xapi-project / xen-api / 13432389523 / 1
79%
master: 80%

LAST BUILD BRANCH: v25.30.0
DEFAULT BRANCH: master
Ran
Files 38
Run time 1s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 78.516%. Remained the same
13432389523.1

push

github

web-flow 
CA-403744: Implement other_config operations for task (#6239)

Currently, users with read-only permissions can freely manipulate their
own tasks (create, cancel, destroy, etc.). However, they cannot easily
manipulate the `other_config` field. Some keys are specified in the
datamodel as being writeable by subjects with the VM operator role.

However, RBAC checking for keys was only ever implemented for the
individual "add" and "remove" operations, not the `set_other_config`
operation. This makes sense because the typical scenario is that the
required writer role for an "other_config" field is more privileged than
each of the individually-specified key-specific roles.

In the case of tasks, the desired role for the `set_other_config`
operation is the read-only role. However, we cannot simply demote the
required "writer role" for the `other_config` field, because:

1) We must maintain key-based RBAC checks for the operation. For
example, if a read-only user attempts to modify a task's `other_config`
using `set_other_config`, the operation must fail if they've attempted
   to modify the value mapped to by some key that they are not
   privileged to use.

2) Key-based RBAC checking is special cased to `add_to` and
   `remove_from`. You can attempt to ascribe key-related role
   restrictions to arbitrary messages but these will all fail at
runtime, when invoked - because `Rbac.check` is special cased to expect
   to be able to extract out the key name from a `key` argument it
   receives, which is emitted for `add_to` and `remove_from`.

3) There is an additional restriction that read-only users should not be
   able to modify arbitrary tasks, only their own.

Both of these points require a custom implementation. To this end, we
mark `other_config` as read-only (DynamicRO) and implement custom
handlers for the `add_to`, `remove_from`, and `set` operations. In doing
so, we implement a subset of the RBAC protection logic for keys.

This custom implementation ... (continued)

3512 of 4473 relevant lines covered (78.52%)

0.79 hits per line

Source Files on job python3.11 - 13432389523.1