Pass the actual target in os-instance-usage-audit-log policy
Currently if target is not passed in context.can(), it use defauls target which is context.user_id, context.project_id. These defaults target are not useful as it pass the context's user_id and project_id only which means we tell oslo policy to verify the context data with context data. This commit pass the actual target for os-instance-usage-audit-log policies which is empty dict because policy rule is system scoped rather than project, so the token scope check deals with the required target checking. Partial implement blueprint policy-defaults-refresh Change-Id: I5584b9bb192dc32c60ba5a83d3bd2de293bbbd27
This commit is contained in:
parent
dd2b748e58
commit
66df3a8fef
|
@ -35,14 +35,14 @@ class InstanceUsageAuditLogController(wsgi.Controller):
|
|||
@wsgi.expected_errors(())
|
||||
def index(self, req):
|
||||
context = req.environ['nova.context']
|
||||
context.can(iual_policies.BASE_POLICY_NAME % 'list')
|
||||
context.can(iual_policies.BASE_POLICY_NAME % 'list', target={})
|
||||
task_log = self._get_audit_task_logs(context)
|
||||
return {'instance_usage_audit_logs': task_log}
|
||||
|
||||
@wsgi.expected_errors(400)
|
||||
def show(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
context.can(iual_policies.BASE_POLICY_NAME % 'show')
|
||||
context.can(iual_policies.BASE_POLICY_NAME % 'show', target={})
|
||||
try:
|
||||
if '.' in id:
|
||||
before_date = datetime.datetime.strptime(str(id),
|
||||
|
|
Loading…
Reference in New Issue