Refernces from tenant to project were made in several
places, including DB, HTTP Headers, configuration items,
json in responses and devstack integration. Additionally,
a migration script using Alembic was included.
Implements: blueprint tenant-to-project-ref
Change-Id: I4b21182f555ccd412a4ca4e0ce753f07edcd07f8
Routing either V1 or V2 using a Facade. By default, V1 is enabled
but can be deactivated by a confflag.
Pecan controller for Lease created using WSME i/o validation
Implements blueprint: pecan-wsme
Change-Id: I9047abece78632daa13fdebfea9fb8aaa3c60981
In order to prepare API v2, we need to isolate API v1 code into a
separate module called climate.api.v1
Implements blueprint: pecan-wsme
Change-Id: I9e968370ba9ac8d21f5c099f1b09587d9f6b821e
is_admin should not be exlicitely accessed from code. Policies should be
used to check if it's set and context.elevated() to run something in
admin context.
Change-Id: I27754a378073844c3e24d94038a5d24f9a3c6dc3
Add utils to do basic actions with nova and keystone.
We decide to store in utils/openstack/%service_name.py service
specific clients in classes named like Climate%service_name%Client.
In this classes we define service client with specific variables.
Also, we redefine __getattr__ like this:
def __getattr__(self, name):
fn = getattr(self.%service_name, name)
return fn
Change-Id: I47e0d8689f1d8ca8aba0372eb5e7a4a80f2f9be5
Currently, DB queries don't filter on project_id, so any user can
request all DB entries.
The proposal here is to filter if the table does support tenant_id
in it and if the user is not admin (based on Nova/Cinder/Oslo)
In order to automatically provide the correct is_admin flag, now
when creating the context we check if policy defines the user as
admin.
Closes-Bug: #1256117
Change-Id: I85c404f5a3365c6a9c575af52f1a116f8350f426
- context data is stored in a dictionary now, so any key is allowed;
- list of allowed key for certain context is stored in special class
variable;
- methods "current" and "elevated" of ClimateContext class are
accessible from module level;
- moved to usage of threading.local instead of emulating one in code (as
long as we use eventlet's monkey-patching, it's specific local() will
be used).
Change-Id: I3c79c9cd0d16dfb5c61208f2aa71b5c59f3f40f3