diff options
author | Divya <dikonoor@in.ibm.com> | 2015-04-21 08:26:29 +0200 |
---|---|---|
committer | Matt Riedemann <mriedem@us.ibm.com> | 2015-04-22 13:12:37 -0700 |
commit | 8c9b5e620eef3233677b64cd234ed2551e6aa182 (patch) | |
tree | be14f260034f8e5d82010de7692966563d73f4a2 | |
parent | 179706974a47f8e0baac9b0c389697ea3d680963 (diff) | |
download | nova-8c9b5e620eef3233677b64cd234ed2551e6aa182.tar.gz |
Control create/delete flavor api permissions using policy.json
The permissions of create/delete flavor api is currently broken
and expects the user to be always an admin, instead of controlling
the permissions by the rules defined in the nova policy.json.
Change-Id: Ide3c9ec2fa674b4fe3ea9d935cd4f7848914b82e
Closes-Bug: 1445335
(cherry picked from commit ced60b1d1b1608dc8229741b207a95498bc0b212)
-rw-r--r-- | nova/api/openstack/compute/contrib/flavormanage.py | 11 | ||||
-rw-r--r-- | nova/tests/unit/api/openstack/compute/contrib/test_flavor_manage.py | 4 |
2 files changed, 2 insertions, 13 deletions
diff --git a/nova/api/openstack/compute/contrib/flavormanage.py b/nova/api/openstack/compute/contrib/flavormanage.py index dc5b35c35d..4c3ee0be90 100644 --- a/nova/api/openstack/compute/contrib/flavormanage.py +++ b/nova/api/openstack/compute/contrib/flavormanage.py @@ -16,7 +16,6 @@ from nova.api.openstack.compute.views import flavors as flavors_view from nova.api.openstack import extensions from nova.api.openstack import wsgi from nova.compute import flavors -from nova import context as nova_context from nova import exception from nova.i18n import _ @@ -35,11 +34,6 @@ class FlavorManageController(wsgi.Controller): def _delete(self, req, id): context = req.environ['nova.context'] authorize(context) - - # NOTE(alex_xu): back-compatible with db layer hard-code admin - # permission checks. - nova_context.require_admin_context(context) - try: flavor = flavors.get_flavor_by_flavor_id( id, ctxt=context, read_deleted="no") @@ -54,11 +48,6 @@ class FlavorManageController(wsgi.Controller): def _create(self, req, body): context = req.environ['nova.context'] authorize(context) - - # NOTE(alex_xu): back-compatible with db layer hard-code admin - # permission checks. - nova_context.require_admin_context(context) - if not self.is_valid_body(body, 'flavor'): msg = _("Invalid request body") raise webob.exc.HTTPBadRequest(explanation=msg) diff --git a/nova/tests/unit/api/openstack/compute/contrib/test_flavor_manage.py b/nova/tests/unit/api/openstack/compute/contrib/test_flavor_manage.py index ad0d27959f..950cdae39f 100644 --- a/nova/tests/unit/api/openstack/compute/contrib/test_flavor_manage.py +++ b/nova/tests/unit/api/openstack/compute/contrib/test_flavor_manage.py @@ -442,7 +442,7 @@ class FlavorManageTestV2(FlavorManageTestV21): environ['nova.context']) def _get_http_request(self, url=''): - return fakes.HTTPRequest.blank(url, use_admin_context=True) + return fakes.HTTPRequest.blank(url, use_admin_context=False) class PrivateFlavorManageTestV2(PrivateFlavorManageTestV21): @@ -464,7 +464,7 @@ class PrivateFlavorManageTestV2(PrivateFlavorManageTestV21): environ['nova.context']) def _get_http_request(self, url=''): - return fakes.HTTPRequest.blank(url, use_admin_context=True) + return fakes.HTTPRequest.blank(url, use_admin_context=False) class FlavorManagerPolicyEnforcementV21(test.NoDBTestCase): |