cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sw...@apache.org
Subject [4/7] git commit: updated refs/heads/4.8 to 744f9d5
Date Fri, 27 May 2016 19:04:12 GMT
CLOUDSTACK-9376: Restrict listTemplates API with filter=all for root admin

Restricts use of listemplates API with templatefilter=all for root admin only.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0cb60a72
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0cb60a72
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0cb60a72

Branch: refs/heads/4.8
Commit: 0cb60a72fea2a216b5e3f6b0d769878b76a3eb03
Parents: 566e7d9
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Wed May 25 11:52:58 2016 +0530
Committer: Will Stevens <williamstevens@gmail.com>
Committed: Fri May 27 15:01:15 2016 -0400

----------------------------------------------------------------------
 .../com/cloud/api/query/QueryManagerImpl.java   |  4 +-
 test/integration/component/test_templates.py    | 76 ++++++++++++++++++++
 2 files changed, 78 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0cb60a72/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index 9492957..0e3f3f2 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -3054,9 +3054,9 @@ public class QueryManagerImpl extends ManagerBase implements QueryService,
Confi
 
         boolean listAll = false;
         if (templateFilter != null && templateFilter == TemplateFilter.all) {
-            if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
+            if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
                 throw new InvalidParameterValueException("Filter " + TemplateFilter.all
-                        + " can be specified by admin only");
+                        + " can be specified by root admin only");
             }
             listAll = true;
         }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0cb60a72/test/integration/component/test_templates.py
----------------------------------------------------------------------
diff --git a/test/integration/component/test_templates.py b/test/integration/component/test_templates.py
index b1e7e7c..c8384d9 100644
--- a/test/integration/component/test_templates.py
+++ b/test/integration/component/test_templates.py
@@ -22,6 +22,7 @@ from marvin.cloudstackTestCase import cloudstackTestCase, unittest
 from marvin.cloudstackAPI import listZones
 from marvin.lib.utils import (cleanup_resources)
 from marvin.lib.base import (Account,
+                             Domain,
                              Template,
                              ServiceOffering,
                              VirtualMachine,
@@ -51,6 +52,7 @@ class Services:
                 # username
                 "password": "password",
             },
+            "testdomain": {"name": "test"},
             "service_offering": {
                 "name": "Tiny Instance",
                 "displaytext": "Tiny Instance",
@@ -602,3 +604,77 @@ class TestTemplates(cloudstackTestCase):
             "Check the state of VM created from Template"
         )
         return
+
+
+class TestListTemplate(cloudstackTestCase):
+
+    def setUp(self):
+        self.apiclient = self.testClient.getApiClient()
+        self.hypervisor = self.testClient.getHypervisorInfo()
+        self.dbclient = self.testClient.getDbConnection()
+        self.cleanup = []
+
+        self.services = Services().services
+        # Get Zone, Domain and templates
+        self.domain = get_domain(self.apiclient)
+        self.account = Account.create(
+                            self.apiclient,
+                            self.services["account"],
+                            domainid=self.domain.id
+                            )
+        self.newdomain = Domain.create(
+                           self.apiclient,
+                           self.services["testdomain"],
+                           parentdomainid=self.domain.id
+                           )
+        self.newdomain_account = Account.create(
+                           self.apiclient,
+                           self.services["account"],
+                           admin=True,
+                           domainid=self.newdomain.id
+                           )
+        self.cleanup = [
+                        self.account,
+                        self.newdomain_account,
+                        self.newdomain,
+                        ]
+
+
+    def tearDown(self):
+        try:
+            # Clean up, terminate the created templates
+            cleanup_resources(self.apiclient, self.cleanup)
+        except Exception as e:
+            raise Exception("Warning: Exception during cleanup : %s" % e)
+
+
+    @attr(tags=["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"], required_hardware="false")
+    def test_01_list_templates_with_templatefilter_all_normal_user(self):
+        """
+            Test list templates with templatefilter=all is not permitted for normal user
+        """
+
+        user_api_client = self.testClient.getUserApiClient(
+                                    UserName=self.account.name,
+                                    DomainName=self.account.domain)
+        try:
+            list_template_response = Template.list(self.user_api_client, templatefilter='all')
+            self.fail("Regular User is able to use templatefilter='all' in listTemplates
API call")
+        except Exception as e:
+            self.debug("ListTemplates API with templatefilter='all' is not permitted for
normal user")
+
+
+    @attr(tags=["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"], required_hardware="false")
+    def test_02_list_templates_with_templatefilter_all_domain_admin(self):
+        """
+            Test list templates with templatefilter=all is not permitted for domain admin
+        """
+
+        domain_user_api_client = self.testClient.getUserApiClient(
+                                    UserName=self.newdomain_account.name,
+                                    DomainName=self.newdomain_account.domain)
+        try:
+            list_template_response = Template.list(self.domain_user_api_client, templatefilter='all')
+            self.fail("Domain admin is able to use templatefilter='all' in listTemplates
API call")
+        except Exception as e:
+            self.debug("ListTemplates API with templatefilter='all' is not permitted for
domain admin user")


Mime
View raw message