Fix delete arq 403 failed and skip non-admin arq policy check
Normal user delete arq give 403 error. The error info[1]: Client-side error: Access was denied to the following resource: cyborg:arq:delete [1]. https://storage.gra1.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_fa3/670999/12/experimental/cyborg-tempest/fa3f4fa/controller/logs/screen-cyborg-api.txt.gz The reason to skip non-admin arq check because that we lack[2] some code about _get_resource[3][4][5]. We need to improve this and then open this check. [2]. https://github.com/openstack/cyborg/search?q=_get_resource&unscoped_q=_get_resource [3]. https://github.com/openstack/cyborg/blob/master/cyborg/common/policy.py#L235 [4].1c9b721b5c/mogan/common/policy.py (L305)
[5].1c9b721b5c/mogan/api/controllers/v1/servers.py (L59)
Co-Authored-By: chenke <chen.ke14@zte.com.cn> Change-Id: I45e4dae33e6c3806b8680abfe266cfeb8cb80f9f
This commit is contained in:
parent
dcbde784cd
commit
7e665ea2e3
@ -205,7 +205,7 @@ class ARQsController(base.CyborgController):
|
||||
LOG.info('[arqs:get_all] Returned: %s', ret)
|
||||
return ret
|
||||
|
||||
@policy.authorize_wsgi("cyborg:arq", "delete")
|
||||
@policy.authorize_wsgi("cyborg:arq", "delete", False)
|
||||
@expose.expose(None, wtypes.text, wtypes.text,
|
||||
status_code=http_client.NO_CONTENT)
|
||||
def delete(self, arqs=None, instance=None):
|
||||
|
@ -15,6 +15,7 @@
|
||||
|
||||
import mock
|
||||
from six.moves import http_client
|
||||
import unittest
|
||||
|
||||
from oslo_serialization import jsonutils
|
||||
|
||||
@ -112,6 +113,7 @@ class TestARQsController(v2_test.APITestV2):
|
||||
response = self.delete(url + args, headers=self.headers)
|
||||
self.assertEqual(http_client.NO_CONTENT, response.status_int)
|
||||
|
||||
@unittest.skip("Need more code to implement _get_resource in rbac")
|
||||
def test_delete_with_non_default(self):
|
||||
value = {"is_admin": False, "roles": "user", "is_admin_project": False}
|
||||
ct = self.gen_context(value)
|
||||
|
Loading…
x
Reference in New Issue
Block a user