MAAS

Merge lp:~julian-edwards/maas/relax-cluster-interface-security into lp:~maas-committers/maas/trunk

relax-cluster-interface-security
Merge into trunk

Proposed by Julian Edwards on 2014-09-08

Status:

Merged

Approved by:

Julian Edwards on 2014-09-08

Approved revision:

no longer in the source branch.

Merged at revision:

2930

Proposed branch:

lp:~julian-edwards/maas/relax-cluster-interface-security

Merge into:

lp:~maas-committers/maas/trunk

Diff against target:

94 lines (+21/-12)

3 files modified

docs/maascli.rst (+12/-3)
src/maasserver/api/node_group_interfaces.py (+5/-3)
src/maasserver/api/tests/test_api.py (+4/-6)

To merge this branch:

bzr merge lp:~julian-edwards/maas/relax-cluster-interface-security

High

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Gavin Panella (community)		2014-09-08	Approve on 2014-09-08
Review via email: mp+233657@code.launchpad.net

Commit message

Relax constraints on read-only access to cluster interfaces so any user can see them. Previously it was admin/cluster-worker only. See linked bug for details on why.

Description of the change

Also added a drive-by API documentation change that I noticed was wrong.

Revision history for this message

Gavin Panella (allenap) on 2014-09-08:

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Andres Rodriguez

Blake Rouse

Brendan Donegan

Dave Walker

Deepa

Enrique Chirivella Pérez

Fumihito YOSHIDA

Julian Edwards

MAAS Committers

Mike Pontillo

james beedy

1	=== modified file 'docs/maascli.rst'
2	--- docs/maascli.rst 2014-08-28 04:57:12 +0000
3	+++ docs/maascli.rst 2014-09-08 02:35:30 +0000
4	@@ -494,11 +494,20 @@
5	default router address for this subnet.
6
7	ip_range_low=<value>
8	- The lowest value of IP address to allocate via DHCP
9	+ The lowest value of IP address to allocate via DHCP, used
10	+ only for enlistment, commissioning and unknown devices.
11
12	ip_range_high=<value>
13	- The highest value of IP address to allocate via DHCP
14	-
15	+ The highest value of IP address to allocate via DHCP, used
16	+ only for enlistment, commissioning and unknown devices.
17	+
18	+ static_ip_range_low=<value>
19	+ Lowest IP number of the range for IPs given to allocated
20	+ nodes and user requests for IPs.
21	+
22	+ static_ip_range_low=<value>
23	+ Highest IP number of the range for IPs given to allocated
24	+ nodes and user requests for IPs.
25
26	tag
27	^^^
28
29	=== modified file 'src/maasserver/api/node_group_interfaces.py'
30	--- src/maasserver/api/node_group_interfaces.py 2014-08-29 09:43:38 +0000
31	+++ src/maasserver/api/node_group_interfaces.py 2014-09-08 02:35:30 +0000
32	@@ -61,9 +61,8 @@
33	@operation(idempotent=True)
34	def list(self, request, uuid):
35	"""List of NodeGroupInterfaces of a NodeGroup."""
36	+ # Any user has read-only access to nodegroup interfaces.
37	nodegroup = get_object_or_404(NodeGroup, uuid=uuid)
38	- if not request.user.is_superuser:
39	- check_nodegroup_access(request, nodegroup)
40	return NodeGroupInterface.objects.filter(nodegroup=nodegroup)
41
42	@operation(idempotent=False)
43	@@ -141,7 +140,10 @@
44
45	def read(self, request, uuid, name):
46	"""List of NodeGroupInterfaces of a NodeGroup."""
47	- return self.get_interface(request, uuid, name)
48	+ # Read-only access is allowed to any user.
49	+ nodegroup = get_object_or_404(NodeGroup, uuid=uuid)
50	+ return get_object_or_404(
51	+ NodeGroupInterface, nodegroup=nodegroup, name=name)
52
53	def update(self, request, uuid, name):
54	"""Update a specific NodeGroupInterface.
55
56	=== modified file 'src/maasserver/api/tests/test_api.py'
57	--- src/maasserver/api/tests/test_api.py 2014-09-05 16:38:32 +0000
58	+++ src/maasserver/api/tests/test_api.py 2014-09-08 02:35:30 +0000
59	@@ -497,14 +497,13 @@
60	],
61	json.loads(response.content))
62
63	- def test_list_does_not_work_for_normal_user(self):
64	+ def test_list_works_for_normal_user(self):
65	nodegroup = NodeGroup.objects.ensure_master()
66	log_in_as_normal_user(self.client)
67	response = self.client.get(
68	reverse('nodegroupinterfaces_handler', args=[nodegroup.uuid]),
69	{'op': 'list'})
70	- self.assertEqual(
71	- httplib.FORBIDDEN, response.status_code, response.content)
72	+ self.assertEqual(httplib.OK, response.status_code, response.content)
73
74	def test_list_works_for_master_worker(self):
75	nodegroup = NodeGroup.objects.ensure_master()
76	@@ -577,7 +576,7 @@
77
78	class TestNodeGroupInterfaceAPIAccessPermissions(APITestCase):
79
80	- def test_read_does_not_work_for_normal_user(self):
81	+ def test_read_works_for_normal_user(self):
82	nodegroup = NodeGroup.objects.ensure_master()
83	interface = factory.make_NodeGroupInterface(
84	nodegroup, management=NODEGROUPINTERFACE_MANAGEMENT.DHCP)
85	@@ -586,8 +585,7 @@
86	reverse(
87	'nodegroupinterface_handler',
88	args=[nodegroup.uuid, interface.name]))
89	- self.assertEqual(
90	- httplib.FORBIDDEN, response.status_code, response.content)
91	+ self.assertEqual(httplib.OK, response.status_code, response.content)
92
93	def test_read_works_for_master_worker(self):
94	nodegroup = NodeGroup.objects.ensure_master()