Merge "Add `access_as_readonly` sharing action"
This commit is contained in:
commit
307b6be55e
|
@ -666,3 +666,8 @@ PORT_NUMA_POLICY_PREFERRED = 'preferred'
|
||||||
PORT_NUMA_POLICY_LEGACY = 'legacy'
|
PORT_NUMA_POLICY_LEGACY = 'legacy'
|
||||||
PORT_NUMA_POLICIES = (PORT_NUMA_POLICY_REQUIRED, PORT_NUMA_POLICY_PREFERRED,
|
PORT_NUMA_POLICIES = (PORT_NUMA_POLICY_REQUIRED, PORT_NUMA_POLICY_PREFERRED,
|
||||||
PORT_NUMA_POLICY_LEGACY)
|
PORT_NUMA_POLICY_LEGACY)
|
||||||
|
|
||||||
|
# RBAC Sharing Actions
|
||||||
|
ACCESS_SHARED = 'access_as_shared'
|
||||||
|
ACCESS_READONLY = 'access_as_readonly'
|
||||||
|
ACCESS_EXTERNAL = 'access_as_external'
|
||||||
|
|
|
@ -20,6 +20,7 @@ from sqlalchemy import sql, or_, and_
|
||||||
|
|
||||||
from neutron_lib._i18n import _
|
from neutron_lib._i18n import _
|
||||||
from neutron_lib.api import attributes
|
from neutron_lib.api import attributes
|
||||||
|
from neutron_lib import constants
|
||||||
from neutron_lib.db import utils as db_utils
|
from neutron_lib.db import utils as db_utils
|
||||||
from neutron_lib import exceptions as n_exc
|
from neutron_lib import exceptions as n_exc
|
||||||
from neutron_lib.objects import utils as obj_utils
|
from neutron_lib.objects import utils as obj_utils
|
||||||
|
@ -122,7 +123,8 @@ def query_with_hooks(context, model, field=None):
|
||||||
rbac_model = model.rbac_entries.property.mapper.class_
|
rbac_model = model.rbac_entries.property.mapper.class_
|
||||||
query_filter = (
|
query_filter = (
|
||||||
(model.tenant_id == context.tenant_id) |
|
(model.tenant_id == context.tenant_id) |
|
||||||
((rbac_model.action == 'access_as_shared') &
|
(rbac_model.action.in_(
|
||||||
|
[constants.ACCESS_SHARED, constants.ACCESS_READONLY]) &
|
||||||
((rbac_model.target_tenant == context.tenant_id) |
|
((rbac_model.target_tenant == context.tenant_id) |
|
||||||
(rbac_model.target_tenant == '*'))))
|
(rbac_model.target_tenant == '*'))))
|
||||||
elif hasattr(model, 'shared'):
|
elif hasattr(model, 'shared'):
|
||||||
|
@ -212,7 +214,7 @@ def apply_filters(query, model, filters, context=None):
|
||||||
matches.append(rbac.target_tenant == context.tenant_id)
|
matches.append(rbac.target_tenant == context.tenant_id)
|
||||||
# any 'access_as_shared' records that match the
|
# any 'access_as_shared' records that match the
|
||||||
# wildcard or requesting tenant
|
# wildcard or requesting tenant
|
||||||
is_shared = and_(rbac.action == 'access_as_shared',
|
is_shared = and_(rbac.action == constants.ACCESS_SHARED,
|
||||||
or_(*matches))
|
or_(*matches))
|
||||||
if not value[0]:
|
if not value[0]:
|
||||||
# NOTE(kevinbenton): we need to find objects that don't
|
# NOTE(kevinbenton): we need to find objects that don't
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Add constants for RBAC sharing actions: ``ACCESS_SHARED``,
|
||||||
|
``ACCESS_EXTERNAL``, and a new action ``ACCESS_READONLY``.
|
Loading…
Reference in New Issue