Fix 'project purge' deleting wrong project's servers and volumes
Project purge would delete the servers and volumes for the project the user is currently authenticated for, regardless of the --project flag. Note: This change means that no server at all will be deleted if the logged in user doesn't have the get_all_tenants permission set in the Nova policy (default: admin_api). This doesn't appear to be an issue with Cinder as the default rule appears to be admin_or_owner. Change-Id: If1c54e24e1482438b81c3c32fd5fc9fdd7a7be04 Story: 1747988 Task: 13854
This commit is contained in:
parent
53c99a21fd
commit
1b66ad9067
@ -85,7 +85,7 @@ class ProjectPurge(command.Command):
|
|||||||
# servers
|
# servers
|
||||||
try:
|
try:
|
||||||
compute_client = self.app.client_manager.compute
|
compute_client = self.app.client_manager.compute
|
||||||
search_opts = {'tenant_id': project_id}
|
search_opts = {'tenant_id': project_id, 'all_tenants': True}
|
||||||
data = compute_client.servers.list(search_opts=search_opts)
|
data = compute_client.servers.list(search_opts=search_opts)
|
||||||
self.delete_objects(
|
self.delete_objects(
|
||||||
compute_client.servers.delete, data, 'server', dry_run)
|
compute_client.servers.delete, data, 'server', dry_run)
|
||||||
@ -110,7 +110,7 @@ class ProjectPurge(command.Command):
|
|||||||
|
|
||||||
# volumes, snapshots, backups
|
# volumes, snapshots, backups
|
||||||
volume_client = self.app.client_manager.volume
|
volume_client = self.app.client_manager.volume
|
||||||
search_opts = {'project_id': project_id}
|
search_opts = {'project_id': project_id, 'all_tenants': True}
|
||||||
try:
|
try:
|
||||||
data = volume_client.volume_snapshots.list(search_opts=search_opts)
|
data = volume_client.volume_snapshots.list(search_opts=search_opts)
|
||||||
self.delete_objects(
|
self.delete_objects(
|
||||||
|
@ -117,10 +117,11 @@ class TestProjectPurge(TestProjectPurgeInit):
|
|||||||
self.projects_mock.get.assert_called_once_with(self.project.id)
|
self.projects_mock.get.assert_called_once_with(self.project.id)
|
||||||
self.projects_mock.delete.assert_called_once_with(self.project.id)
|
self.projects_mock.delete.assert_called_once_with(self.project.id)
|
||||||
self.servers_mock.list.assert_called_once_with(
|
self.servers_mock.list.assert_called_once_with(
|
||||||
search_opts={'tenant_id': self.project.id})
|
search_opts={'tenant_id': self.project.id, 'all_tenants': True})
|
||||||
kwargs = {'filters': {'owner': self.project.id}}
|
kwargs = {'filters': {'owner': self.project.id}}
|
||||||
self.images_mock.list.assert_called_once_with(**kwargs)
|
self.images_mock.list.assert_called_once_with(**kwargs)
|
||||||
volume_search_opts = {'project_id': self.project.id}
|
volume_search_opts = {'project_id': self.project.id,
|
||||||
|
'all_tenants': True}
|
||||||
self.volumes_mock.list.assert_called_once_with(
|
self.volumes_mock.list.assert_called_once_with(
|
||||||
search_opts=volume_search_opts)
|
search_opts=volume_search_opts)
|
||||||
self.snapshots_mock.list.assert_called_once_with(
|
self.snapshots_mock.list.assert_called_once_with(
|
||||||
@ -152,10 +153,11 @@ class TestProjectPurge(TestProjectPurgeInit):
|
|||||||
self.projects_mock.get.assert_called_once_with(self.project.id)
|
self.projects_mock.get.assert_called_once_with(self.project.id)
|
||||||
self.projects_mock.delete.assert_not_called()
|
self.projects_mock.delete.assert_not_called()
|
||||||
self.servers_mock.list.assert_called_once_with(
|
self.servers_mock.list.assert_called_once_with(
|
||||||
search_opts={'tenant_id': self.project.id})
|
search_opts={'tenant_id': self.project.id, 'all_tenants': True})
|
||||||
kwargs = {'filters': {'owner': self.project.id}}
|
kwargs = {'filters': {'owner': self.project.id}}
|
||||||
self.images_mock.list.assert_called_once_with(**kwargs)
|
self.images_mock.list.assert_called_once_with(**kwargs)
|
||||||
volume_search_opts = {'project_id': self.project.id}
|
volume_search_opts = {'project_id': self.project.id,
|
||||||
|
'all_tenants': True}
|
||||||
self.volumes_mock.list.assert_called_once_with(
|
self.volumes_mock.list.assert_called_once_with(
|
||||||
search_opts=volume_search_opts)
|
search_opts=volume_search_opts)
|
||||||
self.snapshots_mock.list.assert_called_once_with(
|
self.snapshots_mock.list.assert_called_once_with(
|
||||||
@ -187,10 +189,11 @@ class TestProjectPurge(TestProjectPurgeInit):
|
|||||||
self.projects_mock.get.assert_called_once_with(self.project.id)
|
self.projects_mock.get.assert_called_once_with(self.project.id)
|
||||||
self.projects_mock.delete.assert_not_called()
|
self.projects_mock.delete.assert_not_called()
|
||||||
self.servers_mock.list.assert_called_once_with(
|
self.servers_mock.list.assert_called_once_with(
|
||||||
search_opts={'tenant_id': self.project.id})
|
search_opts={'tenant_id': self.project.id, 'all_tenants': True})
|
||||||
kwargs = {'filters': {'owner': self.project.id}}
|
kwargs = {'filters': {'owner': self.project.id}}
|
||||||
self.images_mock.list.assert_called_once_with(**kwargs)
|
self.images_mock.list.assert_called_once_with(**kwargs)
|
||||||
volume_search_opts = {'project_id': self.project.id}
|
volume_search_opts = {'project_id': self.project.id,
|
||||||
|
'all_tenants': True}
|
||||||
self.volumes_mock.list.assert_called_once_with(
|
self.volumes_mock.list.assert_called_once_with(
|
||||||
search_opts=volume_search_opts)
|
search_opts=volume_search_opts)
|
||||||
self.snapshots_mock.list.assert_called_once_with(
|
self.snapshots_mock.list.assert_called_once_with(
|
||||||
@ -223,10 +226,11 @@ class TestProjectPurge(TestProjectPurgeInit):
|
|||||||
self.projects_mock.get.assert_not_called()
|
self.projects_mock.get.assert_not_called()
|
||||||
self.projects_mock.delete.assert_called_once_with(self.project.id)
|
self.projects_mock.delete.assert_called_once_with(self.project.id)
|
||||||
self.servers_mock.list.assert_called_once_with(
|
self.servers_mock.list.assert_called_once_with(
|
||||||
search_opts={'tenant_id': self.project.id})
|
search_opts={'tenant_id': self.project.id, 'all_tenants': True})
|
||||||
kwargs = {'filters': {'owner': self.project.id}}
|
kwargs = {'filters': {'owner': self.project.id}}
|
||||||
self.images_mock.list.assert_called_once_with(**kwargs)
|
self.images_mock.list.assert_called_once_with(**kwargs)
|
||||||
volume_search_opts = {'project_id': self.project.id}
|
volume_search_opts = {'project_id': self.project.id,
|
||||||
|
'all_tenants': True}
|
||||||
self.volumes_mock.list.assert_called_once_with(
|
self.volumes_mock.list.assert_called_once_with(
|
||||||
search_opts=volume_search_opts)
|
search_opts=volume_search_opts)
|
||||||
self.snapshots_mock.list.assert_called_once_with(
|
self.snapshots_mock.list.assert_called_once_with(
|
||||||
@ -259,10 +263,11 @@ class TestProjectPurge(TestProjectPurgeInit):
|
|||||||
self.projects_mock.get.assert_called_once_with(self.project.id)
|
self.projects_mock.get.assert_called_once_with(self.project.id)
|
||||||
self.projects_mock.delete.assert_called_once_with(self.project.id)
|
self.projects_mock.delete.assert_called_once_with(self.project.id)
|
||||||
self.servers_mock.list.assert_called_once_with(
|
self.servers_mock.list.assert_called_once_with(
|
||||||
search_opts={'tenant_id': self.project.id})
|
search_opts={'tenant_id': self.project.id, 'all_tenants': True})
|
||||||
kwargs = {'filters': {'owner': self.project.id}}
|
kwargs = {'filters': {'owner': self.project.id}}
|
||||||
self.images_mock.list.assert_called_once_with(**kwargs)
|
self.images_mock.list.assert_called_once_with(**kwargs)
|
||||||
volume_search_opts = {'project_id': self.project.id}
|
volume_search_opts = {'project_id': self.project.id,
|
||||||
|
'all_tenants': True}
|
||||||
self.volumes_mock.list.assert_called_once_with(
|
self.volumes_mock.list.assert_called_once_with(
|
||||||
search_opts=volume_search_opts)
|
search_opts=volume_search_opts)
|
||||||
self.snapshots_mock.list.assert_called_once_with(
|
self.snapshots_mock.list.assert_called_once_with(
|
||||||
@ -295,10 +300,11 @@ class TestProjectPurge(TestProjectPurgeInit):
|
|||||||
self.projects_mock.get.assert_called_once_with(self.project.id)
|
self.projects_mock.get.assert_called_once_with(self.project.id)
|
||||||
self.projects_mock.delete.assert_called_once_with(self.project.id)
|
self.projects_mock.delete.assert_called_once_with(self.project.id)
|
||||||
self.servers_mock.list.assert_called_once_with(
|
self.servers_mock.list.assert_called_once_with(
|
||||||
search_opts={'tenant_id': self.project.id})
|
search_opts={'tenant_id': self.project.id, 'all_tenants': True})
|
||||||
kwargs = {'filters': {'owner': self.project.id}}
|
kwargs = {'filters': {'owner': self.project.id}}
|
||||||
self.images_mock.list.assert_called_once_with(**kwargs)
|
self.images_mock.list.assert_called_once_with(**kwargs)
|
||||||
volume_search_opts = {'project_id': self.project.id}
|
volume_search_opts = {'project_id': self.project.id,
|
||||||
|
'all_tenants': True}
|
||||||
self.volumes_mock.list.assert_called_once_with(
|
self.volumes_mock.list.assert_called_once_with(
|
||||||
search_opts=volume_search_opts)
|
search_opts=volume_search_opts)
|
||||||
self.snapshots_mock.list.assert_called_once_with(
|
self.snapshots_mock.list.assert_called_once_with(
|
||||||
|
Loading…
Reference in New Issue
Block a user