xapi-project / xen-api / 13432389523
79%
master: 80%

LAST BUILD BRANCH: private/stevenwo/CP-308811
DEFAULT BRANCH: master
Ran
Jobs 1
Files 38
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 78.516%. Remained the same
13432389523

push

github

web-flow 
CA-403744: Implement other_config operations for task (#6239)

Currently, users with read-only permissions can freely manipulate their
own tasks (create, cancel, destroy, etc.). However, they cannot easily
manipulate the `other_config` field. Some keys are specified in the
datamodel as being writeable by subjects with the VM operator role.

However, RBAC checking for keys was only ever implemented for the
individual "add" and "remove" operations, not the `set_other_config`
operation. This makes sense because the typical scenario is that the
required writer role for an "other_config" field is more privileged than
each of the individually-specified key-specific roles.

In the case of tasks, the desired role for the `set_other_config`
operation is the read-only role. However, we cannot simply demote the
required "writer role" for the `other_config` field, because:

1) We must maintain key-based RBAC checks for the operation. For
example, if a read-only user attempts to modify a task's `other_config`
using `set_other_config`, the operation must fail if they've attempted
   to modify the value mapped to by some key that they are not
   privileged to use.

2) Key-based RBAC checking is special cased to `add_to` and
   `remove_from`. You can attempt to ascribe key-related role
   restrictions to arbitrary messages but these will all fail at
runtime, when invoked - because `Rbac.check` is special cased to expect
   to be able to extract out the key name from a `key` argument it
   receives, which is emitted for `add_to` and `remove_from`.

3) There is an additional restriction that read-only users should not be
   able to modify arbitrary tasks, only their own.

Both of these points require a custom implementation. To this end, we
mark `other_config` as read-only (DynamicRO) and implement custom
handlers for the `add_to`, `remove_from`, and `set` operations. In doing
so, we implement a subset of the RBAC protection logic for keys.

This custom implementation ... (continued)

3512 of 4473 relevant lines covered (78.52%)

0.79 hits per line

Jobs
ID Job ID Ran Files Coverage
1 python3.11 - 13432389523.1 38
78.52
 GitHub Action Run
Source Files on build 13432389523