Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / manila-tempest-plugin / a048bcd9363cc921e522739165f2c4a6d8c00f19^! / .
commita048bcd9363cc921e522739165f2c4a6d8c00f19[log] [tgz]
authorGoutham Pacha Ravi <gouthampravi@gmail.com>Thu Sep 15 09:36:32 2022 -0700
committerVasyl Saienko <vsaienko@mirantis.com>Thu Mar 30 13:27:18 2023 +0000
treec402000bbf84f5f282707f80fadf1ca0b4031b91
parentd3baafa0879df1198c73d750f09b8ff61523245b [diff]
Expect 404 for unauthorized share access

As a fix to bug #1901210, manila's API now responds with
a 404 if a user doesn't have access to a non-public share to
prevent an existence detection attack. Since manila tempest tests
can be used for older branches without the fix, we must accommodate
both error codes - 403 and 404 in our tests for a while.

Change-Id: I27fdd7dfffeb15965b66dbb3f6b1568c11ff9ad4
Partial-Bug: #1901210
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
(cherry picked from commit a90e3251d655ada1499c6f627a66036b8ee38a6f)
Closes-Issue: PRODX-30848
(cherry picked from commit e4109e6c530d6b3fd22ed6162ebdba0e270bc720)

diff --git a/manila_tempest_tests/tests/api/admin/test_admin_actions_negative.py b/manila_tempest_tests/tests/api/admin/test_admin_actions_negative.py
index 4e72e33..3bf86ee 100644
--- a/manila_tempest_tests/tests/api/admin/test_admin_actions_negative.py
+++ b/manila_tempest_tests/tests/api/admin/test_admin_actions_negative.py

@@ -82,8 +82,11 @@
     @decorators.idempotent_id('3b525c29-b657-493f-aa41-b17676a95fd2')
     @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
     def test_try_reset_share_state_with_member(self):
-        # Even if member from another tenant, it should be unauthorized
-        self.assertRaises(lib_exc.Forbidden,
+        # NOTE(gouthamr): The client used below is of a member from another
+        # project. As a fix to bug #1901210, the server responds with
+        # 404 instead of 403, but we'll test for one of the two codes since
+        # the test could be running against a release without the fix.
+        self.assertRaises((lib_exc.Forbidden, lib_exc.NotFound),
                           self.member_client.reset_state,
                           self.share["id"])
 

diff --git a/manila_tempest_tests/tests/api/test_shares_actions_negative.py b/manila_tempest_tests/tests/api/test_shares_actions_negative.py
index a600b8e..977d9a1 100644
--- a/manila_tempest_tests/tests/api/test_shares_actions_negative.py
+++ b/manila_tempest_tests/tests/api/test_shares_actions_negative.py

@@ -340,8 +340,11 @@
         share = self.create_share(share_type_id=self.share_type_id,
                                   cleanup_in_class=False)
 
-        # try soft delete the share
-        self.assertRaises(lib_exc.Forbidden,
+        # NOTE(gouthamr): The client used below is of a member from alt
+        # project. As a fix to bug #1901210, the server responds with
+        # 404 instead of 403, but we'll test for one of the two codes since
+        # the test could be running against a release without the fix.
+        self.assertRaises((lib_exc.Forbidden, lib_exc.NotFound),
                           self.alt_shares_v2_client.soft_delete_share,
                           share['id'])