Merge "adding policy check for neutron"

This commit is contained in:
Jenkins 2014-05-29 19:51:27 +00:00 committed by Gerrit Code Review
commit bf4950ccc0
18 changed files with 460 additions and 0 deletions

View File

@ -0,0 +1,172 @@
{
"context_is_admin": "role:admin",
"admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s",
"admin_or_network_owner": "rule:context_is_admin or project_id:%(network:project_id)s",
"admin_only": "rule:context_is_admin",
"regular_user": "",
"shared": "field:networks:shared=True",
"shared_firewalls": "field:firewalls:shared=True",
"external": "field:networks:router:external=True",
"default": "rule:admin_or_owner",
"subnets:private:read": "rule:admin_or_owner",
"subnets:private:write": "rule:admin_or_owner",
"subnets:shared:read": "rule:regular_user",
"subnets:shared:write": "rule:admin_only",
"create_subnet": "rule:admin_or_network_owner",
"get_subnet": "rule:admin_or_owner or rule:shared",
"update_subnet": "rule:admin_or_network_owner",
"delete_subnet": "rule:admin_or_network_owner",
"create_network": "",
"get_network": "rule:admin_or_owner or rule:shared or rule:external",
"get_network:router:external": "rule:regular_user",
"get_network:segments": "rule:admin_only",
"get_network:provider:network_type": "rule:admin_only",
"get_network:provider:physical_network": "rule:admin_only",
"get_network:provider:segmentation_id": "rule:admin_only",
"get_network:queue_id": "rule:admin_only",
"create_network:shared": "rule:admin_only",
"create_network:router:external": "rule:admin_only",
"create_network:segments": "rule:admin_only",
"create_network:provider:network_type": "rule:admin_only",
"create_network:provider:physical_network": "rule:admin_only",
"create_network:provider:segmentation_id": "rule:admin_only",
"update_network": "rule:admin_or_owner",
"update_network:segments": "rule:admin_only",
"update_network:provider:network_type": "rule:admin_only",
"update_network:provider:physical_network": "rule:admin_only",
"update_network:provider:segmentation_id": "rule:admin_only",
"delete_network": "rule:admin_or_owner",
"create_port": "",
"create_port:mac_address": "rule:admin_or_network_owner",
"create_port:fixed_ips": "rule:admin_or_network_owner",
"create_port:port_security_enabled": "rule:admin_or_network_owner",
"create_port:binding:host_id": "rule:admin_only",
"create_port:binding:profile": "rule:admin_only",
"create_port:mac_learning_enabled": "rule:admin_or_network_owner",
"get_port": "rule:admin_or_owner",
"get_port:queue_id": "rule:admin_only",
"get_port:binding:vif_type": "rule:admin_only",
"get_port:binding:capabilities": "rule:admin_only",
"get_port:binding:host_id": "rule:admin_only",
"get_port:binding:profile": "rule:admin_only",
"update_port": "rule:admin_or_owner",
"update_port:fixed_ips": "rule:admin_or_network_owner",
"update_port:port_security_enabled": "rule:admin_or_network_owner",
"update_port:binding:host_id": "rule:admin_only",
"update_port:binding:profile": "rule:admin_only",
"update_port:mac_learning_enabled": "rule:admin_or_network_owner",
"delete_port": "rule:admin_or_owner",
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
"create_ikepolicy": "rule:admin_or_owner",
"update_ikepolicy": "rule:admin_or_owner",
"delete_ikepolicy": "rule:admin_or_owner",
"create_ipsecpolicy": "rule:admin_or_owner",
"update_ipsecpolicy": "rule:admin_or_owner",
"delete_ipsecpolicy": "rule:admin_or_owner",
"create_vpnservice": "rule:admin_or_owner",
"update_vpnservice": "rule:admin_or_owner",
"delete_vpnservice": "rule:admin_or_owner",
"create_ipsec_site_connection": "rule:admin_or_owner",
"update_ipsec_site_connection": "rule:admin_or_owner",
"delete_ipsec_site_connection": "rule:admin_or_owner",
"create_firewall": "",
"get_firewall": "rule:admin_or_owner",
"create_firewall:shared": "rule:admin_only",
"get_firewall:shared": "rule:admin_only",
"update_firewall": "rule:admin_or_owner",
"delete_firewall": "rule:admin_or_owner",
"create_firewall_policy": "",
"get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls",
"create_firewall_policy:shared": "rule:admin_or_owner",
"update_firewall_policy": "rule:admin_or_owner",
"delete_firewall_policy": "rule:admin_or_owner",
"create_firewall_rule": "",
"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
"create_firewall_rule:shared": "rule:admin_or_owner",
"get_firewall_rule:shared": "rule:admin_or_owner",
"update_firewall_rule": "rule:admin_or_owner",
"delete_firewall_rule": "rule:admin_or_owner",
"insert_rule": "rule:admin_or_owner",
"remove_rule": "rule:admin_or_owner",
"create_qos_queue": "rule:admin_only",
"get_qos_queue": "rule:admin_only",
"update_agent": "rule:admin_only",
"delete_agent": "rule:admin_only",
"get_agent": "rule:admin_only",
"create_dhcp-network": "rule:admin_only",
"delete_dhcp-network": "rule:admin_only",
"get_dhcp-networks": "rule:admin_only",
"create_l3-router": "rule:admin_only",
"delete_l3-router": "rule:admin_only",
"get_l3-routers": "rule:admin_only",
"get_dhcp-agents": "rule:admin_only",
"get_l3-agents": "rule:admin_only",
"get_loadbalancer-agent": "rule:admin_only",
"get_loadbalancer-pools": "rule:admin_only",
"create_pool": "rule:admin_or_owner",
"update_pool": "rule:admin_or_owner",
"delete_pool": "rule:admin_or_owner",
"create_vip": "rule:admin_or_owner",
"update_vip": "rule:admin_or_owner",
"delete_vip": "rule:admin_or_owner",
"create_member": "rule:admin_or_owner",
"update_member": "rule:admin_or_owner",
"delete_member": "rule:admin_or_owner",
"create_health_monitor": "rule:admin_or_owner",
"update_health_monitor": "rule:admin_or_owner",
"delete_health_monitor": "rule:admin_or_owner",
"create_pool_health_monitor": "rule:admin_or_owner",
"delete_pool_health_monitor": "rule:admin_or_owner",
"create_router": "rule:regular_user",
"get_router": "rule:admin_or_owner",
"update_router": "rule:admin_or_owner",
"add_router_interface": "rule:admin_or_owner",
"remove_router_interface": "rule:admin_or_owner",
"delete_router": "rule:admin_or_owner",
"create_floatingip": "rule:regular_user",
"update_floatingip": "rule:admin_or_owner",
"delete_floatingip": "rule:admin_or_owner",
"get_floatingip": "rule:admin_or_owner",
"create_network_profile": "rule:admin_only",
"update_network_profile": "rule:admin_only",
"delete_network_profile": "rule:admin_only",
"get_network_profiles": "",
"get_network_profile": "",
"update_policy_profiles": "rule:admin_only",
"get_policy_profiles": "",
"get_policy_profile": "",
"create_metering_label": "rule:admin_only",
"delete_metering_label": "rule:admin_only",
"get_metering_label": "rule:admin_only",
"create_metering_label_rule": "rule:admin_only",
"delete_metering_label_rule": "rule:admin_only",
"get_metering_label_rule": "rule:admin_only",
"get_service_provider": "rule:regular_user"
}

View File

@ -31,6 +31,13 @@ LOG = logging.getLogger(__name__)
class DeletePort(tables.DeleteAction): class DeletePort(tables.DeleteAction):
data_type_singular = _("Port") data_type_singular = _("Port")
data_type_plural = _("Ports") data_type_plural = _("Ports")
policy_rules = (("network", "delete_port"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, obj_id): def delete(self, request, obj_id):
try: try:
@ -49,6 +56,7 @@ class CreatePort(tables.LinkAction):
verbose_name = _("Create Port") verbose_name = _("Create Port")
url = "horizon:admin:networks:addport" url = "horizon:admin:networks:addport"
classes = ("ajax-modal", "btn-create") classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_port"),)
def get_link_url(self, datum=None): def get_link_url(self, datum=None):
network_id = self.table.kwargs['network_id'] network_id = self.table.kwargs['network_id']
@ -60,6 +68,13 @@ class UpdatePort(tables.LinkAction):
verbose_name = _("Edit Port") verbose_name = _("Edit Port")
url = "horizon:admin:networks:editport" url = "horizon:admin:networks:editport"
classes = ("ajax-modal", "btn-edit") classes = ("ajax-modal", "btn-edit")
policy_rules = (("network", "update_port"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, port): def get_link_url(self, port):
network_id = self.table.kwargs['network_id'] network_id = self.table.kwargs['network_id']

View File

@ -19,6 +19,7 @@ from django.utils.translation import ugettext_lazy as _
from horizon import exceptions from horizon import exceptions
from horizon import tables from horizon import tables
from horizon.utils import memoized
from openstack_dashboard import api from openstack_dashboard import api
@ -29,6 +30,13 @@ LOG = logging.getLogger(__name__)
class DeleteSubnet(tables.DeleteAction): class DeleteSubnet(tables.DeleteAction):
data_type_singular = _("Subnet") data_type_singular = _("Subnet")
data_type_plural = _("Subnets") data_type_plural = _("Subnets")
policy_rules = (("network", "delete_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"network:project_id": project_id}
def delete(self, request, obj_id): def delete(self, request, obj_id):
try: try:
@ -47,6 +55,14 @@ class CreateSubnet(tables.LinkAction):
verbose_name = _("Create Subnet") verbose_name = _("Create Subnet")
url = "horizon:admin:networks:addsubnet" url = "horizon:admin:networks:addsubnet"
classes = ("ajax-modal", "btn-create") classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
network = self.table._get_network()
if network:
project_id = getattr(network, 'tenant_id', None)
return {"network:project_id": project_id}
def get_link_url(self, datum=None): def get_link_url(self, datum=None):
network_id = self.table.kwargs['network_id'] network_id = self.table.kwargs['network_id']
@ -58,6 +74,13 @@ class UpdateSubnet(tables.LinkAction):
verbose_name = _("Edit Subnet") verbose_name = _("Edit Subnet")
url = "horizon:admin:networks:editsubnet" url = "horizon:admin:networks:editsubnet"
classes = ("ajax-modal", "btn-edit") classes = ("ajax-modal", "btn-edit")
policy_rules = (("network", "update_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"network:project_id": project_id}
def get_link_url(self, subnet): def get_link_url(self, subnet):
network_id = self.table.kwargs['network_id'] network_id = self.table.kwargs['network_id']
@ -74,6 +97,18 @@ class SubnetsTable(tables.DataTable):
def get_object_display(self, subnet): def get_object_display(self, subnet):
return subnet.id return subnet.id
@memoized.memoized_method
def _get_network(self):
try:
network_id = self.kwargs['network_id']
network = api.neutron.network_get(self.request, network_id)
network.set_id_as_name_if_empty(length=0)
except Exception:
msg = _('Unable to retrieve details for network "%s".') \
% (network_id)
exceptions.handle(self.request, msg, redirect=self.failure_url)
return network
class Meta: class Meta:
name = "subnets" name = "subnets"
verbose_name = _("Subnets") verbose_name = _("Subnets")

View File

@ -32,6 +32,13 @@ LOG = logging.getLogger(__name__)
class DeleteNetwork(tables.DeleteAction): class DeleteNetwork(tables.DeleteAction):
data_type_singular = _("Network") data_type_singular = _("Network")
data_type_plural = _("Networks") data_type_plural = _("Networks")
policy_rules = (("network", "delete_network"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, obj_id): def delete(self, request, obj_id):
try: try:
@ -48,6 +55,7 @@ class CreateNetwork(tables.LinkAction):
verbose_name = _("Create Network") verbose_name = _("Create Network")
url = "horizon:admin:networks:create" url = "horizon:admin:networks:create"
classes = ("ajax-modal", "btn-create") classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_network"),)
class EditNetwork(tables.LinkAction): class EditNetwork(tables.LinkAction):
@ -55,6 +63,13 @@ class EditNetwork(tables.LinkAction):
verbose_name = _("Edit Network") verbose_name = _("Edit Network")
url = "horizon:admin:networks:update" url = "horizon:admin:networks:update"
classes = ("ajax-modal", "btn-edit") classes = ("ajax-modal", "btn-edit")
policy_rules = (("network", "update_network"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
#def _get_subnets(network): #def _get_subnets(network):

View File

@ -22,6 +22,13 @@ from openstack_dashboard.dashboards.project.routers import tables as r_tables
class DeleteRouter(r_tables.DeleteRouter): class DeleteRouter(r_tables.DeleteRouter):
redirect_url = "horizon:admin:routers:index" redirect_url = "horizon:admin:routers:index"
policy_rules = (("network", "delete_router"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, obj_id): def delete(self, request, obj_id):
search_opts = {'device_owner': 'network:router_interface', search_opts = {'device_owner': 'network:router_interface',

View File

@ -26,6 +26,7 @@ class AddRuleLink(tables.LinkAction):
verbose_name = _("Add Rule") verbose_name = _("Add Rule")
url = "horizon:project:firewalls:addrule" url = "horizon:project:firewalls:addrule"
classes = ("ajax-modal", "btn-create",) classes = ("ajax-modal", "btn-create",)
policy_rules = (("network", "create_firewall_rule"),)
class AddPolicyLink(tables.LinkAction): class AddPolicyLink(tables.LinkAction):
@ -33,6 +34,7 @@ class AddPolicyLink(tables.LinkAction):
verbose_name = _("Add Policy") verbose_name = _("Add Policy")
url = "horizon:project:firewalls:addpolicy" url = "horizon:project:firewalls:addpolicy"
classes = ("ajax-modal", "btn-addpolicy",) classes = ("ajax-modal", "btn-addpolicy",)
policy_rules = (("network", "create_firewall_policy"),)
class AddFirewallLink(tables.LinkAction): class AddFirewallLink(tables.LinkAction):
@ -40,6 +42,7 @@ class AddFirewallLink(tables.LinkAction):
verbose_name = _("Create Firewall") verbose_name = _("Create Firewall")
url = "horizon:project:firewalls:addfirewall" url = "horizon:project:firewalls:addfirewall"
classes = ("ajax-modal", "btn-addfirewall",) classes = ("ajax-modal", "btn-addfirewall",)
policy_rules = (("network", "create_firewall"),)
class DeleteRuleLink(tables.DeleteAction): class DeleteRuleLink(tables.DeleteAction):
@ -48,6 +51,13 @@ class DeleteRuleLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s") action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("Rule") data_type_singular = _("Rule")
data_type_plural = _("Rules") data_type_plural = _("Rules")
policy_rules = (("network", "delete_firewall_rule"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
class DeletePolicyLink(tables.DeleteAction): class DeletePolicyLink(tables.DeleteAction):
@ -56,6 +66,13 @@ class DeletePolicyLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s") action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("Policy") data_type_singular = _("Policy")
data_type_plural = _("Policies") data_type_plural = _("Policies")
policy_rules = (("network", "delete_firewall_policy"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
class DeleteFirewallLink(tables.DeleteAction): class DeleteFirewallLink(tables.DeleteAction):
@ -64,12 +81,26 @@ class DeleteFirewallLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s") action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("Firewall") data_type_singular = _("Firewall")
data_type_plural = _("Firewalls") data_type_plural = _("Firewalls")
policy_rules = (("network", "delete_firewall"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
class UpdateRuleLink(tables.LinkAction): class UpdateRuleLink(tables.LinkAction):
name = "updaterule" name = "updaterule"
verbose_name = _("Edit Rule") verbose_name = _("Edit Rule")
classes = ("ajax-modal", "btn-update",) classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_firewall_rule"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, rule): def get_link_url(self, rule):
base_url = reverse("horizon:project:firewalls:updaterule", base_url = reverse("horizon:project:firewalls:updaterule",
@ -81,6 +112,13 @@ class UpdatePolicyLink(tables.LinkAction):
name = "updatepolicy" name = "updatepolicy"
verbose_name = _("Edit Policy") verbose_name = _("Edit Policy")
classes = ("ajax-modal", "btn-update",) classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_firewall_policy"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, policy): def get_link_url(self, policy):
base_url = reverse("horizon:project:firewalls:updatepolicy", base_url = reverse("horizon:project:firewalls:updatepolicy",
@ -92,6 +130,13 @@ class UpdateFirewallLink(tables.LinkAction):
name = "updatefirewall" name = "updatefirewall"
verbose_name = _("Edit Firewall") verbose_name = _("Edit Firewall")
classes = ("ajax-modal", "btn-update",) classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_firewall"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, firewall): def get_link_url(self, firewall):
base_url = reverse("horizon:project:firewalls:updatefirewall", base_url = reverse("horizon:project:firewalls:updatefirewall",
@ -103,6 +148,14 @@ class InsertRuleToPolicyLink(tables.LinkAction):
name = "insertrule" name = "insertrule"
verbose_name = _("Insert Rule") verbose_name = _("Insert Rule")
classes = ("ajax-modal", "btn-update",) classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "get_firewall_policy"),
("network", "insert_rule"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, policy): def get_link_url(self, policy):
base_url = reverse("horizon:project:firewalls:insertrule", base_url = reverse("horizon:project:firewalls:insertrule",
@ -114,6 +167,14 @@ class RemoveRuleFromPolicyLink(tables.LinkAction):
name = "removerule" name = "removerule"
verbose_name = _("Remove Rule") verbose_name = _("Remove Rule")
classes = ("ajax-modal", "btn-danger",) classes = ("ajax-modal", "btn-danger",)
policy_rules = (("network", "get_firewall_policy"),
("network", "remove_rule"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, policy): def get_link_url(self, policy):
base_url = reverse("horizon:project:firewalls:removerule", base_url = reverse("horizon:project:firewalls:removerule",

View File

@ -29,12 +29,14 @@ class AddPoolLink(tables.LinkAction):
verbose_name = _("Add Pool") verbose_name = _("Add Pool")
url = "horizon:project:loadbalancers:addpool" url = "horizon:project:loadbalancers:addpool"
classes = ("ajax-modal", "btn-create",) classes = ("ajax-modal", "btn-create",)
policy_rules = (("network", "create_pool"),)
class AddVipLink(tables.LinkAction): class AddVipLink(tables.LinkAction):
name = "addvip" name = "addvip"
verbose_name = _("Add VIP") verbose_name = _("Add VIP")
classes = ("ajax-modal", "btn-create",) classes = ("ajax-modal", "btn-create",)
policy_rules = (("network", "create_vip"),)
def get_link_url(self, pool): def get_link_url(self, pool):
base_url = reverse("horizon:project:loadbalancers:addvip", base_url = reverse("horizon:project:loadbalancers:addvip",
@ -52,6 +54,7 @@ class AddMemberLink(tables.LinkAction):
verbose_name = _("Add Member") verbose_name = _("Add Member")
url = "horizon:project:loadbalancers:addmember" url = "horizon:project:loadbalancers:addmember"
classes = ("ajax-modal", "btn-create",) classes = ("ajax-modal", "btn-create",)
policy_rules = (("network", "create_member"),)
class AddMonitorLink(tables.LinkAction): class AddMonitorLink(tables.LinkAction):
@ -59,6 +62,7 @@ class AddMonitorLink(tables.LinkAction):
verbose_name = _("Add Monitor") verbose_name = _("Add Monitor")
url = "horizon:project:loadbalancers:addmonitor" url = "horizon:project:loadbalancers:addmonitor"
classes = ("ajax-modal", "btn-create",) classes = ("ajax-modal", "btn-create",)
policy_rules = (("network", "create_health_monitor"),)
class DeleteVipLink(tables.DeleteAction): class DeleteVipLink(tables.DeleteAction):
@ -67,6 +71,7 @@ class DeleteVipLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s") action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("VIP") data_type_singular = _("VIP")
data_type_plural = _("VIPs") data_type_plural = _("VIPs")
policy_rules = (("network", "delete_vip"),)
def allowed(self, request, datum=None): def allowed(self, request, datum=None):
if datum and not datum.vip_id: if datum and not datum.vip_id:
@ -80,6 +85,7 @@ class DeletePoolLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s") action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("Pool") data_type_singular = _("Pool")
data_type_plural = _("Pools") data_type_plural = _("Pools")
policy_rules = (("network", "delete_pool"),)
def allowed(self, request, datum=None): def allowed(self, request, datum=None):
if datum and datum.vip_id: if datum and datum.vip_id:
@ -93,6 +99,7 @@ class DeleteMonitorLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s") action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("Monitor") data_type_singular = _("Monitor")
data_type_plural = _("Monitors") data_type_plural = _("Monitors")
policy_rules = (("network", "delete_health_monitor"),)
class DeleteMemberLink(tables.DeleteAction): class DeleteMemberLink(tables.DeleteAction):
@ -101,12 +108,14 @@ class DeleteMemberLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s") action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("Member") data_type_singular = _("Member")
data_type_plural = _("Members") data_type_plural = _("Members")
policy_rules = (("network", "delete_member"),)
class UpdatePoolLink(tables.LinkAction): class UpdatePoolLink(tables.LinkAction):
name = "updatepool" name = "updatepool"
verbose_name = _("Edit Pool") verbose_name = _("Edit Pool")
classes = ("ajax-modal", "btn-update",) classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_pool"),)
def get_link_url(self, pool): def get_link_url(self, pool):
base_url = reverse("horizon:project:loadbalancers:updatepool", base_url = reverse("horizon:project:loadbalancers:updatepool",
@ -118,6 +127,7 @@ class UpdateVipLink(tables.LinkAction):
name = "updatevip" name = "updatevip"
verbose_name = _("Edit VIP") verbose_name = _("Edit VIP")
classes = ("ajax-modal", "btn-update",) classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_vip"),)
def get_link_url(self, pool): def get_link_url(self, pool):
base_url = reverse("horizon:project:loadbalancers:updatevip", base_url = reverse("horizon:project:loadbalancers:updatevip",
@ -134,6 +144,7 @@ class UpdateMemberLink(tables.LinkAction):
name = "updatemember" name = "updatemember"
verbose_name = _("Edit Member") verbose_name = _("Edit Member")
classes = ("ajax-modal", "btn-update",) classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_member"),)
def get_link_url(self, member): def get_link_url(self, member):
base_url = reverse("horizon:project:loadbalancers:updatemember", base_url = reverse("horizon:project:loadbalancers:updatemember",
@ -145,6 +156,7 @@ class UpdateMonitorLink(tables.LinkAction):
name = "updatemonitor" name = "updatemonitor"
verbose_name = _("Edit Monitor") verbose_name = _("Edit Monitor")
classes = ("ajax-modal", "btn-update",) classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_health_monitor"),)
def get_link_url(self, monitor): def get_link_url(self, monitor):
base_url = reverse("horizon:project:loadbalancers:updatemonitor", base_url = reverse("horizon:project:loadbalancers:updatemonitor",
@ -165,6 +177,7 @@ class AddPMAssociationLink(tables.LinkAction):
verbose_name = _("Associate Monitor") verbose_name = _("Associate Monitor")
url = "horizon:project:loadbalancers:addassociation" url = "horizon:project:loadbalancers:addassociation"
classes = ("ajax-modal", "btn-create",) classes = ("ajax-modal", "btn-create",)
policy_rules = (("network", "create_pool_health_monitor"),)
def allowed(self, request, datum=None): def allowed(self, request, datum=None):
try: try:
@ -185,6 +198,7 @@ class DeletePMAssociationLink(tables.LinkAction):
verbose_name = _("Disassociate Monitor") verbose_name = _("Disassociate Monitor")
url = "horizon:project:loadbalancers:deleteassociation" url = "horizon:project:loadbalancers:deleteassociation"
classes = ("ajax-modal", "btn-delete", "btn-danger") classes = ("ajax-modal", "btn-delete", "btn-danger")
policy_rules = (("network", "delete_pool_health_monitor"),)
def allowed(self, request, datum=None): def allowed(self, request, datum=None):
if datum and not datum['health_monitors']: if datum and not datum['health_monitors']:

View File

@ -24,9 +24,15 @@
</div> </div>
<div class="launchButtons"> <div class="launchButtons">
{% if launch_instance_allowed %}
<a href="{% url 'horizon:project:network_topology:launchinstance' %}" id="instances__action_launch" class="btn btn-small btn-launch ajax-modal">{%trans "Launch Instance" %}</a> <a href="{% url 'horizon:project:network_topology:launchinstance' %}" id="instances__action_launch" class="btn btn-small btn-launch ajax-modal">{%trans "Launch Instance" %}</a>
{% endif %}
{% if create_network_allowed %}
<a href="{% url 'horizon:project:network_topology:createnetwork' %}" id="networks__action_create" class="btn btn-small ajax-modal btn-create">{%trans "Create Network" %}</a> <a href="{% url 'horizon:project:network_topology:createnetwork' %}" id="networks__action_create" class="btn btn-small ajax-modal btn-create">{%trans "Create Network" %}</a>
{% endif %}
{% if create_router_allowed %}
<a href="{% url 'horizon:project:network_topology:createrouter' %}" id="Routers__action_create" class="btn btn-small ajax-modal btn-create">{%trans "Create Router" %}</a> <a href="{% url 'horizon:project:network_topology:createrouter' %}" id="Routers__action_create" class="btn btn-small ajax-modal btn-create">{%trans "Create Router" %}</a>
{% endif %}
</div> </div>
</div> </div>

View File

@ -89,6 +89,26 @@ class RouterDetailView(r_views.DetailView):
class NetworkTopologyView(TemplateView): class NetworkTopologyView(TemplateView):
template_name = 'project/network_topology/index.html' template_name = 'project/network_topology/index.html'
def _has_permission(self, policy):
has_permission = True
policy_check = getattr(settings, "POLICY_CHECK_FUNCTION", None)
if policy_check:
has_permission = policy_check(policy, self.request)
return has_permission
def get_context_data(self, **kwargs):
context = super(NetworkTopologyView, self).get_context_data(**kwargs)
context['launch_instance_allowed'] = self._has_permission(
(("compute", "compute:create"),))
context['create_network_allowed'] = self._has_permission(
(("network", "create_network"),))
context['create_router_allowed'] = self._has_permission(
(("network", "create_router"),))
return context
class JSONView(View): class JSONView(View):
def add_resource_url(self, view, resources): def add_resource_url(self, view, resources):

View File

@ -39,6 +39,13 @@ class UpdatePort(tables.LinkAction):
verbose_name = _("Edit Port") verbose_name = _("Edit Port")
url = "horizon:project:networks:editport" url = "horizon:project:networks:editport"
classes = ("ajax-modal", "btn-edit") classes = ("ajax-modal", "btn-edit")
policy_rules = (("network", "update_port"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, port): def get_link_url(self, port):
network_id = self.table.kwargs['network_id'] network_id = self.table.kwargs['network_id']

View File

@ -43,6 +43,13 @@ class CheckNetworkEditable(object):
class DeleteSubnet(CheckNetworkEditable, tables.DeleteAction): class DeleteSubnet(CheckNetworkEditable, tables.DeleteAction):
data_type_singular = _("Subnet") data_type_singular = _("Subnet")
data_type_plural = _("Subnets") data_type_plural = _("Subnets")
policy_rules = (("network", "delete_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"network:project_id": project_id}
def delete(self, request, obj_id): def delete(self, request, obj_id):
try: try:
@ -61,6 +68,14 @@ class CreateSubnet(CheckNetworkEditable, tables.LinkAction):
verbose_name = _("Create Subnet") verbose_name = _("Create Subnet")
url = "horizon:project:networks:addsubnet" url = "horizon:project:networks:addsubnet"
classes = ("ajax-modal", "btn-create") classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
network = self.table._get_network()
if network:
project_id = getattr(network, 'tenant_id', None)
return {"network:project_id": project_id}
def get_link_url(self, datum=None): def get_link_url(self, datum=None):
network_id = self.table.kwargs['network_id'] network_id = self.table.kwargs['network_id']
@ -72,6 +87,13 @@ class UpdateSubnet(CheckNetworkEditable, tables.LinkAction):
verbose_name = _("Edit Subnet") verbose_name = _("Edit Subnet")
url = "horizon:project:networks:editsubnet" url = "horizon:project:networks:editsubnet"
classes = ("ajax-modal", "btn-edit") classes = ("ajax-modal", "btn-edit")
policy_rules = (("network", "update_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"network:project_id": project_id}
def get_link_url(self, subnet): def get_link_url(self, subnet):
network_id = self.table.kwargs['network_id'] network_id = self.table.kwargs['network_id']

View File

@ -40,6 +40,13 @@ class CheckNetworkEditable(object):
class DeleteNetwork(CheckNetworkEditable, tables.DeleteAction): class DeleteNetwork(CheckNetworkEditable, tables.DeleteAction):
data_type_singular = _("Network") data_type_singular = _("Network")
data_type_plural = _("Networks") data_type_plural = _("Networks")
policy_rules = (("network", "delete_network"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, network_id): def delete(self, request, network_id):
try: try:
@ -65,6 +72,7 @@ class CreateNetwork(tables.LinkAction):
verbose_name = _("Create Network") verbose_name = _("Create Network")
url = "horizon:project:networks:create" url = "horizon:project:networks:create"
classes = ("ajax-modal", "btn-create") classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_network"),)
class EditNetwork(CheckNetworkEditable, tables.LinkAction): class EditNetwork(CheckNetworkEditable, tables.LinkAction):
@ -72,6 +80,13 @@ class EditNetwork(CheckNetworkEditable, tables.LinkAction):
verbose_name = _("Edit Network") verbose_name = _("Edit Network")
url = "horizon:project:networks:update" url = "horizon:project:networks:update"
classes = ("ajax-modal", "btn-edit") classes = ("ajax-modal", "btn-edit")
policy_rules = (("network", "update_network"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
class CreateSubnet(CheckNetworkEditable, tables.LinkAction): class CreateSubnet(CheckNetworkEditable, tables.LinkAction):
@ -79,6 +94,13 @@ class CreateSubnet(CheckNetworkEditable, tables.LinkAction):
verbose_name = _("Add Subnet") verbose_name = _("Add Subnet")
url = "horizon:project:networks:addsubnet" url = "horizon:project:networks:addsubnet"
classes = ("ajax-modal", "btn-create") classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_subnet"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"network:project_id": project_id}
def get_subnets(network): def get_subnets(network):

View File

@ -30,6 +30,13 @@ class AddRouterRule(tables.LinkAction):
verbose_name = _("Add Router Rule") verbose_name = _("Add Router Rule")
url = "horizon:project:routers:addrouterrule" url = "horizon:project:routers:addrouterrule"
classes = ("ajax-modal", "btn-create") classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "update_router"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, datum=None): def get_link_url(self, datum=None):
router_id = self.table.kwargs['router_id'] router_id = self.table.kwargs['router_id']
@ -40,6 +47,13 @@ class RemoveRouterRule(tables.DeleteAction):
data_type_singular = _("Router Rule") data_type_singular = _("Router Rule")
data_type_plural = _("Router Rules") data_type_plural = _("Router Rules")
failure_url = 'horizon:project:routers:detail' failure_url = 'horizon:project:routers:detail'
policy_rules = (("network", "update_router"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, obj_id): def delete(self, request, obj_id):
router_id = self.table.kwargs['router_id'] router_id = self.table.kwargs['router_id']

View File

@ -40,6 +40,13 @@ class AddInterface(tables.LinkAction):
verbose_name = _("Add Interface") verbose_name = _("Add Interface")
url = "horizon:project:routers:addinterface" url = "horizon:project:routers:addinterface"
classes = ("ajax-modal", "btn-create") classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "add_router_interface"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def get_link_url(self, datum=None): def get_link_url(self, datum=None):
router_id = self.table.kwargs['router_id'] router_id = self.table.kwargs['router_id']
@ -50,6 +57,13 @@ class RemoveInterface(tables.DeleteAction):
data_type_singular = _("Interface") data_type_singular = _("Interface")
data_type_plural = _("Interfaces") data_type_plural = _("Interfaces")
failure_url = 'horizon:project:routers:detail' failure_url = 'horizon:project:routers:detail'
policy_rules = (("network", "remove_router_interface"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, obj_id): def delete(self, request, obj_id):
try: try:

View File

@ -31,6 +31,13 @@ class DeleteRouter(tables.DeleteAction):
data_type_singular = _("Router") data_type_singular = _("Router")
data_type_plural = _("Routers") data_type_plural = _("Routers")
redirect_url = "horizon:project:routers:index" redirect_url = "horizon:project:routers:index"
policy_rules = (("network", "delete_router"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def delete(self, request, obj_id): def delete(self, request, obj_id):
obj = self.table.get_object_by_id(obj_id) obj = self.table.get_object_by_id(obj_id)
@ -57,6 +64,7 @@ class CreateRouter(tables.LinkAction):
verbose_name = _("Create Router") verbose_name = _("Create Router")
url = "horizon:project:routers:create" url = "horizon:project:routers:create"
classes = ("ajax-modal", "btn-create") classes = ("ajax-modal", "btn-create")
policy_rules = (("network", "create_router"),)
class SetGateway(tables.LinkAction): class SetGateway(tables.LinkAction):
@ -64,6 +72,13 @@ class SetGateway(tables.LinkAction):
verbose_name = _("Set Gateway") verbose_name = _("Set Gateway")
url = "horizon:project:routers:setgateway" url = "horizon:project:routers:setgateway"
classes = ("ajax-modal", "btn-camera") classes = ("ajax-modal", "btn-camera")
policy_rules = (("network", "update_router"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def allowed(self, request, datum=None): def allowed(self, request, datum=None):
if datum.external_gateway_info: if datum.external_gateway_info:
@ -79,6 +94,13 @@ class ClearGateway(tables.BatchAction):
data_type_plural = _("Gateways") data_type_plural = _("Gateways")
classes = ('btn-danger', 'btn-cleargateway') classes = ('btn-danger', 'btn-cleargateway')
redirect_url = "horizon:project:routers:index" redirect_url = "horizon:project:routers:index"
policy_rules = (("network", "update_router"),)
def get_policy_target(self, request, datum=None):
project_id = None
if datum:
project_id = getattr(datum, 'tenant_id', None)
return {"project_id": project_id}
def action(self, request, obj_id): def action(self, request, obj_id):
obj = self.table.get_object_by_id(obj_id) obj = self.table.get_object_by_id(obj_id)

View File

@ -31,6 +31,7 @@ class AddIKEPolicyLink(tables.LinkAction):
verbose_name = _("Add IKE Policy") verbose_name = _("Add IKE Policy")
url = "horizon:project:vpn:addikepolicy" url = "horizon:project:vpn:addikepolicy"
classes = ("ajax-modal", "btn-addikepolicy",) classes = ("ajax-modal", "btn-addikepolicy",)
policy_rules = (("network", "create_ikepolicy"),)
class AddIPSecPolicyLink(tables.LinkAction): class AddIPSecPolicyLink(tables.LinkAction):
@ -38,6 +39,7 @@ class AddIPSecPolicyLink(tables.LinkAction):
verbose_name = _("Add IPSec Policy") verbose_name = _("Add IPSec Policy")
url = "horizon:project:vpn:addipsecpolicy" url = "horizon:project:vpn:addipsecpolicy"
classes = ("ajax-modal", "btn-addipsecpolicy",) classes = ("ajax-modal", "btn-addipsecpolicy",)
policy_rules = (("network", "create_ipsecpolicy"),)
class AddVPNServiceLink(tables.LinkAction): class AddVPNServiceLink(tables.LinkAction):
@ -45,6 +47,7 @@ class AddVPNServiceLink(tables.LinkAction):
verbose_name = _("Add VPN Service") verbose_name = _("Add VPN Service")
url = "horizon:project:vpn:addvpnservice" url = "horizon:project:vpn:addvpnservice"
classes = ("ajax-modal", "btn-addvpnservice",) classes = ("ajax-modal", "btn-addvpnservice",)
policy_rules = (("network", "create_vpnservice"),)
class AddIPSecSiteConnectionLink(tables.LinkAction): class AddIPSecSiteConnectionLink(tables.LinkAction):
@ -52,6 +55,7 @@ class AddIPSecSiteConnectionLink(tables.LinkAction):
verbose_name = _("Add IPSec Site Connection") verbose_name = _("Add IPSec Site Connection")
url = "horizon:project:vpn:addipsecsiteconnection" url = "horizon:project:vpn:addipsecsiteconnection"
classes = ("ajax-modal", "btn-addipsecsiteconnection",) classes = ("ajax-modal", "btn-addipsecsiteconnection",)
policy_rules = (("network", "create_ipsec_site_connection"),)
class DeleteVPNServiceLink(tables.DeleteAction): class DeleteVPNServiceLink(tables.DeleteAction):
@ -60,6 +64,7 @@ class DeleteVPNServiceLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s") action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("VPN Service") data_type_singular = _("VPN Service")
data_type_plural = _("VPN Services") data_type_plural = _("VPN Services")
policy_rules = (("network", "delete_vpnservice"),)
def allowed(self, request, datum=None): def allowed(self, request, datum=None):
if datum and datum.ipsecsiteconns: if datum and datum.ipsecsiteconns:
@ -73,6 +78,7 @@ class DeleteIKEPolicyLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s") action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("IKE Policy") data_type_singular = _("IKE Policy")
data_type_plural = _("IKE Policies") data_type_plural = _("IKE Policies")
policy_rules = (("network", "delete_ikepolicy"),)
def allowed(self, request, datum=None): def allowed(self, request, datum=None):
if datum and datum.ipsecsiteconns: if datum and datum.ipsecsiteconns:
@ -86,6 +92,7 @@ class DeleteIPSecPolicyLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s") action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("IPSec Policy") data_type_singular = _("IPSec Policy")
data_type_plural = _("IPSec Policies") data_type_plural = _("IPSec Policies")
policy_rules = (("network", "delete_ipsecpolicy"),)
def allowed(self, request, datum=None): def allowed(self, request, datum=None):
if datum and datum.ipsecsiteconns: if datum and datum.ipsecsiteconns:
@ -99,12 +106,14 @@ class DeleteIPSecSiteConnectionLink(tables.DeleteAction):
action_past = _("Scheduled deletion of %(data_type)s") action_past = _("Scheduled deletion of %(data_type)s")
data_type_singular = _("IPSec Site Connection") data_type_singular = _("IPSec Site Connection")
data_type_plural = _("IPSec Site Connections") data_type_plural = _("IPSec Site Connections")
policy_rules = (("network", "delete_ipsec_site_connection"),)
class UpdateVPNServiceLink(tables.LinkAction): class UpdateVPNServiceLink(tables.LinkAction):
name = "update_vpnservice" name = "update_vpnservice"
verbose_name = _("Edit VPN Service") verbose_name = _("Edit VPN Service")
classes = ("ajax-modal", "btn-update",) classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_vpnservice"),)
def get_link_url(self, vpnservice): def get_link_url(self, vpnservice):
return reverse("horizon:project:vpn:update_vpnservice", return reverse("horizon:project:vpn:update_vpnservice",
@ -120,6 +129,7 @@ class UpdateIKEPolicyLink(tables.LinkAction):
name = "updateikepolicy" name = "updateikepolicy"
verbose_name = _("Edit IKE Policy") verbose_name = _("Edit IKE Policy")
classes = ("ajax-modal", "btn-update",) classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_ikepolicy"),)
def get_link_url(self, ikepolicy): def get_link_url(self, ikepolicy):
return reverse("horizon:project:vpn:update_ikepolicy", return reverse("horizon:project:vpn:update_ikepolicy",
@ -133,6 +143,7 @@ class UpdateIPSecPolicyLink(tables.LinkAction):
name = "updateipsecpolicy" name = "updateipsecpolicy"
verbose_name = _("Edit IPSec Policy") verbose_name = _("Edit IPSec Policy")
classes = ("ajax-modal", "btn-update",) classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_ipsecpolicy"),)
def get_link_url(self, ipsecpolicy): def get_link_url(self, ipsecpolicy):
return reverse("horizon:project:vpn:update_ipsecpolicy", return reverse("horizon:project:vpn:update_ipsecpolicy",
@ -146,6 +157,7 @@ class UpdateIPSecSiteConnectionLink(tables.LinkAction):
name = "updateipsecsiteconnection" name = "updateipsecsiteconnection"
verbose_name = _("Edit Connection") verbose_name = _("Edit Connection")
classes = ("ajax-modal", "btn-update",) classes = ("ajax-modal", "btn-update",)
policy_rules = (("network", "update_ipsec_site_connection"),)
def get_link_url(self, ipsecsiteconnection): def get_link_url(self, ipsecsiteconnection):
return reverse("horizon:project:vpn:update_ipsecsiteconnection", return reverse("horizon:project:vpn:update_ipsecsiteconnection",

View File

@ -257,6 +257,7 @@ TIME_ZONE = "UTC"
# 'volume': 'cinder_policy.json', # 'volume': 'cinder_policy.json',
# 'image': 'glance_policy.json', # 'image': 'glance_policy.json',
# 'orchestration': 'heat_policy.json', # 'orchestration': 'heat_policy.json',
# 'network': 'neutron_policy.json',
#} #}
# Trove user and database extension support. By default support for # Trove user and database extension support. By default support for

View File

@ -209,6 +209,7 @@ POLICY_FILES = {
'volume': 'cinder_policy.json', 'volume': 'cinder_policy.json',
'image': 'glance_policy.json', 'image': 'glance_policy.json',
'orchestration': 'heat_policy.json', 'orchestration': 'heat_policy.json',
'network': 'neutron_policy.json',
} }
SECRET_KEY = None SECRET_KEY = None