Skip to content

Commit

Permalink
Require authz for service CRUD (bug 1006822)
Browse files Browse the repository at this point in the history
Change-Id: Ia90f0aa2b856b9a9874d4865fb92ee913e8125c5
  • Loading branch information
dolph committed Jun 3, 2012
1 parent 4bfa203 commit 1d146f5
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 0 deletions.
7 changes: 7 additions & 0 deletions keystone/catalog/core.py
Original file line number Diff line number Diff line change
Expand Up @@ -116,29 +116,36 @@ def get_catalog(self, user_id, tenant_id, metadata=None):
class ServiceController(wsgi.Application):
def __init__(self):
self.catalog_api = Manager()
self.identity_api = identity.Manager()
self.policy_api = policy.Manager()
self.token_api = token.Manager()
super(ServiceController, self).__init__()

# CRUD extensions
# NOTE(termie): this OS-KSADM stuff is not very consistent
def get_services(self, context):
self.assert_admin(context)
service_list = self.catalog_api.list_services(context)
service_refs = [self.catalog_api.get_service(context, x)
for x in service_list]
return {'OS-KSADM:services': service_refs}

def get_service(self, context, service_id):
self.assert_admin(context)
service_ref = self.catalog_api.get_service(context, service_id)
if not service_ref:
raise exception.ServiceNotFound(service_id=service_id)
return {'OS-KSADM:service': service_ref}

def delete_service(self, context, service_id):
self.assert_admin(context)
service_ref = self.catalog_api.get_service(context, service_id)
if not service_ref:
raise exception.ServiceNotFound(service_id=service_id)
self.catalog_api.delete_service(context, service_id)

def create_service(self, context, OS_KSADM_service):
self.assert_admin(context)
service_id = uuid.uuid4().hex
service_ref = OS_KSADM_service.copy()
service_ref['id'] = service_id
Expand Down
33 changes: 33 additions & 0 deletions tests/test_content_types.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

import httplib
import json
import uuid

from lxml import etree
import nose.exc
Expand Down Expand Up @@ -554,6 +555,38 @@ def assertValidMultipleChoiceResponse(self, r):
def assertValidVersionResponse(self, r):
self.assertValidVersion(r.body.get('version'))

def test_service_crud_requires_auth(self):
"""Service CRUD should 401 without an X-Auth-Token (bug 1006822)."""
# values here don't matter because we should 401 before they're checked
service_path = '/v2.0/OS-KSADM/services/%s' % uuid.uuid4().hex
service_body = {
'OS-KSADM:service': {
'name': uuid.uuid4().hex,
'type': uuid.uuid4().hex,
},
}

r = self.admin_request(method='GET',
path='/v2.0/OS-KSADM/services',
expected_status=401)
self.assertValidErrorResponse(r)

r = self.admin_request(method='POST',
path='/v2.0/OS-KSADM/services',
body=service_body,
expected_status=401)
self.assertValidErrorResponse(r)

r = self.admin_request(method='GET',
path=service_path,
expected_status=401)
self.assertValidErrorResponse(r)

r = self.admin_request(method='DELETE',
path=service_path,
expected_status=401)
self.assertValidErrorResponse(r)


class XmlTestCase(RestfulTestCase, CoreApiTests):
xmlns = 'http://docs.openstack.org/identity/api/v2.0'
Expand Down

0 comments on commit 1d146f5

Please sign in to comment.