openstack/horizon
Code Issues Proposed changes

Merge "adding policy check for neutron"

Browse Source
This commit is contained in:
Jenkins 2014-05-29 19:51:27 +00:00 committed by Gerrit Code Review
commit bf4950ccc0
18 changed files with 460 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

172
openstack_dashboard/conf/neutron_policy.json Normal file
View File

@ -0,0 +1,172 @@
{
"context_is_admin": "role:admin",
"admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s",
"admin_or_network_owner": "rule:context_is_admin or project_id:%(network:project_id)s",
"admin_only": "rule:context_is_admin",
"regular_user": "",
"shared": "field:networks:shared=True",
"shared_firewalls": "field:firewalls:shared=True",
"external": "field:networks:router:external=True",
"default": "rule:admin_or_owner",
"subnets:private:read": "rule:admin_or_owner",
"subnets:private:write": "rule:admin_or_owner",
"subnets:shared:read": "rule:regular_user",
"subnets:shared:write": "rule:admin_only",
"create_subnet": "rule:admin_or_network_owner",
"get_subnet": "rule:admin_or_owner or rule:shared",
"update_subnet": "rule:admin_or_network_owner",
"delete_subnet": "rule:admin_or_network_owner",
"create_network": "",
"get_network": "rule:admin_or_owner or rule:shared or rule:external",
"get_network:router:external": "rule:regular_user",
"get_network:segments": "rule:admin_only",
"get_network:provider:network_type": "rule:admin_only",
"get_network:provider:physical_network": "rule:admin_only",
"get_network:provider:segmentation_id": "rule:admin_only",
"get_network:queue_id": "rule:admin_only",
"create_network:shared": "rule:admin_only",
"create_network:router:external": "rule:admin_only",
"create_network:segments": "rule:admin_only",
"create_network:provider:network_type": "rule:admin_only",
"create_network:provider:physical_network": "rule:admin_only",
"create_network:provider:segmentation_id": "rule:admin_only",
"update_network": "rule:admin_or_owner",
"update_network:segments": "rule:admin_only",
"update_network:provider:network_type": "rule:admin_only",
"update_network:provider:physical_network": "rule:admin_only",
"update_network:provider:segmentation_id": "rule:admin_only",
"delete_network": "rule:admin_or_owner",
"create_port": "",
"create_port:mac_address": "rule:admin_or_network_owner",
"create_port:fixed_ips": "rule:admin_or_network_owner",
"create_port:port_security_enabled": "rule:admin_or_network_owner",
"create_port:binding:host_id": "rule:admin_only",
"create_port:binding:profile": "rule:admin_only",
"create_port:mac_learning_enabled": "rule:admin_or_network_owner",
"get_port": "rule:admin_or_owner",
"get_port:queue_id": "rule:admin_only",
"get_port:binding:vif_type": "rule:admin_only",
"get_port:binding:capabilities": "rule:admin_only",
"get_port:binding:host_id": "rule:admin_only",
"get_port:binding:profile": "rule:admin_only",
"update_port": "rule:admin_or_owner",
"update_port:fixed_ips": "rule:admin_or_network_owner",
"update_port:port_security_enabled": "rule:admin_or_network_owner",
"update_port:binding:host_id": "rule:admin_only",
"update_port:binding:profile": "rule:admin_only",
"update_port:mac_learning_enabled": "rule:admin_or_network_owner",
"delete_port": "rule:admin_or_owner",
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
"create_ikepolicy": "rule:admin_or_owner",
"update_ikepolicy": "rule:admin_or_owner",
"delete_ikepolicy": "rule:admin_or_owner",
"create_ipsecpolicy": "rule:admin_or_owner",
"update_ipsecpolicy": "rule:admin_or_owner",
"delete_ipsecpolicy": "rule:admin_or_owner",
"create_vpnservice": "rule:admin_or_owner",
"update_vpnservice": "rule:admin_or_owner",
"delete_vpnservice": "rule:admin_or_owner",
"create_ipsec_site_connection": "rule:admin_or_owner",
"update_ipsec_site_connection": "rule:admin_or_owner",
"delete_ipsec_site_connection": "rule:admin_or_owner",
"create_firewall": "",
"get_firewall": "rule:admin_or_owner",
"create_firewall:shared": "rule:admin_only",
"get_firewall:shared": "rule:admin_only",
"update_firewall": "rule:admin_or_owner",
"delete_firewall": "rule:admin_or_owner",
"create_firewall_policy": "",
"get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls",
"create_firewall_policy:shared": "rule:admin_or_owner",
"update_firewall_policy": "rule:admin_or_owner",
"delete_firewall_policy": "rule:admin_or_owner",
"create_firewall_rule": "",
"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
"create_firewall_rule:shared": "rule:admin_or_owner",
"get_firewall_rule:shared": "rule:admin_or_owner",
"update_firewall_rule": "rule:admin_or_owner",
"delete_firewall_rule": "rule:admin_or_owner",
"insert_rule": "rule:admin_or_owner",
"remove_rule": "rule:admin_or_owner",
"create_qos_queue": "rule:admin_only",
"get_qos_queue": "rule:admin_only",
"update_agent": "rule:admin_only",
"delete_agent": "rule:admin_only",
"get_agent": "rule:admin_only",
"create_dhcp-network": "rule:admin_only",
"delete_dhcp-network": "rule:admin_only",
"get_dhcp-networks": "rule:admin_only",
"create_l3-router": "rule:admin_only",
"delete_l3-router": "rule:admin_only",
"get_l3-routers": "rule:admin_only",
"get_dhcp-agents": "rule:admin_only",
"get_l3-agents": "rule:admin_only",
"get_loadbalancer-agent": "rule:admin_only",
"get_loadbalancer-pools": "rule:admin_only",
"create_pool": "rule:admin_or_owner",
"update_pool": "rule:admin_or_owner",
"delete_pool": "rule:admin_or_owner",
"create_vip": "rule:admin_or_owner",
"update_vip": "rule:admin_or_owner",
"delete_vip": "rule:admin_or_owner",
"create_member": "rule:admin_or_owner",
"update_member": "rule:admin_or_owner",
"delete_member": "rule:admin_or_owner",
"create_health_monitor": "rule:admin_or_owner",
"update_health_monitor": "rule:admin_or_owner",
"delete_health_monitor": "rule:admin_or_owner",
"create_pool_health_monitor": "rule:admin_or_owner",
"delete_pool_health_monitor": "rule:admin_or_owner",
"create_router": "rule:regular_user",
"get_router": "rule:admin_or_owner",
"update_router": "rule:admin_or_owner",
"add_router_interface": "rule:admin_or_owner",
"remove_router_interface": "rule:admin_or_owner",
"delete_router": "rule:admin_or_owner",
"create_floatingip": "rule:regular_user",
"update_floatingip": "rule:admin_or_owner",
"delete_floatingip": "rule:admin_or_owner",
"get_floatingip": "rule:admin_or_owner",
"create_network_profile": "rule:admin_only",
"update_network_profile": "rule:admin_only",
"delete_network_profile": "rule:admin_only",
"get_network_profiles": "",
"get_network_profile": "",
"update_policy_profiles": "rule:admin_only",
"get_policy_profiles": "",
"get_policy_profile": "",
"create_metering_label": "rule:admin_only",
"delete_metering_label": "rule:admin_only",
"get_metering_label": "rule:admin_only",
"create_metering_label_rule": "rule:admin_only",
"delete_metering_label_rule": "rule:admin_only",
"get_metering_label_rule": "rule:admin_only",
"get_service_provider": "rule:regular_user"
}

15
openstack_dashboard/dashboards/admin/networks/ports/tables.py
View File

@ -31,6 +31,13 @@ LOG = logging.getLogger(__name__)
class DeletePort(tables.DeleteAction):
data_type_singular = _("Port")
data_type_plural = _("Ports")
policy_rules = (("network", "delete_port"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, obj_id):
try:
@ -49,6 +56,7 @@ class CreatePort(tables.LinkAction):
verbose_name = _("Create Port")
url = "horizon:admin:networks:addport"
classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_port"),)
def get_link_url(self, datum=None):
network_id = self.table.kwargs['network_id']
@ -60,6 +68,13 @@ class UpdatePort(tables.LinkAction):
verbose_name = _("Edit Port")
url = "horizon:admin:networks:editport"
classes = ("ajax-modal", "btn-edit")
policy_rules = (("network", "update_port"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, port):
network_id = self.table.kwargs['network_id']

35
openstack_dashboard/dashboards/admin/networks/subnets/tables.py
View File

@ -19,6 +19,7 @@ from django.utils.translation import ugettext_lazy as _
from horizon import exceptions
from horizon import tables
from horizon.utils import memoized
from openstack_dashboard import api
@ -29,6 +30,13 @@ LOG = logging.getLogger(__name__)
class DeleteSubnet(tables.DeleteAction):
data_type_singular = _("Subnet")
data_type_plural = _("Subnets")
policy_rules = (("network", "delete_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"network:project_id": project_id}
def delete(self, request, obj_id):
try:
@ -47,6 +55,14 @@ class CreateSubnet(tables.LinkAction):
verbose_name = _("Create Subnet")
url = "horizon:admin:networks:addsubnet"
classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
network = self.table._get_network()
if network:
project_id = getattr(network, 'tenant_id', None)
return {"network:project_id": project_id}
def get_link_url(self, datum=None):
network_id = self.table.kwargs['network_id']
@ -58,6 +74,13 @@ class UpdateSubnet(tables.LinkAction):
verbose_name = _("Edit Subnet")
url = "horizon:admin:networks:editsubnet"
classes = ("ajax-modal", "btn-edit")
policy_rules = (("network", "update_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"network:project_id": project_id}
def get_link_url(self, subnet):
network_id = self.table.kwargs['network_id']
@ -74,6 +97,18 @@ class SubnetsTable(tables.DataTable):
def get_object_display(self, subnet):
return subnet.id
@memoized.memoized_method
def _get_network(self):
try:
network_id = self.kwargs['network_id']
network = api.neutron.network_get(self.request, network_id)
network.set_id_as_name_if_empty(length=0)
except Exception:
msg = _('Unable to retrieve details for network "%s".') \
% (network_id)
exceptions.handle(self.request, msg, redirect=self.failure_url)
return network
class Meta:
name = "subnets"
verbose_name = _("Subnets")

15
openstack_dashboard/dashboards/admin/networks/tables.py
View File

@ -32,6 +32,13 @@ LOG = logging.getLogger(__name__)
class DeleteNetwork(tables.DeleteAction):
data_type_singular = _("Network")
data_type_plural = _("Networks")
policy_rules = (("network", "delete_network"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, obj_id):
try:
@ -48,6 +55,7 @@ class CreateNetwork(tables.LinkAction):
verbose_name = _("Create Network")
url = "horizon:admin:networks:create"
classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_network"),)
class EditNetwork(tables.LinkAction):
@ -55,6 +63,13 @@ class EditNetwork(tables.LinkAction):
verbose_name = _("Edit Network")
url = "horizon:admin:networks:update"
classes = ("ajax-modal", "btn-edit")
policy_rules = (("network", "update_network"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
#def _get_subnets(network):

7
openstack_dashboard/dashboards/admin/routers/tables.py
View File

@ -22,6 +22,13 @@ from openstack_dashboard.dashboards.project.routers import tables as r_tables
class DeleteRouter(r_tables.DeleteRouter):
redirect_url = "horizon:admin:routers:index"
policy_rules = (("network", "delete_router"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, obj_id):
search_opts = {'device_owner': 'network:router_interface',

61
openstack_dashboard/dashboards/project/firewalls/tables.py
View File

@ -26,6 +26,7 @@ class AddRuleLink(tables.LinkAction):
verbose_name = _("Add Rule")
url = "horizon:project:firewalls:addrule"
classes = ("ajax-modal", "btn-create",)
policy_rules = (("network", "create_firewall_rule"),)
class AddPolicyLink(tables.LinkAction):
@ -33,6 +34,7 @@ class AddPolicyLink(tables.LinkAction):
verbose_name = _("Add Policy")
url = "horizon:project:firewalls:addpolicy"
classes = ("ajax-modal", "btn-addpolicy",)
policy_rules = (("network", "create_firewall_policy"),)
class AddFirewallLink(tables.LinkAction):
@ -40,6 +42,7 @@ class AddFirewallLink(tables.LinkAction):
verbose_name = _("Create Firewall")
url = "horizon:project:firewalls:addfirewall"
classes = ("ajax-modal", "btn-addfirewall",)
policy_rules = (("network", "create_firewall"),)
class DeleteRuleLink(tables.DeleteAction):
@ -48,6 +51,13 @@ class DeleteRuleLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("Rule")
data_type_plural = _("Rules")
policy_rules = (("network", "delete_firewall_rule"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
class DeletePolicyLink(tables.DeleteAction):
@ -56,6 +66,13 @@ class DeletePolicyLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("Policy")
data_type_plural = _("Policies")
policy_rules = (("network", "delete_firewall_policy"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
class DeleteFirewallLink(tables.DeleteAction):
@ -64,12 +81,26 @@ class DeleteFirewallLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("Firewall")
data_type_plural = _("Firewalls")
policy_rules = (("network", "delete_firewall"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
class UpdateRuleLink(tables.LinkAction):
name = "updaterule"
verbose_name = _("Edit Rule")
classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_firewall_rule"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, rule):
base_url = reverse("horizon:project:firewalls:updaterule",
@ -81,6 +112,13 @@ class UpdatePolicyLink(tables.LinkAction):
name = "updatepolicy"
verbose_name = _("Edit Policy")
classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_firewall_policy"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, policy):
base_url = reverse("horizon:project:firewalls:updatepolicy",
@ -92,6 +130,13 @@ class UpdateFirewallLink(tables.LinkAction):
name = "updatefirewall"
verbose_name = _("Edit Firewall")
classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_firewall"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, firewall):
base_url = reverse("horizon:project:firewalls:updatefirewall",
@ -103,6 +148,14 @@ class InsertRuleToPolicyLink(tables.LinkAction):
name = "insertrule"
verbose_name = _("Insert Rule")
classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "get_firewall_policy"),
("network", "insert_rule"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, policy):
base_url = reverse("horizon:project:firewalls:insertrule",
@ -114,6 +167,14 @@ class RemoveRuleFromPolicyLink(tables.LinkAction):
name = "removerule"
verbose_name = _("Remove Rule")
classes = ("ajax-modal", "btn-danger",)
policy_rules = (("network", "get_firewall_policy"),
("network", "remove_rule"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, policy):
base_url = reverse("horizon:project:firewalls:removerule",

14
openstack_dashboard/dashboards/project/loadbalancers/tables.py
View File

@ -29,12 +29,14 @@ class AddPoolLink(tables.LinkAction):
verbose_name = _("Add Pool")
url = "horizon:project:loadbalancers:addpool"
classes = ("ajax-modal", "btn-create",)
policy_rules = (("network", "create_pool"),)
class AddVipLink(tables.LinkAction):
name = "addvip"
verbose_name = _("Add VIP")
classes = ("ajax-modal", "btn-create",)
policy_rules = (("network", "create_vip"),)
def get_link_url(self, pool):
base_url = reverse("horizon:project:loadbalancers:addvip",
@ -52,6 +54,7 @@ class AddMemberLink(tables.LinkAction):
verbose_name = _("Add Member")
url = "horizon:project:loadbalancers:addmember"
classes = ("ajax-modal", "btn-create",)
policy_rules = (("network", "create_member"),)
class AddMonitorLink(tables.LinkAction):
@ -59,6 +62,7 @@ class AddMonitorLink(tables.LinkAction):
verbose_name = _("Add Monitor")
url = "horizon:project:loadbalancers:addmonitor"
classes = ("ajax-modal", "btn-create",)
policy_rules = (("network", "create_health_monitor"),)
class DeleteVipLink(tables.DeleteAction):
@ -67,6 +71,7 @@ class DeleteVipLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("VIP")
data_type_plural = _("VIPs")
policy_rules = (("network", "delete_vip"),)
def allowed(self, request, datum=None):
if datum and not datum.vip_id:
@ -80,6 +85,7 @@ class DeletePoolLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("Pool")
data_type_plural = _("Pools")
policy_rules = (("network", "delete_pool"),)
def allowed(self, request, datum=None):
if datum and datum.vip_id:
@ -93,6 +99,7 @@ class DeleteMonitorLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("Monitor")
data_type_plural = _("Monitors")
policy_rules = (("network", "delete_health_monitor"),)
class DeleteMemberLink(tables.DeleteAction):
@ -101,12 +108,14 @@ class DeleteMemberLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("Member")
data_type_plural = _("Members")
policy_rules = (("network", "delete_member"),)
class UpdatePoolLink(tables.LinkAction):
name = "updatepool"
verbose_name = _("Edit Pool")
classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_pool"),)
def get_link_url(self, pool):
base_url = reverse("horizon:project:loadbalancers:updatepool",
@ -118,6 +127,7 @@ class UpdateVipLink(tables.LinkAction):
name = "updatevip"
verbose_name = _("Edit VIP")
classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_vip"),)
def get_link_url(self, pool):
base_url = reverse("horizon:project:loadbalancers:updatevip",
@ -134,6 +144,7 @@ class UpdateMemberLink(tables.LinkAction):
name = "updatemember"
verbose_name = _("Edit Member")
classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_member"),)
def get_link_url(self, member):
base_url = reverse("horizon:project:loadbalancers:updatemember",
@ -145,6 +156,7 @@ class UpdateMonitorLink(tables.LinkAction):
name = "updatemonitor"
verbose_name = _("Edit Monitor")
classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_health_monitor"),)
def get_link_url(self, monitor):
base_url = reverse("horizon:project:loadbalancers:updatemonitor",
@ -165,6 +177,7 @@ class AddPMAssociationLink(tables.LinkAction):
verbose_name = _("Associate Monitor")
url = "horizon:project:loadbalancers:addassociation"
classes = ("ajax-modal", "btn-create",)
policy_rules = (("network", "create_pool_health_monitor"),)
def allowed(self, request, datum=None):
try:
@ -185,6 +198,7 @@ class DeletePMAssociationLink(tables.LinkAction):
verbose_name = _("Disassociate Monitor")
url = "horizon:project:loadbalancers:deleteassociation"
classes = ("ajax-modal", "btn-delete", "btn-danger")
policy_rules = (("network", "delete_pool_health_monitor"),)
def allowed(self, request, datum=None):
if datum and not datum['health_monitors']:

6
openstack_dashboard/dashboards/project/network_topology/templates/network_topology/index.html
View File

@ -24,9 +24,15 @@
</div>
<div class="launchButtons">
{% if launch_instance_allowed %}
<a href="{% url 'horizon:project:network_topology:launchinstance' %}" id="instances__action_launch" class="btn btn-small btn-launch ajax-modal">{%trans "Launch Instance" %}</a>
{% endif %}
{% if create_network_allowed %}
<a href="{% url 'horizon:project:network_topology:createnetwork' %}" id="networks__action_create" class="btn btn-small ajax-modal btn-create">{%trans "Create Network" %}</a>
{% endif %}
{% if create_router_allowed %}
<a href="{% url 'horizon:project:network_topology:createrouter' %}" id="Routers__action_create" class="btn btn-small ajax-modal btn-create">{%trans "Create Router" %}</a>
{% endif %}
</div>
</div>

20
openstack_dashboard/dashboards/project/network_topology/views.py
View File

@ -89,6 +89,26 @@ class RouterDetailView(r_views.DetailView):
class NetworkTopologyView(TemplateView):
template_name = 'project/network_topology/index.html'
def _has_permission(self, policy):
has_permission = True
policy_check = getattr(settings, "POLICY_CHECK_FUNCTION", None)
if policy_check:
has_permission = policy_check(policy, self.request)
return has_permission
def get_context_data(self, **kwargs):
context = super(NetworkTopologyView, self).get_context_data(**kwargs)
context['launch_instance_allowed'] = self._has_permission(
(("compute", "compute:create"),))
context['create_network_allowed'] = self._has_permission(
(("network", "create_network"),))
context['create_router_allowed'] = self._has_permission(
(("network", "create_router"),))
return context
class JSONView(View):
def add_resource_url(self, view, resources):

7
openstack_dashboard/dashboards/project/networks/ports/tables.py
View File

@ -39,6 +39,13 @@ class UpdatePort(tables.LinkAction):
verbose_name = _("Edit Port")
url = "horizon:project:networks:editport"
classes = ("ajax-modal", "btn-edit")
policy_rules = (("network", "update_port"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, port):
network_id = self.table.kwargs['network_id']

22
openstack_dashboard/dashboards/project/networks/subnets/tables.py
View File

@ -43,6 +43,13 @@ class CheckNetworkEditable(object):
class DeleteSubnet(CheckNetworkEditable, tables.DeleteAction):
data_type_singular = _("Subnet")
data_type_plural = _("Subnets")
policy_rules = (("network", "delete_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"network:project_id": project_id}
def delete(self, request, obj_id):
try:
@ -61,6 +68,14 @@ class CreateSubnet(CheckNetworkEditable, tables.LinkAction):
verbose_name = _("Create Subnet")
url = "horizon:project:networks:addsubnet"
classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
network = self.table._get_network()
if network:
project_id = getattr(network, 'tenant_id', None)
return {"network:project_id": project_id}
def get_link_url(self, datum=None):
network_id = self.table.kwargs['network_id']
@ -72,6 +87,13 @@ class UpdateSubnet(CheckNetworkEditable, tables.LinkAction):
verbose_name = _("Edit Subnet")
url = "horizon:project:networks:editsubnet"
classes = ("ajax-modal", "btn-edit")
policy_rules = (("network", "update_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"network:project_id": project_id}
def get_link_url(self, subnet):
network_id = self.table.kwargs['network_id']

22
openstack_dashboard/dashboards/project/networks/tables.py
View File

@ -40,6 +40,13 @@ class CheckNetworkEditable(object):
class DeleteNetwork(CheckNetworkEditable, tables.DeleteAction):
data_type_singular = _("Network")
data_type_plural = _("Networks")
policy_rules = (("network", "delete_network"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, network_id):
try:
@ -65,6 +72,7 @@ class CreateNetwork(tables.LinkAction):
verbose_name = _("Create Network")
url = "horizon:project:networks:create"
classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_network"),)
class EditNetwork(CheckNetworkEditable, tables.LinkAction):
@ -72,6 +80,13 @@ class EditNetwork(CheckNetworkEditable, tables.LinkAction):
verbose_name = _("Edit Network")
url = "horizon:project:networks:update"
classes = ("ajax-modal", "btn-edit")
policy_rules = (("network", "update_network"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
class CreateSubnet(CheckNetworkEditable, tables.LinkAction):
@ -79,6 +94,13 @@ class CreateSubnet(CheckNetworkEditable, tables.LinkAction):
verbose_name = _("Add Subnet")
url = "horizon:project:networks:addsubnet"
classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"network:project_id": project_id}
def get_subnets(network):

14
openstack_dashboard/dashboards/project/routers/extensions/routerrules/tables.py
View File

@ -30,6 +30,13 @@ class AddRouterRule(tables.LinkAction):
verbose_name = _("Add Router Rule")
url = "horizon:project:routers:addrouterrule"
classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "update_router"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, datum=None):
router_id = self.table.kwargs['router_id']
@ -40,6 +47,13 @@ class RemoveRouterRule(tables.DeleteAction):
data_type_singular = _("Router Rule")
data_type_plural = _("Router Rules")
failure_url = 'horizon:project:routers:detail'
policy_rules = (("network", "update_router"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, obj_id):
router_id = self.table.kwargs['router_id']

14
openstack_dashboard/dashboards/project/routers/ports/tables.py
View File

@ -40,6 +40,13 @@ class AddInterface(tables.LinkAction):
verbose_name = _("Add Interface")
url = "horizon:project:routers:addinterface"
classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "add_router_interface"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, datum=None):
router_id = self.table.kwargs['router_id']
@ -50,6 +57,13 @@ class RemoveInterface(tables.DeleteAction):
data_type_singular = _("Interface")
data_type_plural = _("Interfaces")
failure_url = 'horizon:project:routers:detail'
policy_rules = (("network", "remove_router_interface"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, obj_id):
try:

22
openstack_dashboard/dashboards/project/routers/tables.py
View File

@ -31,6 +31,13 @@ class DeleteRouter(tables.DeleteAction):
data_type_singular = _("Router")
data_type_plural = _("Routers")
redirect_url = "horizon:project:routers:index"
policy_rules = (("network", "delete_router"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, obj_id):
obj = self.table.get_object_by_id(obj_id)
@ -57,6 +64,7 @@ class CreateRouter(tables.LinkAction):
verbose_name = _("Create Router")
url = "horizon:project:routers:create"
classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_router"),)
class SetGateway(tables.LinkAction):
@ -64,6 +72,13 @@ class SetGateway(tables.LinkAction):
verbose_name = _("Set Gateway")
url = "horizon:project:routers:setgateway"
classes = ("ajax-modal", "btn-camera")
policy_rules = (("network", "update_router"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def allowed(self, request, datum=None):
if datum.external_gateway_info:
@ -79,6 +94,13 @@ class ClearGateway(tables.BatchAction):
data_type_plural = _("Gateways")
classes = ('btn-danger', 'btn-cleargateway')
redirect_url = "horizon:project:routers:index"
policy_rules = (("network", "update_router"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def action(self, request, obj_id):
obj = self.table.get_object_by_id(obj_id)

12
openstack_dashboard/dashboards/project/vpn/tables.py
View File

@ -31,6 +31,7 @@ class AddIKEPolicyLink(tables.LinkAction):
verbose_name = _("Add IKE Policy")
url = "horizon:project:vpn:addikepolicy"
classes = ("ajax-modal", "btn-addikepolicy",)
policy_rules = (("network", "create_ikepolicy"),)
class AddIPSecPolicyLink(tables.LinkAction):
@ -38,6 +39,7 @@ class AddIPSecPolicyLink(tables.LinkAction):
verbose_name = _("Add IPSec Policy")
url = "horizon:project:vpn:addipsecpolicy"
classes = ("ajax-modal", "btn-addipsecpolicy",)
policy_rules = (("network", "create_ipsecpolicy"),)
class AddVPNServiceLink(tables.LinkAction):
@ -45,6 +47,7 @@ class AddVPNServiceLink(tables.LinkAction):
verbose_name = _("Add VPN Service")
url = "horizon:project:vpn:addvpnservice"
classes = ("ajax-modal", "btn-addvpnservice",)
policy_rules = (("network", "create_vpnservice"),)
class AddIPSecSiteConnectionLink(tables.LinkAction):
@ -52,6 +55,7 @@ class AddIPSecSiteConnectionLink(tables.LinkAction):
verbose_name = _("Add IPSec Site Connection")
url = "horizon:project:vpn:addipsecsiteconnection"
classes = ("ajax-modal", "btn-addipsecsiteconnection",)
policy_rules = (("network", "create_ipsec_site_connection"),)
class DeleteVPNServiceLink(tables.DeleteAction):
@ -60,6 +64,7 @@ class DeleteVPNServiceLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("VPN Service")
data_type_plural = _("VPN Services")
policy_rules = (("network", "delete_vpnservice"),)
def allowed(self, request, datum=None):
if datum and datum.ipsecsiteconns:
@ -73,6 +78,7 @@ class DeleteIKEPolicyLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("IKE Policy")
data_type_plural = _("IKE Policies")
policy_rules = (("network", "delete_ikepolicy"),)
def allowed(self, request, datum=None):
if datum and datum.ipsecsiteconns:
@ -86,6 +92,7 @@ class DeleteIPSecPolicyLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("IPSec Policy")
data_type_plural = _("IPSec Policies")
policy_rules = (("network", "delete_ipsecpolicy"),)
def allowed(self, request, datum=None):
if datum and datum.ipsecsiteconns:
@ -99,12 +106,14 @@ class DeleteIPSecSiteConnectionLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("IPSec Site Connection")
data_type_plural = _("IPSec Site Connections")
policy_rules = (("network", "delete_ipsec_site_connection"),)
class UpdateVPNServiceLink(tables.LinkAction):
name = "update_vpnservice"
verbose_name = _("Edit VPN Service")
classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_vpnservice"),)
def get_link_url(self, vpnservice):
return reverse("horizon:project:vpn:update_vpnservice",
@ -120,6 +129,7 @@ class UpdateIKEPolicyLink(tables.LinkAction):
name = "updateikepolicy"
verbose_name = _("Edit IKE Policy")
classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_ikepolicy"),)
def get_link_url(self, ikepolicy):
return reverse("horizon:project:vpn:update_ikepolicy",
@ -133,6 +143,7 @@ class UpdateIPSecPolicyLink(tables.LinkAction):
name = "updateipsecpolicy"
verbose_name = _("Edit IPSec Policy")
classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_ipsecpolicy"),)
def get_link_url(self, ipsecpolicy):
return reverse("horizon:project:vpn:update_ipsecpolicy",
@ -146,6 +157,7 @@ class UpdateIPSecSiteConnectionLink(tables.LinkAction):
name = "updateipsecsiteconnection"
verbose_name = _("Edit Connection")
classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_ipsec_site_connection"),)
def get_link_url(self, ipsecsiteconnection):
return reverse("horizon:project:vpn:update_ipsecsiteconnection",

1
openstack_dashboard/local/local_settings.py.example
View File

@ -257,6 +257,7 @@ TIME_ZONE = "UTC"
# 'volume': 'cinder_policy.json',
# 'image': 'glance_policy.json',
# 'orchestration': 'heat_policy.json',
# 'network': 'neutron_policy.json',
#}
# Trove user and database extension support. By default support for

1
openstack_dashboard/settings.py
View File

@ -209,6 +209,7 @@ POLICY_FILES = {
'volume': 'cinder_policy.json',
'image': 'glance_policy.json',
'orchestration': 'heat_policy.json',
'network': 'neutron_policy.json',
}
SECRET_KEY = None