Adding policy checks for heat
Change-Id: Ia454eefbaaf0c6262bfcc2890dead4d074555404 Implements: blueprint heat-rbac
This commit is contained in:
parent
798782cb9c
commit
0e14eeae48
|
@ -32,6 +32,7 @@ class LaunchStack(tables.LinkAction):
|
|||
verbose_name = _("Launch Stack")
|
||||
url = "horizon:project:stacks:select_template"
|
||||
classes = ("btn-create", "ajax-modal")
|
||||
policy_rules = (("orchestration", "cloudformation:CreateStack"),)
|
||||
|
||||
|
||||
class DeleteStack(tables.BatchAction):
|
||||
|
@ -41,6 +42,7 @@ class DeleteStack(tables.BatchAction):
|
|||
data_type_singular = _("Stack")
|
||||
data_type_plural = _("Stacks")
|
||||
classes = ('btn-danger', 'btn-terminate')
|
||||
policy_rules = (("orchestration", "cloudformation:DeleteStack"),)
|
||||
|
||||
def action(self, request, stack_id):
|
||||
api.heat.stack_delete(request, stack_id)
|
||||
|
|
|
@ -19,6 +19,7 @@ from django.utils.translation import ugettext_lazy as _
|
|||
from horizon import messages
|
||||
from horizon import tabs
|
||||
from openstack_dashboard import api
|
||||
from openstack_dashboard import policy
|
||||
|
||||
from openstack_dashboard.dashboards.project.stacks \
|
||||
import api as project_api
|
||||
|
@ -35,6 +36,12 @@ class StackTopologyTab(tabs.Tab):
|
|||
template_name = "project/stacks/_detail_topology.html"
|
||||
preload = False
|
||||
|
||||
def allowed(self, request):
|
||||
return policy.check(
|
||||
(("orchestration", "cloudformation:DescribeStacks"),
|
||||
("orchestration", "cloudformation:ListStackResources"),),
|
||||
request)
|
||||
|
||||
def get_context_data(self, request):
|
||||
context = {}
|
||||
stack = self.tab_group.kwargs['stack']
|
||||
|
@ -48,6 +55,11 @@ class StackOverviewTab(tabs.Tab):
|
|||
slug = "overview"
|
||||
template_name = "project/stacks/_detail_overview.html"
|
||||
|
||||
def allowed(self, request):
|
||||
return policy.check(
|
||||
(("orchestration", "cloudformation:DescribeStacks"),),
|
||||
request)
|
||||
|
||||
def get_context_data(self, request):
|
||||
return {"stack": self.tab_group.kwargs['stack']}
|
||||
|
||||
|
@ -57,6 +69,11 @@ class ResourceOverviewTab(tabs.Tab):
|
|||
slug = "resource_overview"
|
||||
template_name = "project/stacks/_resource_overview.html"
|
||||
|
||||
def allowed(self, request):
|
||||
return policy.check(
|
||||
(("orchestration", "cloudformation:DescribeStackResource"),),
|
||||
request)
|
||||
|
||||
def get_context_data(self, request):
|
||||
return {
|
||||
"resource": self.tab_group.kwargs['resource'],
|
||||
|
@ -69,6 +86,11 @@ class StackEventsTab(tabs.Tab):
|
|||
template_name = "project/stacks/_detail_events.html"
|
||||
preload = False
|
||||
|
||||
def allowed(self, request):
|
||||
return policy.check(
|
||||
(("orchestration", "cloudformation:DescribeStackEvents"),),
|
||||
request)
|
||||
|
||||
def get_context_data(self, request):
|
||||
stack = self.tab_group.kwargs['stack']
|
||||
try:
|
||||
|
@ -89,6 +111,11 @@ class StackResourcesTab(tabs.Tab):
|
|||
template_name = "project/stacks/_detail_resources.html"
|
||||
preload = False
|
||||
|
||||
def allowed(self, request):
|
||||
return policy.check(
|
||||
(("orchestration", "cloudformation:ListStackResources"),),
|
||||
request)
|
||||
|
||||
def get_context_data(self, request):
|
||||
stack = self.tab_group.kwargs['stack']
|
||||
try:
|
||||
|
|
Loading…
Reference in New Issue