f91915d4cd
The original model used was to assert is_admin on the object context which was actually used in only one place in ironic's code. Redudnantly of course. This is an excess call of is_admin on all API invocations, and is simply not necessary as individual calls have API policy checking and is_admin was only being consulted in the glance service utils... However, the glance service utils also confirmed it should be able to access glance if there was an auth_token present on the request which should also always be the case. This was somewhat identified as redundant/possible bug during the Wallaby cycle and appears to be fine to remove This does *not* remove the deprecated rule. At present, it appears that rule may not be removed until after Xena. Change-Id: I5a176f51db93d2a2238496f6955c1c7d9a79c548
59 lines
1.9 KiB
Python
59 lines
1.9 KiB
Python
# -*- encoding: utf-8 -*-
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from oslo_context import context
|
|
|
|
|
|
class RequestContext(context.RequestContext):
|
|
"""Extends security contexts from the oslo.context library."""
|
|
|
|
def __init__(self, is_public_api=False, **kwargs):
|
|
"""Initialize the RequestContext
|
|
|
|
:param is_public_api: Specifies whether the request should be processed
|
|
without authentication.
|
|
:param kwargs: additional arguments passed to oslo.context.
|
|
"""
|
|
super(RequestContext, self).__init__(**kwargs)
|
|
self.is_public_api = is_public_api
|
|
|
|
def to_policy_values(self):
|
|
policy_values = super(RequestContext, self).to_policy_values()
|
|
policy_values.update({
|
|
'project_name': self.project_name,
|
|
'is_public_api': self.is_public_api,
|
|
})
|
|
return policy_values
|
|
|
|
def ensure_thread_contain_context(self):
|
|
"""Ensure threading contains context
|
|
|
|
For async/periodic tasks, the context of local thread is missing.
|
|
Set it with request context and this is useful to log the request_id
|
|
in log messages.
|
|
|
|
"""
|
|
if context.get_current():
|
|
return
|
|
self.update_store()
|
|
|
|
|
|
def get_admin_context():
|
|
"""Create an administrator context."""
|
|
|
|
context = RequestContext(auth_token=None,
|
|
project_id=None,
|
|
overwrite=False)
|
|
return context
|