From 9ae134954fad334593a2dffe83b111799ebae68b Mon Sep 17 00:00:00 2001 From: Aleks Chirko Date: Wed, 5 Feb 2014 16:51:48 +0200 Subject: [PATCH] Add policy checks in share networks API Add sample policy configuration for share network API. Closes-Bug: #1271943 Change-Id: I77aad91014d7c0ef125192bddeae7aafaaed3aef --- etc/manila/policy.json | 8 +++++++- manila/api/v1/share_networks.py | 8 ++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/etc/manila/policy.json b/etc/manila/policy.json index 219994757d..b16bc07143 100644 --- a/etc/manila/policy.json +++ b/etc/manila/policy.json @@ -22,5 +22,11 @@ "security_service:create": [["rule:admin_api"]], "security_service:delete": [["rule:admin_api"]], - "security_service:update": [["rule:admin_api"]] + "security_service:update": [["rule:admin_api"]], + + "share_network:create": [["rule:admin_api"]], + "share_network:delete": [["rule:admin_api"]], + "share_network:update": [["rule:admin_api"]], + "share_network:add_security_service": [["rule:admin_api"]], + "share_network:remove_security_service": [["rule:admin_api"]] } diff --git a/manila/api/v1/share_networks.py b/manila/api/v1/share_networks.py index cdc147b238..810463dc1f 100644 --- a/manila/api/v1/share_networks.py +++ b/manila/api/v1/share_networks.py @@ -25,6 +25,7 @@ from manila.common import constants from manila.db import api as db_api from manila import exception from manila.openstack.common import log as logging +from manila import policy RESOURCE_NAME = 'share_network' RESOURCES_NAME = 'share_networks' @@ -74,6 +75,7 @@ class ShareNetworkController(wsgi.Controller): def show(self, req, id): """Return data about the requested network info.""" context = req.environ['manila.context'] + policy.check_policy(context, RESOURCE_NAME, 'show') try: share_network = db_api.share_network_get(context, id) @@ -86,6 +88,7 @@ class ShareNetworkController(wsgi.Controller): def delete(self, req, id): """Delete specified share network.""" context = req.environ['manila.context'] + policy.check_policy(context, RESOURCE_NAME, 'delete') try: share_network = db_api.share_network_get(context, id) @@ -105,6 +108,7 @@ class ShareNetworkController(wsgi.Controller): def index(self, req): """Returns a summary list of share's networks.""" context = req.environ['manila.context'] + policy.check_policy(context, RESOURCE_NAME, 'index') search_opts = {} search_opts.update(req.GET) @@ -126,6 +130,7 @@ class ShareNetworkController(wsgi.Controller): def update(self, req, id, body): """Update specified share network.""" context = req.environ['manila.context'] + policy.check_policy(context, RESOURCE_NAME, 'update') if not body or RESOURCE_NAME not in body: raise exc.HTTPUnprocessableEntity() @@ -156,6 +161,7 @@ class ShareNetworkController(wsgi.Controller): def create(self, req, body): """Creates a new share network.""" context = req.environ['manila.context'] + policy.check_policy(context, RESOURCE_NAME, 'create') if not body or RESOURCE_NAME not in body: raise exc.HTTPUnprocessableEntity() @@ -186,6 +192,7 @@ class ShareNetworkController(wsgi.Controller): def _add_security_service(self, req, id, data): context = req.environ['manila.context'] + policy.check_policy(context, RESOURCE_NAME, 'add_security_service') try: share_network = db_api.share_network_add_security_service( context, @@ -205,6 +212,7 @@ class ShareNetworkController(wsgi.Controller): def _remove_security_service(self, req, id, data): context = req.environ['manila.context'] + policy.check_policy(context, RESOURCE_NAME, 'remove_security_service') try: share_network = db_api.share_network_remove_security_service( context,