Browse Source

Pass the actual target in os-instance-usage-audit-log policy

Currently if target is not passed in context.can(),
it use defauls target which is context.user_id, context.project_id.
These defaults target are not useful as it pass the
context's user_id and project_id only which means we tell
oslo policy to verify the context data with context data.

This commit pass the actual target for os-instance-usage-audit-log
policies which is empty dict because policy rule is system scoped rather
than project, so the token scope check deals with the required
target checking.

Partial implement blueprint policy-defaults-refresh

Change-Id: I5584b9bb192dc32c60ba5a83d3bd2de293bbbd27
tags/21.0.0.0rc1
Ghanshyam Mann 4 months ago
committed by Stephen Finucane
parent
commit
66df3a8fef
1 changed files with 2 additions and 2 deletions
  1. +2
    -2
      nova/api/openstack/compute/instance_usage_audit_log.py

+ 2
- 2
nova/api/openstack/compute/instance_usage_audit_log.py View File

@@ -35,14 +35,14 @@ class InstanceUsageAuditLogController(wsgi.Controller):
@wsgi.expected_errors(())
def index(self, req):
context = req.environ['nova.context']
context.can(iual_policies.BASE_POLICY_NAME % 'list')
context.can(iual_policies.BASE_POLICY_NAME % 'list', target={})
task_log = self._get_audit_task_logs(context)
return {'instance_usage_audit_logs': task_log}

@wsgi.expected_errors(400)
def show(self, req, id):
context = req.environ['nova.context']
context.can(iual_policies.BASE_POLICY_NAME % 'show')
context.can(iual_policies.BASE_POLICY_NAME % 'show', target={})
try:
if '.' in id:
before_date = datetime.datetime.strptime(str(id),


Loading…
Cancel
Save