Merge "Return volume_type extra specs based on policy"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
c8a7e93ebe
|
|
@ -21,11 +21,14 @@ from webob import exc
|
|||
from cinder.api.openstack import wsgi
|
||||
from cinder.api.v2.views import types as views_types
|
||||
from cinder.api import xmlutil
|
||||
from cinder import context as ctx
|
||||
from cinder import exception
|
||||
from cinder.i18n import _
|
||||
from cinder import utils
|
||||
from cinder.volume import volume_types
|
||||
|
||||
import cinder.policy
|
||||
|
||||
|
||||
def make_voltype(elem):
|
||||
elem.set('id')
|
||||
|
|
@ -57,6 +60,18 @@ class VolumeTypesController(wsgi.Controller):
|
|||
|
||||
_view_builder_class = views_types.ViewBuilder
|
||||
|
||||
def _validate_policy(self, context):
|
||||
target = {
|
||||
'project_id': context.project_id,
|
||||
'user_id': context.user_id,
|
||||
}
|
||||
try:
|
||||
action = 'volume_extension:access_types_extra_specs'
|
||||
cinder.policy.enforce(context, action, target)
|
||||
return True
|
||||
except Exception:
|
||||
return False
|
||||
|
||||
@wsgi.serializers(xml=VolumeTypesTemplate)
|
||||
def index(self, req):
|
||||
"""Returns the list of volume types."""
|
||||
|
|
@ -69,6 +84,9 @@ class VolumeTypesController(wsgi.Controller):
|
|||
"""Return a single volume type item."""
|
||||
context = req.environ['cinder.context']
|
||||
|
||||
if not context.is_admin and self._validate_policy(context):
|
||||
context = ctx.get_admin_context()
|
||||
|
||||
# get default volume type
|
||||
if id is not None and id == 'default':
|
||||
vol_type = volume_types.get_default_volume_type()
|
||||
|
|
@ -109,6 +127,8 @@ class VolumeTypesController(wsgi.Controller):
|
|||
"""Helper function that returns a list of type dicts."""
|
||||
filters = {}
|
||||
context = req.environ['cinder.context']
|
||||
if not context.is_admin and self._validate_policy(context):
|
||||
context = ctx.get_admin_context()
|
||||
if context.is_admin:
|
||||
# Only admin has query access to all volume types
|
||||
filters['is_public'] = self._parse_is_public(
|
||||
|
|
|
|||
|
|
@ -25,10 +25,10 @@ class ViewBuilder(common.ViewBuilder):
|
|||
trimmed = dict(id=volume_type.get('id'),
|
||||
name=volume_type.get('name'),
|
||||
is_public=volume_type.get('is_public'),
|
||||
extra_specs=volume_type.get('extra_specs'),
|
||||
description=volume_type.get('description'))
|
||||
if context.is_admin:
|
||||
trimmed['qos_specs_id'] = volume_type.get('qos_specs_id')
|
||||
trimmed['extra_specs'] = volume_type.get('extra_specs')
|
||||
return trimmed if brief else dict(volume_type=trimmed)
|
||||
|
||||
def index(self, request, volume_types):
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ class VolumeTypesApiTest(test.TestCase):
|
|||
self.stubs.Set(volume_types, 'get_all_types',
|
||||
return_volume_types_get_all_types)
|
||||
|
||||
req = fakes.HTTPRequest.blank('/v2/fake/types')
|
||||
req = fakes.HTTPRequest.blank('/v2/fake/types', use_admin_context=True)
|
||||
res_dict = self.controller.index(req)
|
||||
|
||||
self.assertEqual(3, len(res_dict['volume_types']))
|
||||
|
|
@ -171,7 +171,6 @@ class VolumeTypesApiTest(test.TestCase):
|
|||
name='new_type',
|
||||
description='new_type_desc',
|
||||
is_public=True,
|
||||
extra_specs={},
|
||||
id=42,
|
||||
)
|
||||
self.assertDictMatch(output['volume_type'], expected_volume_type)
|
||||
|
|
@ -237,7 +236,6 @@ class VolumeTypesApiTest(test.TestCase):
|
|||
name='new_type',
|
||||
description='new_type_desc',
|
||||
is_public=True,
|
||||
extra_specs={},
|
||||
id=42 + i
|
||||
)
|
||||
self.assertDictMatch(output['volume_types'][i],
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@
|
|||
|
||||
"volume_extension:types_manage": "rule:admin_api",
|
||||
"volume_extension:types_extra_specs": "rule:admin_api",
|
||||
"volume_extension:access_types_extra_specs": "rule:admin_api",
|
||||
"volume_extension:volume_type_access": "rule:admin_or_owner",
|
||||
"volume_extension:volume_type_access:addProjectAccess": "rule:admin_api",
|
||||
"volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api",
|
||||
|
|
|
|||
Loading…
Reference in New Issue