MAAS

Merge ~ack/maas:1812201-list-allocated-rbac-2.5 into maas:2.5

  1. Git
  2. lp:~ack/maas
  3. 1812201-list-allocated-rbac-2.5
  4. Merge into 2.5
Proposed by Alberto Donato
Status: Merged
Approved by: Alberto Donato
Approved revision: 9d68f984d7a090b4c84334929edd69fe9c75b05f
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~ack/maas:1812201-list-allocated-rbac-2.5
Merge into: maas:2.5
Diff against target: 111 lines (+42/-25)
4 files modified
src/maasserver/api/machines.py (+6/-4)
src/maasserver/api/tests/test_machines.py (+35/-0)
src/maasserver/models/node.py (+0/-21)
src/maasserver/models/tests/test_node.py (+1/-0)
Reviewer Review Type Date Requested Status
Alberto Donato (community) Approve
Review via email: mp+362244@code.launchpad.net

Commit message

Backport ca0d2aebb1c8bdf4fa02ff529b0561512a6b3c9a - LP: #1812201 - filter allocated machines based on pools with RBAC

To post a comment you must log in.
Revision history for this message
Alberto Donato (ack) :
review: Approve

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/src/maasserver/api/machines.py b/src/maasserver/api/machines.py
2index 0a0fbfc..2701784 100644
3--- a/src/maasserver/api/machines.py
4+++ b/src/maasserver/api/machines.py
5@@ -1934,10 +1934,12 @@ class MachinesHandler(NodesHandler, PowersMixin):
6 @success-example "success-json" [exkey=machines-placeholder]
7 placeholder text
8 """
9- token = get_oauth_token(request)
10- match_ids = get_optional_list(request.GET, 'id')
11- machines = Machine.objects.get_allocated_visible_machines(
12- token, match_ids)
13+ # limit to machines that the user can view
14+ machines = Machine.objects.get_nodes(request.user, NodePermission.view)
15+ machines = machines.filter(token=get_oauth_token(request))
16+ system_ids = get_optional_list(request.GET, 'id')
17+ if system_ids:
18+ machines = machines.filter(system_id__in=system_ids)
19 return machines.order_by('id')
20
21 @operation(idempotent=False)
22diff --git a/src/maasserver/api/tests/test_machines.py b/src/maasserver/api/tests/test_machines.py
23index 282c6bb..5eac395 100644
24--- a/src/maasserver/api/tests/test_machines.py
25+++ b/src/maasserver/api/tests/test_machines.py
26@@ -629,6 +629,41 @@ class TestMachinesAPI(APITestCase.ForUser):
27 self.assertItemsEqual(
28 required_machine_ids, extract_system_ids(parsed_result))
29
30+ def test_GET_list_allocated_with_rbac(self):
31+ self.patch(auth, 'validate_user_external_auth').return_value = True
32+ rbac = self.useFixture(RBACEnabled())
33+ self.become_non_local()
34+
35+ user = factory.make_User()
36+ pool = factory.make_ResourcePool()
37+ rbac.store.allow(user.username, pool, 'view')
38+
39+ pool = factory.make_ResourcePool()
40+ rbac.store.add_pool(pool)
41+ rbac.store.allow(self.user.username, pool, 'view')
42+
43+ token = get_auth_tokens(self.user)[0]
44+ factory.make_Node(
45+ hostname='viewable', owner=self.user, token=token, pool=pool,
46+ status=NODE_STATUS.ALLOCATED)
47+ # a machine with the same token but not accesssible to the user (not in
48+ # the allowed pool)
49+ factory.make_Node(
50+ hostname='not-accessible', owner=self.user, token=token,
51+ status=NODE_STATUS.ALLOCATED)
52+ # a machine owned by another user in the accessible pool
53+ factory.make_Node(
54+ hostname='other-user', owner=factory.make_User(),
55+ status=NODE_STATUS.ALLOCATED, pool=pool)
56+
57+ response = self.client.get(
58+ reverse('machines_handler'), {'op': 'list_allocated'})
59+ self.assertEqual(http.client.OK, response.status_code)
60+ parsed_result = json.loads(
61+ response.content.decode(settings.DEFAULT_CHARSET))
62+ hostnames = [machine['hostname'] for machine in parsed_result]
63+ self.assertEqual(['viewable'], hostnames)
64+
65 def test_POST_allocate_returns_available_machine(self):
66 # The "allocate" operation returns an available machine.
67 available_status = NODE_STATUS.READY
68diff --git a/src/maasserver/models/node.py b/src/maasserver/models/node.py
69index 8a6d260..e49c649 100644
70--- a/src/maasserver/models/node.py
71+++ b/src/maasserver/models/node.py
72@@ -604,27 +604,6 @@ class MachineManager(BaseNodeManager):
73
74 extra_filters = {'node_type': NODE_TYPE.MACHINE}
75
76- def get_allocated_visible_machines(self, token, ids):
77- """Fetch Machines that were allocated to the User_/oauth token.
78-
79- :param user: The user whose machines to fetch
80- :type user: User_
81- :param token: The OAuth token associated with the Machines.
82- :type token: piston3.models.Token.
83- :param ids: Optional set of IDs to filter by. If given, machines whose
84- system_ids are not in `ids` will be ignored.
85- :type param_ids: Sequence
86-
87- .. _User: https://
88- docs.djangoproject.com/en/dev/topics/auth/
89- #django.contrib.auth.models.User
90- """
91- if ids is None:
92- machines = self.filter(token=token)
93- else:
94- machines = self.filter(token=token, system_id__in=ids)
95- return machines
96-
97 def get_available_machines_for_acquisition(self, for_user):
98 """Find the machines that can be acquired by the given user.
99
100diff --git a/src/maasserver/models/tests/test_node.py b/src/maasserver/models/tests/test_node.py
101index c4ebd6e..361b6f8 100644
102--- a/src/maasserver/models/tests/test_node.py
103+++ b/src/maasserver/models/tests/test_node.py
104@@ -432,6 +432,7 @@ class TestNodeManager(MAASServerTestCase):
105
106
107 class TestMachineManager(MAASServerTestCase):
108+
109 def make_machine(self, user=None, **kwargs):
110 """Create a machine, allocated to `user` if given."""
111 if user is None:

Subscribers

People subscribed via source and target branches