Fix getting alarms

The normal users can get all other projects alarms because no project_id filter when querying the db. Change-Id: I024ff3ec0e5c21f2f6cef9fa453cfb1497921947
2019-12-20 13:45:16 +13:00 · 2019-12-20 13:45:16 +13:00 · b76f377781
commit b76f377781
parent b18d0bae7c
2 changed files with 16 additions and 3 deletions
--- a/aodh/api/controllers/v2/alarms.py
+++ b/aodh/api/controllers/v2/alarms.py
@ -891,6 +891,7 @@ class AlarmsController(rest.RestController):
                q.append(
                    base.Query(field='project_id', op='eq', value=project_id)
                )
+                keys.add('project_id')
            else:
                request_project = v2_utils.get_query_value(q, 'project_id')
                if not is_admin and request_project != project_id:
--- a/aodh/tests/functional/api/v2/test_alarm_scenarios.py
+++ b/aodh/tests/functional/api/v2/test_alarm_scenarios.py
@ -149,8 +149,13 @@ class TestAlarmsBase(v2.FunctionalTest):
            self.assertEqual(json[key], getattr(alarm, storage_key))

    def _get_alarm(self, id, auth_headers=None):
-        data = self.get_json('/alarms',
-                             headers=auth_headers or self.auth_headers)
+        headers = auth_headers or self.auth_headers
+        url_path = "/alarms"
+        if headers.get('X-Roles') == 'admin':
+            url_path = '/alarms?q.field=all_projects&q.op=eq&q.value=true'
+
+        data = self.get_json(url_path, headers=headers)
+
        match = [a for a in data if a['alarm_id'] == id]
        self.assertEqual(1, len(match), 'alarm %s not found' % id)
        return match[0]
@ -283,6 +288,13 @@ class TestAlarms(TestAlarmsBase):
        self.assertIn(faultstring,
                      response.json['error_message']['faultstring'])

+    def test_list_alarms_other_project(self):
+        auth_headers = {'X-User-Id': uuidutils.generate_uuid(),
+                        'X-Project-Id': uuidutils.generate_uuid()}
+        data = self.get_json('/alarms', headers=auth_headers)
+
+        self.assertEqual(0, len(data))
+
    def test_get_not_existing_alarm(self):
        resp = self.get_json('/alarms/alarm-id-3',
                             headers=self.auth_headers,
@ -2049,7 +2061,7 @@ class TestAlarmsQuotas(TestAlarmsBase):

        self.auth_headers["X-roles"] = "admin"
        alarms = self.get_json('/alarms', headers=self.auth_headers)
-        self.assertEqual(2, len(alarms))
+        self.assertEqual(1, len(alarms))


 class TestAlarmsRuleThreshold(TestAlarmsBase):