Make project_id a formal target alias

This makes ImageTarget integrate the aliasing of project_id to owner,
avoiding the need to do it every time we use ImageTarget. This will
simplify subsequent patches.

Change-Id: Ia9998f638546ac36cd200f0c9002eadd18b71094
This commit is contained in:
Dan Smith 2021-05-03 11:59:17 -07:00
parent 0309814d93
commit b8926ab429
2 changed files with 11 additions and 7 deletions

View File

@ -186,13 +186,11 @@ class ImageRepoProxy(glance.domain.proxy.Repo):
def save(self, image, from_state=None): def save(self, image, from_state=None):
target = dict(image.target) target = dict(image.target)
target['project_id'] = target.get('owner', None)
self.policy.enforce(self.context, 'modify_image', target) self.policy.enforce(self.context, 'modify_image', target)
return super(ImageRepoProxy, self).save(image, from_state=from_state) return super(ImageRepoProxy, self).save(image, from_state=from_state)
def add(self, image): def add(self, image):
target = dict(image.target) target = dict(image.target)
target['project_id'] = target.get('owner', None)
self.policy.enforce(self.context, 'add_image', target) self.policy.enforce(self.context, 'add_image', target)
return super(ImageRepoProxy, self).add(image) return super(ImageRepoProxy, self).add(image)
@ -220,7 +218,6 @@ class ImageProxy(glance.domain.proxy.Image):
@visibility.setter @visibility.setter
def visibility(self, value): def visibility(self, value):
target = dict(self.target) target = dict(self.target)
target['project_id'] = target.get('owner', None)
_enforce_image_visibility(self.policy, self.context, value, target) _enforce_image_visibility(self.policy, self.context, value, target)
self.image.visibility = value self.image.visibility = value
@ -243,14 +240,12 @@ class ImageProxy(glance.domain.proxy.Image):
def delete(self): def delete(self):
target = dict(self.target) target = dict(self.target)
target['project_id'] = target.get('owner', None)
self.policy.enforce(self.context, 'delete_image', target) self.policy.enforce(self.context, 'delete_image', target)
return self.image.delete() return self.image.delete()
def deactivate(self): def deactivate(self):
LOG.debug('Attempting deactivate') LOG.debug('Attempting deactivate')
target = dict(ImageTarget(self.image)) target = dict(ImageTarget(self.image))
target['project_id'] = target.get('owner', None)
self.policy.enforce(self.context, 'deactivate', target=target) self.policy.enforce(self.context, 'deactivate', target=target)
LOG.debug('Deactivate allowed, continue') LOG.debug('Deactivate allowed, continue')
self.image.deactivate() self.image.deactivate()
@ -258,14 +253,12 @@ class ImageProxy(glance.domain.proxy.Image):
def reactivate(self): def reactivate(self):
LOG.debug('Attempting reactivate') LOG.debug('Attempting reactivate')
target = dict(ImageTarget(self.image)) target = dict(ImageTarget(self.image))
target['project_id'] = target.get('owner', None)
self.policy.enforce(self.context, 'reactivate', target=target) self.policy.enforce(self.context, 'reactivate', target=target)
LOG.debug('Reactivate allowed, continue') LOG.debug('Reactivate allowed, continue')
self.image.reactivate() self.image.reactivate()
def get_data(self, *args, **kwargs): def get_data(self, *args, **kwargs):
target = dict(ImageTarget(self.image)) target = dict(ImageTarget(self.image))
target['project_id'] = target.get('owner', None)
self.policy.enforce(self.context, 'download_image', target) self.policy.enforce(self.context, 'download_image', target)
return self.image.get_data(*args, **kwargs) return self.image.get_data(*args, **kwargs)
@ -551,10 +544,14 @@ class ImageTarget(abc.Mapping):
yield key yield key
for key in getattr(self.target, 'extra_properties', {}).keys(): for key in getattr(self.target, 'extra_properties', {}).keys():
yield key yield key
for alias in ['project_id']:
yield alias
def key_transforms(self, key): def key_transforms(self, key):
if key == 'id': if key == 'id':
key = 'image_id' key = 'image_id'
elif key == 'project_id':
key = 'owner'
return key return key

View File

@ -1105,3 +1105,10 @@ class TestImageTarget(base.IsolatedUnitTest):
image = ImageStub() image = ImageStub()
target = glance.api.policy.ImageTarget(image) target = glance.api.policy.ImageTarget(image)
self.assertNotIn('locations', list(target)) self.assertNotIn('locations', list(target))
def test_image_target_project_id_alias(self):
image = ImageStub()
target = glance.api.policy.ImageTarget(image)
self.assertIn('project_id', target)
self.assertEqual(image.owner, target['project_id'])
self.assertEqual(image.owner, target['owner'])