From 88e43aa7c46545cf1afc547f716f98ae19a0d69d Mon Sep 17 00:00:00 2001 From: wanghao Date: Tue, 23 Jun 2015 16:38:29 +0800 Subject: [PATCH] Do not allow to modify access for public volume type Now public volume type can be added/removed project access, but when listing access, cinder returns 'Access list not available for public volume types.' It's weird for users experience. We should check if a type is public and do not allow public volume type to modify project access. APIImpact When modifying access for public volume type, API will return 400 and message: "Invalid volume type: Type access modification is not applicable to public volume type." Closes-Bug: #1467808 Change-Id: Id03eb3649ce02549c131c85697d8431c3f8c04dd --- cinder/tests/unit/test_volume_types.py | 22 ++++++++++++++++++++-- cinder/volume/volume_types.py | 14 ++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/cinder/tests/unit/test_volume_types.py b/cinder/tests/unit/test_volume_types.py index c5257a77f..f6f5b6276 100644 --- a/cinder/tests/unit/test_volume_types.py +++ b/cinder/tests/unit/test_volume_types.py @@ -247,7 +247,7 @@ class VolumeTypeTestCase(test.TestCase): def test_add_access(self): project_id = '456' - vtype = volume_types.create(self.ctxt, 'type1') + vtype = volume_types.create(self.ctxt, 'type1', is_public=False) vtype_id = vtype.get('id') volume_types.add_volume_type_access(self.ctxt, vtype_id, project_id) @@ -256,7 +256,8 @@ class VolumeTypeTestCase(test.TestCase): def test_remove_access(self): project_id = '456' - vtype = volume_types.create(self.ctxt, 'type1', projects=['456']) + vtype = volume_types.create(self.ctxt, 'type1', projects=['456'], + is_public=False) vtype_id = vtype.get('id') volume_types.remove_volume_type_access(self.ctxt, vtype_id, project_id) @@ -399,3 +400,20 @@ class VolumeTypeTestCase(test.TestCase): def test_get_volume_type_encryption_without_volume_type_id(self): ret = volume_types.get_volume_type_encryption(self.ctxt, None) self.assertIsNone(ret) + + def test_check_public_volume_type_failed(self): + project_id = '456' + volume_type = volume_types.create(self.ctxt, "type1") + volume_type_id = volume_type.get('id') + self.assertRaises(exception.InvalidVolumeType, + volume_types.add_volume_type_access, + self.ctxt, volume_type_id, project_id) + self.assertRaises(exception.InvalidVolumeType, + volume_types.remove_volume_type_access, + self.ctxt, volume_type_id, project_id) + + def test_check_private_volume_type(self): + volume_type = volume_types.create(self.ctxt, "type1", is_public=False) + volume_type_id = volume_type.get('id') + self.assertFalse(volume_types.is_public_volume_type(self.ctxt, + volume_type_id)) diff --git a/cinder/volume/volume_types.py b/cinder/volume/volume_types.py index b02ef946d..a8699a2f4 100644 --- a/cinder/volume/volume_types.py +++ b/cinder/volume/volume_types.py @@ -182,11 +182,21 @@ def get_volume_type_extra_specs(volume_type_id, key=False): return extra_specs +def is_public_volume_type(context, volume_type_id): + """Return is_public boolean value of volume type""" + volume_type = db.volume_type_get(context, volume_type_id) + return volume_type['is_public'] + + def add_volume_type_access(context, volume_type_id, project_id): """Add access to volume type for project_id.""" if volume_type_id is None: msg = _("volume_type_id cannot be None") raise exception.InvalidVolumeType(reason=msg) + if is_public_volume_type(context, volume_type_id): + msg = _("Type access modification is not applicable to public volume " + "type.") + raise exception.InvalidVolumeType(reason=msg) return db.volume_type_access_add(context, volume_type_id, project_id) @@ -195,6 +205,10 @@ def remove_volume_type_access(context, volume_type_id, project_id): if volume_type_id is None: msg = _("volume_type_id cannot be None") raise exception.InvalidVolumeType(reason=msg) + if is_public_volume_type(context, volume_type_id): + msg = _("Type access modification is not applicable to public volume " + "type.") + raise exception.InvalidVolumeType(reason=msg) return db.volume_type_access_remove(context, volume_type_id, project_id) -- 2.45.2