Adding policy checks for heat

Change-Id: Ia454eefbaaf0c6262bfcc2890dead4d074555404 Implements: blueprint heat-rbac
2014-02-10 20:10:49 -08:00 · 2014-02-10 20:10:49 -08:00 · 0e14eeae48
parent 798782cb9c
commit 0e14eeae48
2 changed files with 29 additions and 0 deletions
--- a/openstack_dashboard/dashboards/project/stacks/tables.py
+++ b/openstack_dashboard/dashboards/project/stacks/tables.py
@ -32,6 +32,7 @@ class LaunchStack(tables.LinkAction):
    verbose_name = _("Launch Stack")
    url = "horizon:project:stacks:select_template"
    classes = ("btn-create", "ajax-modal")
+    policy_rules = (("orchestration", "cloudformation:CreateStack"),)


 class DeleteStack(tables.BatchAction):
@ -41,6 +42,7 @@ class DeleteStack(tables.BatchAction):
    data_type_singular = _("Stack")
    data_type_plural = _("Stacks")
    classes = ('btn-danger', 'btn-terminate')
+    policy_rules = (("orchestration", "cloudformation:DeleteStack"),)

    def action(self, request, stack_id):
        api.heat.stack_delete(request, stack_id)
--- a/openstack_dashboard/dashboards/project/stacks/tabs.py
+++ b/openstack_dashboard/dashboards/project/stacks/tabs.py
@ -19,6 +19,7 @@ from django.utils.translation import ugettext_lazy as _
 from horizon import messages
 from horizon import tabs
 from openstack_dashboard import api
+from openstack_dashboard import policy

 from openstack_dashboard.dashboards.project.stacks \
    import api as project_api
@ -35,6 +36,12 @@ class StackTopologyTab(tabs.Tab):
    template_name = "project/stacks/_detail_topology.html"
    preload = False

+    def allowed(self, request):
+        return policy.check(
+            (("orchestration", "cloudformation:DescribeStacks"),
+             ("orchestration", "cloudformation:ListStackResources"),),
+            request)
+
    def get_context_data(self, request):
        context = {}
        stack = self.tab_group.kwargs['stack']
@ -48,6 +55,11 @@ class StackOverviewTab(tabs.Tab):
    slug = "overview"
    template_name = "project/stacks/_detail_overview.html"

+    def allowed(self, request):
+        return policy.check(
+            (("orchestration", "cloudformation:DescribeStacks"),),
+            request)
+
    def get_context_data(self, request):
        return {"stack": self.tab_group.kwargs['stack']}

@ -57,6 +69,11 @@ class ResourceOverviewTab(tabs.Tab):
    slug = "resource_overview"
    template_name = "project/stacks/_resource_overview.html"

+    def allowed(self, request):
+        return policy.check(
+            (("orchestration", "cloudformation:DescribeStackResource"),),
+            request)
+
    def get_context_data(self, request):
        return {
            "resource": self.tab_group.kwargs['resource'],
@ -69,6 +86,11 @@ class StackEventsTab(tabs.Tab):
    template_name = "project/stacks/_detail_events.html"
    preload = False

+    def allowed(self, request):
+        return policy.check(
+            (("orchestration", "cloudformation:DescribeStackEvents"),),
+            request)
+
    def get_context_data(self, request):
        stack = self.tab_group.kwargs['stack']
        try:
@ -89,6 +111,11 @@ class StackResourcesTab(tabs.Tab):
    template_name = "project/stacks/_detail_resources.html"
    preload = False

+    def allowed(self, request):
+        return policy.check(
+            (("orchestration", "cloudformation:ListStackResources"),),
+            request)
+
    def get_context_data(self, request):
        stack = self.tab_group.kwargs['stack']
        try: