Pass the actual target in os-instance-usage-audit-log policy
Currently if target is not passed in context.can(), it use defauls target which is context.user_id, context.project_id. These defaults target are not useful as it pass the context's user_id and project_id only which means we tell oslo policy to verify the context data with context data. This commit pass the actual target for os-instance-usage-audit-log policies which is empty dict because policy rule is system scoped rather than project, so the token scope check deals with the required target checking. Partial implement blueprint policy-defaults-refresh Change-Id: I5584b9bb192dc32c60ba5a83d3bd2de293bbbd27
This commit is contained in:
Ghanshyam Mann
Stephen Finucane
parent
dd2b748e58
commit
66df3a8fef
|
|
@ -35,14 +35,14 @@ class InstanceUsageAuditLogController(wsgi.Controller):
|
||||||
@wsgi.expected_errors(())
|
@wsgi.expected_errors(())
|
||||||
def index(self, req):
|
def index(self, req):
|
||||||
context = req.environ['nova.context']
|
context = req.environ['nova.context']
|
||||||
context.can(iual_policies.BASE_POLICY_NAME % 'list')
|
context.can(iual_policies.BASE_POLICY_NAME % 'list', target={})
|
||||||
task_log = self._get_audit_task_logs(context)
|
task_log = self._get_audit_task_logs(context)
|
||||||
return {'instance_usage_audit_logs': task_log}
|
return {'instance_usage_audit_logs': task_log}
|
||||||
|
|
||||||
@wsgi.expected_errors(400)
|
@wsgi.expected_errors(400)
|
||||||
def show(self, req, id):
|
def show(self, req, id):
|
||||||
context = req.environ['nova.context']
|
context = req.environ['nova.context']
|
||||||
context.can(iual_policies.BASE_POLICY_NAME % 'show')
|
context.can(iual_policies.BASE_POLICY_NAME % 'show', target={})
|
||||||
try:
|
try:
|
||||||
if '.' in id:
|
if '.' in id:
|
||||||
before_date = datetime.datetime.strptime(str(id),
|
before_date = datetime.datetime.strptime(str(id),
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue