Merge "adding policy check for neutron"
This commit is contained in:
commit
bf4950ccc0
172
openstack_dashboard/conf/neutron_policy.json
Normal file
172
openstack_dashboard/conf/neutron_policy.json
Normal file
@ -0,0 +1,172 @@
|
|||||||
|
{
|
||||||
|
"context_is_admin": "role:admin",
|
||||||
|
"admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s",
|
||||||
|
"admin_or_network_owner": "rule:context_is_admin or project_id:%(network:project_id)s",
|
||||||
|
"admin_only": "rule:context_is_admin",
|
||||||
|
"regular_user": "",
|
||||||
|
"shared": "field:networks:shared=True",
|
||||||
|
"shared_firewalls": "field:firewalls:shared=True",
|
||||||
|
"external": "field:networks:router:external=True",
|
||||||
|
"default": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"subnets:private:read": "rule:admin_or_owner",
|
||||||
|
"subnets:private:write": "rule:admin_or_owner",
|
||||||
|
"subnets:shared:read": "rule:regular_user",
|
||||||
|
"subnets:shared:write": "rule:admin_only",
|
||||||
|
|
||||||
|
"create_subnet": "rule:admin_or_network_owner",
|
||||||
|
"get_subnet": "rule:admin_or_owner or rule:shared",
|
||||||
|
"update_subnet": "rule:admin_or_network_owner",
|
||||||
|
"delete_subnet": "rule:admin_or_network_owner",
|
||||||
|
|
||||||
|
"create_network": "",
|
||||||
|
"get_network": "rule:admin_or_owner or rule:shared or rule:external",
|
||||||
|
"get_network:router:external": "rule:regular_user",
|
||||||
|
"get_network:segments": "rule:admin_only",
|
||||||
|
"get_network:provider:network_type": "rule:admin_only",
|
||||||
|
"get_network:provider:physical_network": "rule:admin_only",
|
||||||
|
"get_network:provider:segmentation_id": "rule:admin_only",
|
||||||
|
"get_network:queue_id": "rule:admin_only",
|
||||||
|
"create_network:shared": "rule:admin_only",
|
||||||
|
"create_network:router:external": "rule:admin_only",
|
||||||
|
"create_network:segments": "rule:admin_only",
|
||||||
|
"create_network:provider:network_type": "rule:admin_only",
|
||||||
|
"create_network:provider:physical_network": "rule:admin_only",
|
||||||
|
"create_network:provider:segmentation_id": "rule:admin_only",
|
||||||
|
"update_network": "rule:admin_or_owner",
|
||||||
|
"update_network:segments": "rule:admin_only",
|
||||||
|
"update_network:provider:network_type": "rule:admin_only",
|
||||||
|
"update_network:provider:physical_network": "rule:admin_only",
|
||||||
|
"update_network:provider:segmentation_id": "rule:admin_only",
|
||||||
|
"delete_network": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_port": "",
|
||||||
|
"create_port:mac_address": "rule:admin_or_network_owner",
|
||||||
|
"create_port:fixed_ips": "rule:admin_or_network_owner",
|
||||||
|
"create_port:port_security_enabled": "rule:admin_or_network_owner",
|
||||||
|
"create_port:binding:host_id": "rule:admin_only",
|
||||||
|
"create_port:binding:profile": "rule:admin_only",
|
||||||
|
"create_port:mac_learning_enabled": "rule:admin_or_network_owner",
|
||||||
|
"get_port": "rule:admin_or_owner",
|
||||||
|
"get_port:queue_id": "rule:admin_only",
|
||||||
|
"get_port:binding:vif_type": "rule:admin_only",
|
||||||
|
"get_port:binding:capabilities": "rule:admin_only",
|
||||||
|
"get_port:binding:host_id": "rule:admin_only",
|
||||||
|
"get_port:binding:profile": "rule:admin_only",
|
||||||
|
"update_port": "rule:admin_or_owner",
|
||||||
|
"update_port:fixed_ips": "rule:admin_or_network_owner",
|
||||||
|
"update_port:port_security_enabled": "rule:admin_or_network_owner",
|
||||||
|
"update_port:binding:host_id": "rule:admin_only",
|
||||||
|
"update_port:binding:profile": "rule:admin_only",
|
||||||
|
"update_port:mac_learning_enabled": "rule:admin_or_network_owner",
|
||||||
|
"delete_port": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
|
||||||
|
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
|
||||||
|
|
||||||
|
"create_ikepolicy": "rule:admin_or_owner",
|
||||||
|
"update_ikepolicy": "rule:admin_or_owner",
|
||||||
|
"delete_ikepolicy": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_ipsecpolicy": "rule:admin_or_owner",
|
||||||
|
"update_ipsecpolicy": "rule:admin_or_owner",
|
||||||
|
"delete_ipsecpolicy": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_vpnservice": "rule:admin_or_owner",
|
||||||
|
"update_vpnservice": "rule:admin_or_owner",
|
||||||
|
"delete_vpnservice": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_ipsec_site_connection": "rule:admin_or_owner",
|
||||||
|
"update_ipsec_site_connection": "rule:admin_or_owner",
|
||||||
|
"delete_ipsec_site_connection": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_firewall": "",
|
||||||
|
"get_firewall": "rule:admin_or_owner",
|
||||||
|
"create_firewall:shared": "rule:admin_only",
|
||||||
|
"get_firewall:shared": "rule:admin_only",
|
||||||
|
"update_firewall": "rule:admin_or_owner",
|
||||||
|
"delete_firewall": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_firewall_policy": "",
|
||||||
|
"get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls",
|
||||||
|
"create_firewall_policy:shared": "rule:admin_or_owner",
|
||||||
|
"update_firewall_policy": "rule:admin_or_owner",
|
||||||
|
"delete_firewall_policy": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_firewall_rule": "",
|
||||||
|
"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
|
||||||
|
"create_firewall_rule:shared": "rule:admin_or_owner",
|
||||||
|
"get_firewall_rule:shared": "rule:admin_or_owner",
|
||||||
|
"update_firewall_rule": "rule:admin_or_owner",
|
||||||
|
"delete_firewall_rule": "rule:admin_or_owner",
|
||||||
|
"insert_rule": "rule:admin_or_owner",
|
||||||
|
"remove_rule": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_qos_queue": "rule:admin_only",
|
||||||
|
"get_qos_queue": "rule:admin_only",
|
||||||
|
|
||||||
|
"update_agent": "rule:admin_only",
|
||||||
|
"delete_agent": "rule:admin_only",
|
||||||
|
"get_agent": "rule:admin_only",
|
||||||
|
|
||||||
|
"create_dhcp-network": "rule:admin_only",
|
||||||
|
"delete_dhcp-network": "rule:admin_only",
|
||||||
|
"get_dhcp-networks": "rule:admin_only",
|
||||||
|
"create_l3-router": "rule:admin_only",
|
||||||
|
"delete_l3-router": "rule:admin_only",
|
||||||
|
"get_l3-routers": "rule:admin_only",
|
||||||
|
"get_dhcp-agents": "rule:admin_only",
|
||||||
|
"get_l3-agents": "rule:admin_only",
|
||||||
|
"get_loadbalancer-agent": "rule:admin_only",
|
||||||
|
"get_loadbalancer-pools": "rule:admin_only",
|
||||||
|
|
||||||
|
"create_pool": "rule:admin_or_owner",
|
||||||
|
"update_pool": "rule:admin_or_owner",
|
||||||
|
"delete_pool": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_vip": "rule:admin_or_owner",
|
||||||
|
"update_vip": "rule:admin_or_owner",
|
||||||
|
"delete_vip": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_member": "rule:admin_or_owner",
|
||||||
|
"update_member": "rule:admin_or_owner",
|
||||||
|
"delete_member": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_health_monitor": "rule:admin_or_owner",
|
||||||
|
"update_health_monitor": "rule:admin_or_owner",
|
||||||
|
"delete_health_monitor": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_pool_health_monitor": "rule:admin_or_owner",
|
||||||
|
"delete_pool_health_monitor": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_router": "rule:regular_user",
|
||||||
|
"get_router": "rule:admin_or_owner",
|
||||||
|
"update_router": "rule:admin_or_owner",
|
||||||
|
"add_router_interface": "rule:admin_or_owner",
|
||||||
|
"remove_router_interface": "rule:admin_or_owner",
|
||||||
|
"delete_router": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_floatingip": "rule:regular_user",
|
||||||
|
"update_floatingip": "rule:admin_or_owner",
|
||||||
|
"delete_floatingip": "rule:admin_or_owner",
|
||||||
|
"get_floatingip": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_network_profile": "rule:admin_only",
|
||||||
|
"update_network_profile": "rule:admin_only",
|
||||||
|
"delete_network_profile": "rule:admin_only",
|
||||||
|
"get_network_profiles": "",
|
||||||
|
"get_network_profile": "",
|
||||||
|
"update_policy_profiles": "rule:admin_only",
|
||||||
|
"get_policy_profiles": "",
|
||||||
|
"get_policy_profile": "",
|
||||||
|
|
||||||
|
"create_metering_label": "rule:admin_only",
|
||||||
|
"delete_metering_label": "rule:admin_only",
|
||||||
|
"get_metering_label": "rule:admin_only",
|
||||||
|
|
||||||
|
"create_metering_label_rule": "rule:admin_only",
|
||||||
|
"delete_metering_label_rule": "rule:admin_only",
|
||||||
|
"get_metering_label_rule": "rule:admin_only",
|
||||||
|
|
||||||
|
"get_service_provider": "rule:regular_user"
|
||||||
|
}
|
@ -31,6 +31,13 @@ LOG = logging.getLogger(__name__)
|
|||||||
class DeletePort(tables.DeleteAction):
|
class DeletePort(tables.DeleteAction):
|
||||||
data_type_singular = _("Port")
|
data_type_singular = _("Port")
|
||||||
data_type_plural = _("Ports")
|
data_type_plural = _("Ports")
|
||||||
|
policy_rules = (("network", "delete_port"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def delete(self, request, obj_id):
|
def delete(self, request, obj_id):
|
||||||
try:
|
try:
|
||||||
@ -49,6 +56,7 @@ class CreatePort(tables.LinkAction):
|
|||||||
verbose_name = _("Create Port")
|
verbose_name = _("Create Port")
|
||||||
url = "horizon:admin:networks:addport"
|
url = "horizon:admin:networks:addport"
|
||||||
classes = ("ajax-modal", "btn-create")
|
classes = ("ajax-modal", "btn-create")
|
||||||
|
policy_rules = (("network", "create_port"),)
|
||||||
|
|
||||||
def get_link_url(self, datum=None):
|
def get_link_url(self, datum=None):
|
||||||
network_id = self.table.kwargs['network_id']
|
network_id = self.table.kwargs['network_id']
|
||||||
@ -60,6 +68,13 @@ class UpdatePort(tables.LinkAction):
|
|||||||
verbose_name = _("Edit Port")
|
verbose_name = _("Edit Port")
|
||||||
url = "horizon:admin:networks:editport"
|
url = "horizon:admin:networks:editport"
|
||||||
classes = ("ajax-modal", "btn-edit")
|
classes = ("ajax-modal", "btn-edit")
|
||||||
|
policy_rules = (("network", "update_port"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, port):
|
def get_link_url(self, port):
|
||||||
network_id = self.table.kwargs['network_id']
|
network_id = self.table.kwargs['network_id']
|
||||||
|
@ -19,6 +19,7 @@ from django.utils.translation import ugettext_lazy as _
|
|||||||
|
|
||||||
from horizon import exceptions
|
from horizon import exceptions
|
||||||
from horizon import tables
|
from horizon import tables
|
||||||
|
from horizon.utils import memoized
|
||||||
|
|
||||||
from openstack_dashboard import api
|
from openstack_dashboard import api
|
||||||
|
|
||||||
@ -29,6 +30,13 @@ LOG = logging.getLogger(__name__)
|
|||||||
class DeleteSubnet(tables.DeleteAction):
|
class DeleteSubnet(tables.DeleteAction):
|
||||||
data_type_singular = _("Subnet")
|
data_type_singular = _("Subnet")
|
||||||
data_type_plural = _("Subnets")
|
data_type_plural = _("Subnets")
|
||||||
|
policy_rules = (("network", "delete_subnet"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"network:project_id": project_id}
|
||||||
|
|
||||||
def delete(self, request, obj_id):
|
def delete(self, request, obj_id):
|
||||||
try:
|
try:
|
||||||
@ -47,6 +55,14 @@ class CreateSubnet(tables.LinkAction):
|
|||||||
verbose_name = _("Create Subnet")
|
verbose_name = _("Create Subnet")
|
||||||
url = "horizon:admin:networks:addsubnet"
|
url = "horizon:admin:networks:addsubnet"
|
||||||
classes = ("ajax-modal", "btn-create")
|
classes = ("ajax-modal", "btn-create")
|
||||||
|
policy_rules = (("network", "create_subnet"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
network = self.table._get_network()
|
||||||
|
if network:
|
||||||
|
project_id = getattr(network, 'tenant_id', None)
|
||||||
|
return {"network:project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, datum=None):
|
def get_link_url(self, datum=None):
|
||||||
network_id = self.table.kwargs['network_id']
|
network_id = self.table.kwargs['network_id']
|
||||||
@ -58,6 +74,13 @@ class UpdateSubnet(tables.LinkAction):
|
|||||||
verbose_name = _("Edit Subnet")
|
verbose_name = _("Edit Subnet")
|
||||||
url = "horizon:admin:networks:editsubnet"
|
url = "horizon:admin:networks:editsubnet"
|
||||||
classes = ("ajax-modal", "btn-edit")
|
classes = ("ajax-modal", "btn-edit")
|
||||||
|
policy_rules = (("network", "update_subnet"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"network:project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, subnet):
|
def get_link_url(self, subnet):
|
||||||
network_id = self.table.kwargs['network_id']
|
network_id = self.table.kwargs['network_id']
|
||||||
@ -74,6 +97,18 @@ class SubnetsTable(tables.DataTable):
|
|||||||
def get_object_display(self, subnet):
|
def get_object_display(self, subnet):
|
||||||
return subnet.id
|
return subnet.id
|
||||||
|
|
||||||
|
@memoized.memoized_method
|
||||||
|
def _get_network(self):
|
||||||
|
try:
|
||||||
|
network_id = self.kwargs['network_id']
|
||||||
|
network = api.neutron.network_get(self.request, network_id)
|
||||||
|
network.set_id_as_name_if_empty(length=0)
|
||||||
|
except Exception:
|
||||||
|
msg = _('Unable to retrieve details for network "%s".') \
|
||||||
|
% (network_id)
|
||||||
|
exceptions.handle(self.request, msg, redirect=self.failure_url)
|
||||||
|
return network
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
name = "subnets"
|
name = "subnets"
|
||||||
verbose_name = _("Subnets")
|
verbose_name = _("Subnets")
|
||||||
|
@ -32,6 +32,13 @@ LOG = logging.getLogger(__name__)
|
|||||||
class DeleteNetwork(tables.DeleteAction):
|
class DeleteNetwork(tables.DeleteAction):
|
||||||
data_type_singular = _("Network")
|
data_type_singular = _("Network")
|
||||||
data_type_plural = _("Networks")
|
data_type_plural = _("Networks")
|
||||||
|
policy_rules = (("network", "delete_network"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def delete(self, request, obj_id):
|
def delete(self, request, obj_id):
|
||||||
try:
|
try:
|
||||||
@ -48,6 +55,7 @@ class CreateNetwork(tables.LinkAction):
|
|||||||
verbose_name = _("Create Network")
|
verbose_name = _("Create Network")
|
||||||
url = "horizon:admin:networks:create"
|
url = "horizon:admin:networks:create"
|
||||||
classes = ("ajax-modal", "btn-create")
|
classes = ("ajax-modal", "btn-create")
|
||||||
|
policy_rules = (("network", "create_network"),)
|
||||||
|
|
||||||
|
|
||||||
class EditNetwork(tables.LinkAction):
|
class EditNetwork(tables.LinkAction):
|
||||||
@ -55,6 +63,13 @@ class EditNetwork(tables.LinkAction):
|
|||||||
verbose_name = _("Edit Network")
|
verbose_name = _("Edit Network")
|
||||||
url = "horizon:admin:networks:update"
|
url = "horizon:admin:networks:update"
|
||||||
classes = ("ajax-modal", "btn-edit")
|
classes = ("ajax-modal", "btn-edit")
|
||||||
|
policy_rules = (("network", "update_network"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
|
|
||||||
#def _get_subnets(network):
|
#def _get_subnets(network):
|
||||||
|
@ -22,6 +22,13 @@ from openstack_dashboard.dashboards.project.routers import tables as r_tables
|
|||||||
|
|
||||||
class DeleteRouter(r_tables.DeleteRouter):
|
class DeleteRouter(r_tables.DeleteRouter):
|
||||||
redirect_url = "horizon:admin:routers:index"
|
redirect_url = "horizon:admin:routers:index"
|
||||||
|
policy_rules = (("network", "delete_router"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def delete(self, request, obj_id):
|
def delete(self, request, obj_id):
|
||||||
search_opts = {'device_owner': 'network:router_interface',
|
search_opts = {'device_owner': 'network:router_interface',
|
||||||
|
@ -26,6 +26,7 @@ class AddRuleLink(tables.LinkAction):
|
|||||||
verbose_name = _("Add Rule")
|
verbose_name = _("Add Rule")
|
||||||
url = "horizon:project:firewalls:addrule"
|
url = "horizon:project:firewalls:addrule"
|
||||||
classes = ("ajax-modal", "btn-create",)
|
classes = ("ajax-modal", "btn-create",)
|
||||||
|
policy_rules = (("network", "create_firewall_rule"),)
|
||||||
|
|
||||||
|
|
||||||
class AddPolicyLink(tables.LinkAction):
|
class AddPolicyLink(tables.LinkAction):
|
||||||
@ -33,6 +34,7 @@ class AddPolicyLink(tables.LinkAction):
|
|||||||
verbose_name = _("Add Policy")
|
verbose_name = _("Add Policy")
|
||||||
url = "horizon:project:firewalls:addpolicy"
|
url = "horizon:project:firewalls:addpolicy"
|
||||||
classes = ("ajax-modal", "btn-addpolicy",)
|
classes = ("ajax-modal", "btn-addpolicy",)
|
||||||
|
policy_rules = (("network", "create_firewall_policy"),)
|
||||||
|
|
||||||
|
|
||||||
class AddFirewallLink(tables.LinkAction):
|
class AddFirewallLink(tables.LinkAction):
|
||||||
@ -40,6 +42,7 @@ class AddFirewallLink(tables.LinkAction):
|
|||||||
verbose_name = _("Create Firewall")
|
verbose_name = _("Create Firewall")
|
||||||
url = "horizon:project:firewalls:addfirewall"
|
url = "horizon:project:firewalls:addfirewall"
|
||||||
classes = ("ajax-modal", "btn-addfirewall",)
|
classes = ("ajax-modal", "btn-addfirewall",)
|
||||||
|
policy_rules = (("network", "create_firewall"),)
|
||||||
|
|
||||||
|
|
||||||
class DeleteRuleLink(tables.DeleteAction):
|
class DeleteRuleLink(tables.DeleteAction):
|
||||||
@ -48,6 +51,13 @@ class DeleteRuleLink(tables.DeleteAction):
|
|||||||
action_past = _("Scheduled deletion of %(data_type)s")
|
action_past = _("Scheduled deletion of %(data_type)s")
|
||||||
data_type_singular = _("Rule")
|
data_type_singular = _("Rule")
|
||||||
data_type_plural = _("Rules")
|
data_type_plural = _("Rules")
|
||||||
|
policy_rules = (("network", "delete_firewall_rule"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
|
|
||||||
class DeletePolicyLink(tables.DeleteAction):
|
class DeletePolicyLink(tables.DeleteAction):
|
||||||
@ -56,6 +66,13 @@ class DeletePolicyLink(tables.DeleteAction):
|
|||||||
action_past = _("Scheduled deletion of %(data_type)s")
|
action_past = _("Scheduled deletion of %(data_type)s")
|
||||||
data_type_singular = _("Policy")
|
data_type_singular = _("Policy")
|
||||||
data_type_plural = _("Policies")
|
data_type_plural = _("Policies")
|
||||||
|
policy_rules = (("network", "delete_firewall_policy"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
|
|
||||||
class DeleteFirewallLink(tables.DeleteAction):
|
class DeleteFirewallLink(tables.DeleteAction):
|
||||||
@ -64,12 +81,26 @@ class DeleteFirewallLink(tables.DeleteAction):
|
|||||||
action_past = _("Scheduled deletion of %(data_type)s")
|
action_past = _("Scheduled deletion of %(data_type)s")
|
||||||
data_type_singular = _("Firewall")
|
data_type_singular = _("Firewall")
|
||||||
data_type_plural = _("Firewalls")
|
data_type_plural = _("Firewalls")
|
||||||
|
policy_rules = (("network", "delete_firewall"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
|
|
||||||
class UpdateRuleLink(tables.LinkAction):
|
class UpdateRuleLink(tables.LinkAction):
|
||||||
name = "updaterule"
|
name = "updaterule"
|
||||||
verbose_name = _("Edit Rule")
|
verbose_name = _("Edit Rule")
|
||||||
classes = ("ajax-modal", "btn-update",)
|
classes = ("ajax-modal", "btn-update",)
|
||||||
|
policy_rules = (("network", "update_firewall_rule"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, rule):
|
def get_link_url(self, rule):
|
||||||
base_url = reverse("horizon:project:firewalls:updaterule",
|
base_url = reverse("horizon:project:firewalls:updaterule",
|
||||||
@ -81,6 +112,13 @@ class UpdatePolicyLink(tables.LinkAction):
|
|||||||
name = "updatepolicy"
|
name = "updatepolicy"
|
||||||
verbose_name = _("Edit Policy")
|
verbose_name = _("Edit Policy")
|
||||||
classes = ("ajax-modal", "btn-update",)
|
classes = ("ajax-modal", "btn-update",)
|
||||||
|
policy_rules = (("network", "update_firewall_policy"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, policy):
|
def get_link_url(self, policy):
|
||||||
base_url = reverse("horizon:project:firewalls:updatepolicy",
|
base_url = reverse("horizon:project:firewalls:updatepolicy",
|
||||||
@ -92,6 +130,13 @@ class UpdateFirewallLink(tables.LinkAction):
|
|||||||
name = "updatefirewall"
|
name = "updatefirewall"
|
||||||
verbose_name = _("Edit Firewall")
|
verbose_name = _("Edit Firewall")
|
||||||
classes = ("ajax-modal", "btn-update",)
|
classes = ("ajax-modal", "btn-update",)
|
||||||
|
policy_rules = (("network", "update_firewall"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, firewall):
|
def get_link_url(self, firewall):
|
||||||
base_url = reverse("horizon:project:firewalls:updatefirewall",
|
base_url = reverse("horizon:project:firewalls:updatefirewall",
|
||||||
@ -103,6 +148,14 @@ class InsertRuleToPolicyLink(tables.LinkAction):
|
|||||||
name = "insertrule"
|
name = "insertrule"
|
||||||
verbose_name = _("Insert Rule")
|
verbose_name = _("Insert Rule")
|
||||||
classes = ("ajax-modal", "btn-update",)
|
classes = ("ajax-modal", "btn-update",)
|
||||||
|
policy_rules = (("network", "get_firewall_policy"),
|
||||||
|
("network", "insert_rule"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, policy):
|
def get_link_url(self, policy):
|
||||||
base_url = reverse("horizon:project:firewalls:insertrule",
|
base_url = reverse("horizon:project:firewalls:insertrule",
|
||||||
@ -114,6 +167,14 @@ class RemoveRuleFromPolicyLink(tables.LinkAction):
|
|||||||
name = "removerule"
|
name = "removerule"
|
||||||
verbose_name = _("Remove Rule")
|
verbose_name = _("Remove Rule")
|
||||||
classes = ("ajax-modal", "btn-danger",)
|
classes = ("ajax-modal", "btn-danger",)
|
||||||
|
policy_rules = (("network", "get_firewall_policy"),
|
||||||
|
("network", "remove_rule"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, policy):
|
def get_link_url(self, policy):
|
||||||
base_url = reverse("horizon:project:firewalls:removerule",
|
base_url = reverse("horizon:project:firewalls:removerule",
|
||||||
|
@ -29,12 +29,14 @@ class AddPoolLink(tables.LinkAction):
|
|||||||
verbose_name = _("Add Pool")
|
verbose_name = _("Add Pool")
|
||||||
url = "horizon:project:loadbalancers:addpool"
|
url = "horizon:project:loadbalancers:addpool"
|
||||||
classes = ("ajax-modal", "btn-create",)
|
classes = ("ajax-modal", "btn-create",)
|
||||||
|
policy_rules = (("network", "create_pool"),)
|
||||||
|
|
||||||
|
|
||||||
class AddVipLink(tables.LinkAction):
|
class AddVipLink(tables.LinkAction):
|
||||||
name = "addvip"
|
name = "addvip"
|
||||||
verbose_name = _("Add VIP")
|
verbose_name = _("Add VIP")
|
||||||
classes = ("ajax-modal", "btn-create",)
|
classes = ("ajax-modal", "btn-create",)
|
||||||
|
policy_rules = (("network", "create_vip"),)
|
||||||
|
|
||||||
def get_link_url(self, pool):
|
def get_link_url(self, pool):
|
||||||
base_url = reverse("horizon:project:loadbalancers:addvip",
|
base_url = reverse("horizon:project:loadbalancers:addvip",
|
||||||
@ -52,6 +54,7 @@ class AddMemberLink(tables.LinkAction):
|
|||||||
verbose_name = _("Add Member")
|
verbose_name = _("Add Member")
|
||||||
url = "horizon:project:loadbalancers:addmember"
|
url = "horizon:project:loadbalancers:addmember"
|
||||||
classes = ("ajax-modal", "btn-create",)
|
classes = ("ajax-modal", "btn-create",)
|
||||||
|
policy_rules = (("network", "create_member"),)
|
||||||
|
|
||||||
|
|
||||||
class AddMonitorLink(tables.LinkAction):
|
class AddMonitorLink(tables.LinkAction):
|
||||||
@ -59,6 +62,7 @@ class AddMonitorLink(tables.LinkAction):
|
|||||||
verbose_name = _("Add Monitor")
|
verbose_name = _("Add Monitor")
|
||||||
url = "horizon:project:loadbalancers:addmonitor"
|
url = "horizon:project:loadbalancers:addmonitor"
|
||||||
classes = ("ajax-modal", "btn-create",)
|
classes = ("ajax-modal", "btn-create",)
|
||||||
|
policy_rules = (("network", "create_health_monitor"),)
|
||||||
|
|
||||||
|
|
||||||
class DeleteVipLink(tables.DeleteAction):
|
class DeleteVipLink(tables.DeleteAction):
|
||||||
@ -67,6 +71,7 @@ class DeleteVipLink(tables.DeleteAction):
|
|||||||
action_past = _("Scheduled deletion of %(data_type)s")
|
action_past = _("Scheduled deletion of %(data_type)s")
|
||||||
data_type_singular = _("VIP")
|
data_type_singular = _("VIP")
|
||||||
data_type_plural = _("VIPs")
|
data_type_plural = _("VIPs")
|
||||||
|
policy_rules = (("network", "delete_vip"),)
|
||||||
|
|
||||||
def allowed(self, request, datum=None):
|
def allowed(self, request, datum=None):
|
||||||
if datum and not datum.vip_id:
|
if datum and not datum.vip_id:
|
||||||
@ -80,6 +85,7 @@ class DeletePoolLink(tables.DeleteAction):
|
|||||||
action_past = _("Scheduled deletion of %(data_type)s")
|
action_past = _("Scheduled deletion of %(data_type)s")
|
||||||
data_type_singular = _("Pool")
|
data_type_singular = _("Pool")
|
||||||
data_type_plural = _("Pools")
|
data_type_plural = _("Pools")
|
||||||
|
policy_rules = (("network", "delete_pool"),)
|
||||||
|
|
||||||
def allowed(self, request, datum=None):
|
def allowed(self, request, datum=None):
|
||||||
if datum and datum.vip_id:
|
if datum and datum.vip_id:
|
||||||
@ -93,6 +99,7 @@ class DeleteMonitorLink(tables.DeleteAction):
|
|||||||
action_past = _("Scheduled deletion of %(data_type)s")
|
action_past = _("Scheduled deletion of %(data_type)s")
|
||||||
data_type_singular = _("Monitor")
|
data_type_singular = _("Monitor")
|
||||||
data_type_plural = _("Monitors")
|
data_type_plural = _("Monitors")
|
||||||
|
policy_rules = (("network", "delete_health_monitor"),)
|
||||||
|
|
||||||
|
|
||||||
class DeleteMemberLink(tables.DeleteAction):
|
class DeleteMemberLink(tables.DeleteAction):
|
||||||
@ -101,12 +108,14 @@ class DeleteMemberLink(tables.DeleteAction):
|
|||||||
action_past = _("Scheduled deletion of %(data_type)s")
|
action_past = _("Scheduled deletion of %(data_type)s")
|
||||||
data_type_singular = _("Member")
|
data_type_singular = _("Member")
|
||||||
data_type_plural = _("Members")
|
data_type_plural = _("Members")
|
||||||
|
policy_rules = (("network", "delete_member"),)
|
||||||
|
|
||||||
|
|
||||||
class UpdatePoolLink(tables.LinkAction):
|
class UpdatePoolLink(tables.LinkAction):
|
||||||
name = "updatepool"
|
name = "updatepool"
|
||||||
verbose_name = _("Edit Pool")
|
verbose_name = _("Edit Pool")
|
||||||
classes = ("ajax-modal", "btn-update",)
|
classes = ("ajax-modal", "btn-update",)
|
||||||
|
policy_rules = (("network", "update_pool"),)
|
||||||
|
|
||||||
def get_link_url(self, pool):
|
def get_link_url(self, pool):
|
||||||
base_url = reverse("horizon:project:loadbalancers:updatepool",
|
base_url = reverse("horizon:project:loadbalancers:updatepool",
|
||||||
@ -118,6 +127,7 @@ class UpdateVipLink(tables.LinkAction):
|
|||||||
name = "updatevip"
|
name = "updatevip"
|
||||||
verbose_name = _("Edit VIP")
|
verbose_name = _("Edit VIP")
|
||||||
classes = ("ajax-modal", "btn-update",)
|
classes = ("ajax-modal", "btn-update",)
|
||||||
|
policy_rules = (("network", "update_vip"),)
|
||||||
|
|
||||||
def get_link_url(self, pool):
|
def get_link_url(self, pool):
|
||||||
base_url = reverse("horizon:project:loadbalancers:updatevip",
|
base_url = reverse("horizon:project:loadbalancers:updatevip",
|
||||||
@ -134,6 +144,7 @@ class UpdateMemberLink(tables.LinkAction):
|
|||||||
name = "updatemember"
|
name = "updatemember"
|
||||||
verbose_name = _("Edit Member")
|
verbose_name = _("Edit Member")
|
||||||
classes = ("ajax-modal", "btn-update",)
|
classes = ("ajax-modal", "btn-update",)
|
||||||
|
policy_rules = (("network", "update_member"),)
|
||||||
|
|
||||||
def get_link_url(self, member):
|
def get_link_url(self, member):
|
||||||
base_url = reverse("horizon:project:loadbalancers:updatemember",
|
base_url = reverse("horizon:project:loadbalancers:updatemember",
|
||||||
@ -145,6 +156,7 @@ class UpdateMonitorLink(tables.LinkAction):
|
|||||||
name = "updatemonitor"
|
name = "updatemonitor"
|
||||||
verbose_name = _("Edit Monitor")
|
verbose_name = _("Edit Monitor")
|
||||||
classes = ("ajax-modal", "btn-update",)
|
classes = ("ajax-modal", "btn-update",)
|
||||||
|
policy_rules = (("network", "update_health_monitor"),)
|
||||||
|
|
||||||
def get_link_url(self, monitor):
|
def get_link_url(self, monitor):
|
||||||
base_url = reverse("horizon:project:loadbalancers:updatemonitor",
|
base_url = reverse("horizon:project:loadbalancers:updatemonitor",
|
||||||
@ -165,6 +177,7 @@ class AddPMAssociationLink(tables.LinkAction):
|
|||||||
verbose_name = _("Associate Monitor")
|
verbose_name = _("Associate Monitor")
|
||||||
url = "horizon:project:loadbalancers:addassociation"
|
url = "horizon:project:loadbalancers:addassociation"
|
||||||
classes = ("ajax-modal", "btn-create",)
|
classes = ("ajax-modal", "btn-create",)
|
||||||
|
policy_rules = (("network", "create_pool_health_monitor"),)
|
||||||
|
|
||||||
def allowed(self, request, datum=None):
|
def allowed(self, request, datum=None):
|
||||||
try:
|
try:
|
||||||
@ -185,6 +198,7 @@ class DeletePMAssociationLink(tables.LinkAction):
|
|||||||
verbose_name = _("Disassociate Monitor")
|
verbose_name = _("Disassociate Monitor")
|
||||||
url = "horizon:project:loadbalancers:deleteassociation"
|
url = "horizon:project:loadbalancers:deleteassociation"
|
||||||
classes = ("ajax-modal", "btn-delete", "btn-danger")
|
classes = ("ajax-modal", "btn-delete", "btn-danger")
|
||||||
|
policy_rules = (("network", "delete_pool_health_monitor"),)
|
||||||
|
|
||||||
def allowed(self, request, datum=None):
|
def allowed(self, request, datum=None):
|
||||||
if datum and not datum['health_monitors']:
|
if datum and not datum['health_monitors']:
|
||||||
|
@ -24,9 +24,15 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="launchButtons">
|
<div class="launchButtons">
|
||||||
|
{% if launch_instance_allowed %}
|
||||||
<a href="{% url 'horizon:project:network_topology:launchinstance' %}" id="instances__action_launch" class="btn btn-small btn-launch ajax-modal">{%trans "Launch Instance" %}</a>
|
<a href="{% url 'horizon:project:network_topology:launchinstance' %}" id="instances__action_launch" class="btn btn-small btn-launch ajax-modal">{%trans "Launch Instance" %}</a>
|
||||||
|
{% endif %}
|
||||||
|
{% if create_network_allowed %}
|
||||||
<a href="{% url 'horizon:project:network_topology:createnetwork' %}" id="networks__action_create" class="btn btn-small ajax-modal btn-create">{%trans "Create Network" %}</a>
|
<a href="{% url 'horizon:project:network_topology:createnetwork' %}" id="networks__action_create" class="btn btn-small ajax-modal btn-create">{%trans "Create Network" %}</a>
|
||||||
|
{% endif %}
|
||||||
|
{% if create_router_allowed %}
|
||||||
<a href="{% url 'horizon:project:network_topology:createrouter' %}" id="Routers__action_create" class="btn btn-small ajax-modal btn-create">{%trans "Create Router" %}</a>
|
<a href="{% url 'horizon:project:network_topology:createrouter' %}" id="Routers__action_create" class="btn btn-small ajax-modal btn-create">{%trans "Create Router" %}</a>
|
||||||
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -89,6 +89,26 @@ class RouterDetailView(r_views.DetailView):
|
|||||||
class NetworkTopologyView(TemplateView):
|
class NetworkTopologyView(TemplateView):
|
||||||
template_name = 'project/network_topology/index.html'
|
template_name = 'project/network_topology/index.html'
|
||||||
|
|
||||||
|
def _has_permission(self, policy):
|
||||||
|
has_permission = True
|
||||||
|
policy_check = getattr(settings, "POLICY_CHECK_FUNCTION", None)
|
||||||
|
|
||||||
|
if policy_check:
|
||||||
|
has_permission = policy_check(policy, self.request)
|
||||||
|
|
||||||
|
return has_permission
|
||||||
|
|
||||||
|
def get_context_data(self, **kwargs):
|
||||||
|
context = super(NetworkTopologyView, self).get_context_data(**kwargs)
|
||||||
|
|
||||||
|
context['launch_instance_allowed'] = self._has_permission(
|
||||||
|
(("compute", "compute:create"),))
|
||||||
|
context['create_network_allowed'] = self._has_permission(
|
||||||
|
(("network", "create_network"),))
|
||||||
|
context['create_router_allowed'] = self._has_permission(
|
||||||
|
(("network", "create_router"),))
|
||||||
|
return context
|
||||||
|
|
||||||
|
|
||||||
class JSONView(View):
|
class JSONView(View):
|
||||||
def add_resource_url(self, view, resources):
|
def add_resource_url(self, view, resources):
|
||||||
|
@ -39,6 +39,13 @@ class UpdatePort(tables.LinkAction):
|
|||||||
verbose_name = _("Edit Port")
|
verbose_name = _("Edit Port")
|
||||||
url = "horizon:project:networks:editport"
|
url = "horizon:project:networks:editport"
|
||||||
classes = ("ajax-modal", "btn-edit")
|
classes = ("ajax-modal", "btn-edit")
|
||||||
|
policy_rules = (("network", "update_port"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, port):
|
def get_link_url(self, port):
|
||||||
network_id = self.table.kwargs['network_id']
|
network_id = self.table.kwargs['network_id']
|
||||||
|
@ -43,6 +43,13 @@ class CheckNetworkEditable(object):
|
|||||||
class DeleteSubnet(CheckNetworkEditable, tables.DeleteAction):
|
class DeleteSubnet(CheckNetworkEditable, tables.DeleteAction):
|
||||||
data_type_singular = _("Subnet")
|
data_type_singular = _("Subnet")
|
||||||
data_type_plural = _("Subnets")
|
data_type_plural = _("Subnets")
|
||||||
|
policy_rules = (("network", "delete_subnet"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"network:project_id": project_id}
|
||||||
|
|
||||||
def delete(self, request, obj_id):
|
def delete(self, request, obj_id):
|
||||||
try:
|
try:
|
||||||
@ -61,6 +68,14 @@ class CreateSubnet(CheckNetworkEditable, tables.LinkAction):
|
|||||||
verbose_name = _("Create Subnet")
|
verbose_name = _("Create Subnet")
|
||||||
url = "horizon:project:networks:addsubnet"
|
url = "horizon:project:networks:addsubnet"
|
||||||
classes = ("ajax-modal", "btn-create")
|
classes = ("ajax-modal", "btn-create")
|
||||||
|
policy_rules = (("network", "create_subnet"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
network = self.table._get_network()
|
||||||
|
if network:
|
||||||
|
project_id = getattr(network, 'tenant_id', None)
|
||||||
|
return {"network:project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, datum=None):
|
def get_link_url(self, datum=None):
|
||||||
network_id = self.table.kwargs['network_id']
|
network_id = self.table.kwargs['network_id']
|
||||||
@ -72,6 +87,13 @@ class UpdateSubnet(CheckNetworkEditable, tables.LinkAction):
|
|||||||
verbose_name = _("Edit Subnet")
|
verbose_name = _("Edit Subnet")
|
||||||
url = "horizon:project:networks:editsubnet"
|
url = "horizon:project:networks:editsubnet"
|
||||||
classes = ("ajax-modal", "btn-edit")
|
classes = ("ajax-modal", "btn-edit")
|
||||||
|
policy_rules = (("network", "update_subnet"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"network:project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, subnet):
|
def get_link_url(self, subnet):
|
||||||
network_id = self.table.kwargs['network_id']
|
network_id = self.table.kwargs['network_id']
|
||||||
|
@ -40,6 +40,13 @@ class CheckNetworkEditable(object):
|
|||||||
class DeleteNetwork(CheckNetworkEditable, tables.DeleteAction):
|
class DeleteNetwork(CheckNetworkEditable, tables.DeleteAction):
|
||||||
data_type_singular = _("Network")
|
data_type_singular = _("Network")
|
||||||
data_type_plural = _("Networks")
|
data_type_plural = _("Networks")
|
||||||
|
policy_rules = (("network", "delete_network"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def delete(self, request, network_id):
|
def delete(self, request, network_id):
|
||||||
try:
|
try:
|
||||||
@ -65,6 +72,7 @@ class CreateNetwork(tables.LinkAction):
|
|||||||
verbose_name = _("Create Network")
|
verbose_name = _("Create Network")
|
||||||
url = "horizon:project:networks:create"
|
url = "horizon:project:networks:create"
|
||||||
classes = ("ajax-modal", "btn-create")
|
classes = ("ajax-modal", "btn-create")
|
||||||
|
policy_rules = (("network", "create_network"),)
|
||||||
|
|
||||||
|
|
||||||
class EditNetwork(CheckNetworkEditable, tables.LinkAction):
|
class EditNetwork(CheckNetworkEditable, tables.LinkAction):
|
||||||
@ -72,6 +80,13 @@ class EditNetwork(CheckNetworkEditable, tables.LinkAction):
|
|||||||
verbose_name = _("Edit Network")
|
verbose_name = _("Edit Network")
|
||||||
url = "horizon:project:networks:update"
|
url = "horizon:project:networks:update"
|
||||||
classes = ("ajax-modal", "btn-edit")
|
classes = ("ajax-modal", "btn-edit")
|
||||||
|
policy_rules = (("network", "update_network"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
|
|
||||||
class CreateSubnet(CheckNetworkEditable, tables.LinkAction):
|
class CreateSubnet(CheckNetworkEditable, tables.LinkAction):
|
||||||
@ -79,6 +94,13 @@ class CreateSubnet(CheckNetworkEditable, tables.LinkAction):
|
|||||||
verbose_name = _("Add Subnet")
|
verbose_name = _("Add Subnet")
|
||||||
url = "horizon:project:networks:addsubnet"
|
url = "horizon:project:networks:addsubnet"
|
||||||
classes = ("ajax-modal", "btn-create")
|
classes = ("ajax-modal", "btn-create")
|
||||||
|
policy_rules = (("network", "create_subnet"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"network:project_id": project_id}
|
||||||
|
|
||||||
|
|
||||||
def get_subnets(network):
|
def get_subnets(network):
|
||||||
|
@ -30,6 +30,13 @@ class AddRouterRule(tables.LinkAction):
|
|||||||
verbose_name = _("Add Router Rule")
|
verbose_name = _("Add Router Rule")
|
||||||
url = "horizon:project:routers:addrouterrule"
|
url = "horizon:project:routers:addrouterrule"
|
||||||
classes = ("ajax-modal", "btn-create")
|
classes = ("ajax-modal", "btn-create")
|
||||||
|
policy_rules = (("network", "update_router"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, datum=None):
|
def get_link_url(self, datum=None):
|
||||||
router_id = self.table.kwargs['router_id']
|
router_id = self.table.kwargs['router_id']
|
||||||
@ -40,6 +47,13 @@ class RemoveRouterRule(tables.DeleteAction):
|
|||||||
data_type_singular = _("Router Rule")
|
data_type_singular = _("Router Rule")
|
||||||
data_type_plural = _("Router Rules")
|
data_type_plural = _("Router Rules")
|
||||||
failure_url = 'horizon:project:routers:detail'
|
failure_url = 'horizon:project:routers:detail'
|
||||||
|
policy_rules = (("network", "update_router"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def delete(self, request, obj_id):
|
def delete(self, request, obj_id):
|
||||||
router_id = self.table.kwargs['router_id']
|
router_id = self.table.kwargs['router_id']
|
||||||
|
@ -40,6 +40,13 @@ class AddInterface(tables.LinkAction):
|
|||||||
verbose_name = _("Add Interface")
|
verbose_name = _("Add Interface")
|
||||||
url = "horizon:project:routers:addinterface"
|
url = "horizon:project:routers:addinterface"
|
||||||
classes = ("ajax-modal", "btn-create")
|
classes = ("ajax-modal", "btn-create")
|
||||||
|
policy_rules = (("network", "add_router_interface"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def get_link_url(self, datum=None):
|
def get_link_url(self, datum=None):
|
||||||
router_id = self.table.kwargs['router_id']
|
router_id = self.table.kwargs['router_id']
|
||||||
@ -50,6 +57,13 @@ class RemoveInterface(tables.DeleteAction):
|
|||||||
data_type_singular = _("Interface")
|
data_type_singular = _("Interface")
|
||||||
data_type_plural = _("Interfaces")
|
data_type_plural = _("Interfaces")
|
||||||
failure_url = 'horizon:project:routers:detail'
|
failure_url = 'horizon:project:routers:detail'
|
||||||
|
policy_rules = (("network", "remove_router_interface"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def delete(self, request, obj_id):
|
def delete(self, request, obj_id):
|
||||||
try:
|
try:
|
||||||
|
@ -31,6 +31,13 @@ class DeleteRouter(tables.DeleteAction):
|
|||||||
data_type_singular = _("Router")
|
data_type_singular = _("Router")
|
||||||
data_type_plural = _("Routers")
|
data_type_plural = _("Routers")
|
||||||
redirect_url = "horizon:project:routers:index"
|
redirect_url = "horizon:project:routers:index"
|
||||||
|
policy_rules = (("network", "delete_router"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def delete(self, request, obj_id):
|
def delete(self, request, obj_id):
|
||||||
obj = self.table.get_object_by_id(obj_id)
|
obj = self.table.get_object_by_id(obj_id)
|
||||||
@ -57,6 +64,7 @@ class CreateRouter(tables.LinkAction):
|
|||||||
verbose_name = _("Create Router")
|
verbose_name = _("Create Router")
|
||||||
url = "horizon:project:routers:create"
|
url = "horizon:project:routers:create"
|
||||||
classes = ("ajax-modal", "btn-create")
|
classes = ("ajax-modal", "btn-create")
|
||||||
|
policy_rules = (("network", "create_router"),)
|
||||||
|
|
||||||
|
|
||||||
class SetGateway(tables.LinkAction):
|
class SetGateway(tables.LinkAction):
|
||||||
@ -64,6 +72,13 @@ class SetGateway(tables.LinkAction):
|
|||||||
verbose_name = _("Set Gateway")
|
verbose_name = _("Set Gateway")
|
||||||
url = "horizon:project:routers:setgateway"
|
url = "horizon:project:routers:setgateway"
|
||||||
classes = ("ajax-modal", "btn-camera")
|
classes = ("ajax-modal", "btn-camera")
|
||||||
|
policy_rules = (("network", "update_router"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def allowed(self, request, datum=None):
|
def allowed(self, request, datum=None):
|
||||||
if datum.external_gateway_info:
|
if datum.external_gateway_info:
|
||||||
@ -79,6 +94,13 @@ class ClearGateway(tables.BatchAction):
|
|||||||
data_type_plural = _("Gateways")
|
data_type_plural = _("Gateways")
|
||||||
classes = ('btn-danger', 'btn-cleargateway')
|
classes = ('btn-danger', 'btn-cleargateway')
|
||||||
redirect_url = "horizon:project:routers:index"
|
redirect_url = "horizon:project:routers:index"
|
||||||
|
policy_rules = (("network", "update_router"),)
|
||||||
|
|
||||||
|
def get_policy_target(self, request, datum=None):
|
||||||
|
project_id = None
|
||||||
|
if datum:
|
||||||
|
project_id = getattr(datum, 'tenant_id', None)
|
||||||
|
return {"project_id": project_id}
|
||||||
|
|
||||||
def action(self, request, obj_id):
|
def action(self, request, obj_id):
|
||||||
obj = self.table.get_object_by_id(obj_id)
|
obj = self.table.get_object_by_id(obj_id)
|
||||||
|
@ -31,6 +31,7 @@ class AddIKEPolicyLink(tables.LinkAction):
|
|||||||
verbose_name = _("Add IKE Policy")
|
verbose_name = _("Add IKE Policy")
|
||||||
url = "horizon:project:vpn:addikepolicy"
|
url = "horizon:project:vpn:addikepolicy"
|
||||||
classes = ("ajax-modal", "btn-addikepolicy",)
|
classes = ("ajax-modal", "btn-addikepolicy",)
|
||||||
|
policy_rules = (("network", "create_ikepolicy"),)
|
||||||
|
|
||||||
|
|
||||||
class AddIPSecPolicyLink(tables.LinkAction):
|
class AddIPSecPolicyLink(tables.LinkAction):
|
||||||
@ -38,6 +39,7 @@ class AddIPSecPolicyLink(tables.LinkAction):
|
|||||||
verbose_name = _("Add IPSec Policy")
|
verbose_name = _("Add IPSec Policy")
|
||||||
url = "horizon:project:vpn:addipsecpolicy"
|
url = "horizon:project:vpn:addipsecpolicy"
|
||||||
classes = ("ajax-modal", "btn-addipsecpolicy",)
|
classes = ("ajax-modal", "btn-addipsecpolicy",)
|
||||||
|
policy_rules = (("network", "create_ipsecpolicy"),)
|
||||||
|
|
||||||
|
|
||||||
class AddVPNServiceLink(tables.LinkAction):
|
class AddVPNServiceLink(tables.LinkAction):
|
||||||
@ -45,6 +47,7 @@ class AddVPNServiceLink(tables.LinkAction):
|
|||||||
verbose_name = _("Add VPN Service")
|
verbose_name = _("Add VPN Service")
|
||||||
url = "horizon:project:vpn:addvpnservice"
|
url = "horizon:project:vpn:addvpnservice"
|
||||||
classes = ("ajax-modal", "btn-addvpnservice",)
|
classes = ("ajax-modal", "btn-addvpnservice",)
|
||||||
|
policy_rules = (("network", "create_vpnservice"),)
|
||||||
|
|
||||||
|
|
||||||
class AddIPSecSiteConnectionLink(tables.LinkAction):
|
class AddIPSecSiteConnectionLink(tables.LinkAction):
|
||||||
@ -52,6 +55,7 @@ class AddIPSecSiteConnectionLink(tables.LinkAction):
|
|||||||
verbose_name = _("Add IPSec Site Connection")
|
verbose_name = _("Add IPSec Site Connection")
|
||||||
url = "horizon:project:vpn:addipsecsiteconnection"
|
url = "horizon:project:vpn:addipsecsiteconnection"
|
||||||
classes = ("ajax-modal", "btn-addipsecsiteconnection",)
|
classes = ("ajax-modal", "btn-addipsecsiteconnection",)
|
||||||
|
policy_rules = (("network", "create_ipsec_site_connection"),)
|
||||||
|
|
||||||
|
|
||||||
class DeleteVPNServiceLink(tables.DeleteAction):
|
class DeleteVPNServiceLink(tables.DeleteAction):
|
||||||
@ -60,6 +64,7 @@ class DeleteVPNServiceLink(tables.DeleteAction):
|
|||||||
action_past = _("Scheduled deletion of %(data_type)s")
|
action_past = _("Scheduled deletion of %(data_type)s")
|
||||||
data_type_singular = _("VPN Service")
|
data_type_singular = _("VPN Service")
|
||||||
data_type_plural = _("VPN Services")
|
data_type_plural = _("VPN Services")
|
||||||
|
policy_rules = (("network", "delete_vpnservice"),)
|
||||||
|
|
||||||
def allowed(self, request, datum=None):
|
def allowed(self, request, datum=None):
|
||||||
if datum and datum.ipsecsiteconns:
|
if datum and datum.ipsecsiteconns:
|
||||||
@ -73,6 +78,7 @@ class DeleteIKEPolicyLink(tables.DeleteAction):
|
|||||||
action_past = _("Scheduled deletion of %(data_type)s")
|
action_past = _("Scheduled deletion of %(data_type)s")
|
||||||
data_type_singular = _("IKE Policy")
|
data_type_singular = _("IKE Policy")
|
||||||
data_type_plural = _("IKE Policies")
|
data_type_plural = _("IKE Policies")
|
||||||
|
policy_rules = (("network", "delete_ikepolicy"),)
|
||||||
|
|
||||||
def allowed(self, request, datum=None):
|
def allowed(self, request, datum=None):
|
||||||
if datum and datum.ipsecsiteconns:
|
if datum and datum.ipsecsiteconns:
|
||||||
@ -86,6 +92,7 @@ class DeleteIPSecPolicyLink(tables.DeleteAction):
|
|||||||
action_past = _("Scheduled deletion of %(data_type)s")
|
action_past = _("Scheduled deletion of %(data_type)s")
|
||||||
data_type_singular = _("IPSec Policy")
|
data_type_singular = _("IPSec Policy")
|
||||||
data_type_plural = _("IPSec Policies")
|
data_type_plural = _("IPSec Policies")
|
||||||
|
policy_rules = (("network", "delete_ipsecpolicy"),)
|
||||||
|
|
||||||
def allowed(self, request, datum=None):
|
def allowed(self, request, datum=None):
|
||||||
if datum and datum.ipsecsiteconns:
|
if datum and datum.ipsecsiteconns:
|
||||||
@ -99,12 +106,14 @@ class DeleteIPSecSiteConnectionLink(tables.DeleteAction):
|
|||||||
action_past = _("Scheduled deletion of %(data_type)s")
|
action_past = _("Scheduled deletion of %(data_type)s")
|
||||||
data_type_singular = _("IPSec Site Connection")
|
data_type_singular = _("IPSec Site Connection")
|
||||||
data_type_plural = _("IPSec Site Connections")
|
data_type_plural = _("IPSec Site Connections")
|
||||||
|
policy_rules = (("network", "delete_ipsec_site_connection"),)
|
||||||
|
|
||||||
|
|
||||||
class UpdateVPNServiceLink(tables.LinkAction):
|
class UpdateVPNServiceLink(tables.LinkAction):
|
||||||
name = "update_vpnservice"
|
name = "update_vpnservice"
|
||||||
verbose_name = _("Edit VPN Service")
|
verbose_name = _("Edit VPN Service")
|
||||||
classes = ("ajax-modal", "btn-update",)
|
classes = ("ajax-modal", "btn-update",)
|
||||||
|
policy_rules = (("network", "update_vpnservice"),)
|
||||||
|
|
||||||
def get_link_url(self, vpnservice):
|
def get_link_url(self, vpnservice):
|
||||||
return reverse("horizon:project:vpn:update_vpnservice",
|
return reverse("horizon:project:vpn:update_vpnservice",
|
||||||
@ -120,6 +129,7 @@ class UpdateIKEPolicyLink(tables.LinkAction):
|
|||||||
name = "updateikepolicy"
|
name = "updateikepolicy"
|
||||||
verbose_name = _("Edit IKE Policy")
|
verbose_name = _("Edit IKE Policy")
|
||||||
classes = ("ajax-modal", "btn-update",)
|
classes = ("ajax-modal", "btn-update",)
|
||||||
|
policy_rules = (("network", "update_ikepolicy"),)
|
||||||
|
|
||||||
def get_link_url(self, ikepolicy):
|
def get_link_url(self, ikepolicy):
|
||||||
return reverse("horizon:project:vpn:update_ikepolicy",
|
return reverse("horizon:project:vpn:update_ikepolicy",
|
||||||
@ -133,6 +143,7 @@ class UpdateIPSecPolicyLink(tables.LinkAction):
|
|||||||
name = "updateipsecpolicy"
|
name = "updateipsecpolicy"
|
||||||
verbose_name = _("Edit IPSec Policy")
|
verbose_name = _("Edit IPSec Policy")
|
||||||
classes = ("ajax-modal", "btn-update",)
|
classes = ("ajax-modal", "btn-update",)
|
||||||
|
policy_rules = (("network", "update_ipsecpolicy"),)
|
||||||
|
|
||||||
def get_link_url(self, ipsecpolicy):
|
def get_link_url(self, ipsecpolicy):
|
||||||
return reverse("horizon:project:vpn:update_ipsecpolicy",
|
return reverse("horizon:project:vpn:update_ipsecpolicy",
|
||||||
@ -146,6 +157,7 @@ class UpdateIPSecSiteConnectionLink(tables.LinkAction):
|
|||||||
name = "updateipsecsiteconnection"
|
name = "updateipsecsiteconnection"
|
||||||
verbose_name = _("Edit Connection")
|
verbose_name = _("Edit Connection")
|
||||||
classes = ("ajax-modal", "btn-update",)
|
classes = ("ajax-modal", "btn-update",)
|
||||||
|
policy_rules = (("network", "update_ipsec_site_connection"),)
|
||||||
|
|
||||||
def get_link_url(self, ipsecsiteconnection):
|
def get_link_url(self, ipsecsiteconnection):
|
||||||
return reverse("horizon:project:vpn:update_ipsecsiteconnection",
|
return reverse("horizon:project:vpn:update_ipsecsiteconnection",
|
||||||
|
@ -257,6 +257,7 @@ TIME_ZONE = "UTC"
|
|||||||
# 'volume': 'cinder_policy.json',
|
# 'volume': 'cinder_policy.json',
|
||||||
# 'image': 'glance_policy.json',
|
# 'image': 'glance_policy.json',
|
||||||
# 'orchestration': 'heat_policy.json',
|
# 'orchestration': 'heat_policy.json',
|
||||||
|
# 'network': 'neutron_policy.json',
|
||||||
#}
|
#}
|
||||||
|
|
||||||
# Trove user and database extension support. By default support for
|
# Trove user and database extension support. By default support for
|
||||||
|
@ -209,6 +209,7 @@ POLICY_FILES = {
|
|||||||
'volume': 'cinder_policy.json',
|
'volume': 'cinder_policy.json',
|
||||||
'image': 'glance_policy.json',
|
'image': 'glance_policy.json',
|
||||||
'orchestration': 'heat_policy.json',
|
'orchestration': 'heat_policy.json',
|
||||||
|
'network': 'neutron_policy.json',
|
||||||
}
|
}
|
||||||
|
|
||||||
SECRET_KEY = None
|
SECRET_KEY = None
|
||||||
|
Loading…
Reference in New Issue
Block a user