstack.org> 2021-06-01 19:12:05 +0000
commit: 2f139acded9309993b9819a7b65f0383ef0a54e2 (patch)
tree: 2519fc7b81cc6ca0ee76cda8dfd3c23477e50463 /ironic/tests/unit/api
parent: 26cf25d98a1495d0db4a236bfaa6a0dbac7b9e37 (diff)
parent: 6cd6457479803ecd1d9ec271a868a565fab244e8 (diff)
download: ironic-2f139acded9309993b9819a7b65f0383ef0a54e2.tar.gz
1 files changed, 35 insertions, 0 deletions
diff --git a/ironic/tests/unit/api/controllers/v1/test_node.py b/ironic/tests/unit/api/controllers/v1/test_node.py
index 4a94671a9..085623796 100644
--- a/ironic/tests/unit/api/controllers/v1/test_node.py
+++ b/ironic/tests/unit/api/controllers/v1/test_node.py
@@ -17,6 +17,7 @@ import datetime
 from http import client as http_client
 import json
 import os
+import sys
 import tempfile
 from unittest import mock
 from urllib import parse as urlparse
@@ -141,6 +142,40 @@ class TestListNodes(test_api_base.BaseApiTest):
         self.assertNotIn('lessee', data['nodes'][0])
         self.assertNotIn('network_data', data['nodes'][0])
 
+    @mock.patch.object(policy, 'check', autospec=True)
+    @mock.patch.object(policy, 'check_policy', autospec=True)
+    def test_one_field_specific_santization(self, mock_check_policy,
+                                            mock_check):
+        py_ver = sys.version_info
+        if py_ver.major == 3 and py_ver.minor == 6:
+            self.skipTest('Test fails to work on python 3.6 when '
+                          'matching mock.ANY.')
+        obj_utils.create_test_node(self.context,
+                                   chassis_id=self.chassis.id,
+                                   last_error='meow')
+        mock_check_policy.return_value = False
+        data = self.get_json(
+            '/nodes?fields=uuid,provision_state,maintenance,instance_uuid,'
+            'last_error',
+            headers={api_base.Version.string: str(api_v1.max_version())})
+        self.assertIn('uuid', data['nodes'][0])
+        self.assertIn('provision_state', data['nodes'][0])
+        self.assertIn('maintenance', data['nodes'][0])
+        self.assertIn('instance_uuid', data['nodes'][0])
+        self.assertNotIn('driver_info', data['nodes'][0])
+        mock_check_policy.assert_has_calls([
+            mock.call('baremetal:node:get:filter_threshold',
+                      mock.ANY, mock.ANY)])
+        mock_check.assert_has_calls([
+            mock.call('is_admin', mock.ANY, mock.ANY),
+            mock.call('show_password', mock.ANY, mock.ANY),
+            mock.call('show_instance_secrets', mock.ANY, mock.ANY),
+            # Last error is populated above and should trigger a check.
+            mock.call('baremetal:node:get:last_error', mock.ANY, mock.ANY),
+            mock.call().__bool__(),
+            mock.call().__bool__(),
+        ])
+
     def test_get_one(self):
         node = obj_utils.create_test_node(self.context,
                                           chassis_id=self.chassis.id)
author	Zuul <zuul@review.opendev.org>	2021-06-01 19:12:05 +0000
committer	Gerrit Code Review <review@openstack.org>	2021-06-01 19:12:05 +0000
commit	2f139acded9309993b9819a7b65f0383ef0a54e2 (patch)
tree	2519fc7b81cc6ca0ee76cda8dfd3c23477e50463 /ironic/tests/unit/api
parent	26cf25d98a1495d0db4a236bfaa6a0dbac7b9e37 (diff)
parent	6cd6457479803ecd1d9ec271a868a565fab244e8 (diff)
download	ironic-2f139acded9309993b9819a7b65f0383ef0a54e2.tar.gz