policy: Replaces 'authorize' in nova-api (part 3)
Partially-Implements: bp policy-in-code Change-Id: I316679f3fc3a2022fd6fe57c6bd3fa0e80d8136b
This commit is contained in:
parent
0871f4953d
commit
a46e3c89ea
|
@ -22,9 +22,9 @@ from nova.api import validation
|
|||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova import objects
|
||||
from nova.policies import fixed_ips as fi_policies
|
||||
|
||||
ALIAS = 'os-fixed-ips'
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class FixedIPController(wsgi.Controller):
|
||||
|
@ -43,7 +43,7 @@ class FixedIPController(wsgi.Controller):
|
|||
def show(self, req, id):
|
||||
"""Return data about the given fixed IP."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fi_policies.BASE_POLICY_NAME)
|
||||
|
||||
attrs = ['network', 'instance']
|
||||
try:
|
||||
|
@ -79,7 +79,7 @@ class FixedIPController(wsgi.Controller):
|
|||
@wsgi.action('reserve')
|
||||
def reserve(self, req, id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fi_policies.BASE_POLICY_NAME)
|
||||
|
||||
return self._set_reserved(context, id, True)
|
||||
|
||||
|
@ -89,7 +89,7 @@ class FixedIPController(wsgi.Controller):
|
|||
@wsgi.action('unreserve')
|
||||
def unreserve(self, req, id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fi_policies.BASE_POLICY_NAME)
|
||||
return self._set_reserved(context, id, False)
|
||||
|
||||
def _set_reserved(self, context, address, reserved):
|
||||
|
|
|
@ -26,10 +26,9 @@ from nova.api import validation
|
|||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova import objects
|
||||
from nova.policies import flavor_access as fa_policies
|
||||
|
||||
ALIAS = 'os-flavor-access'
|
||||
soft_authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
def _marshall_flavor_access(flavor):
|
||||
|
@ -46,7 +45,7 @@ class FlavorAccessController(wsgi.Controller):
|
|||
@extensions.expected_errors(404)
|
||||
def index(self, req, flavor_id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fa_policies.BASE_POLICY_NAME)
|
||||
|
||||
flavor = common.get_flavor(context, flavor_id)
|
||||
|
||||
|
@ -68,7 +67,7 @@ class FlavorActionController(wsgi.Controller):
|
|||
@wsgi.extends
|
||||
def show(self, req, resp_obj, id):
|
||||
context = req.environ['nova.context']
|
||||
if soft_authorize(context):
|
||||
if context.can(fa_policies.BASE_POLICY_NAME, fatal=False):
|
||||
db_flavor = req.get_db_flavor(id)
|
||||
|
||||
self._extend_flavor(resp_obj.obj['flavor'], db_flavor)
|
||||
|
@ -76,7 +75,7 @@ class FlavorActionController(wsgi.Controller):
|
|||
@wsgi.extends
|
||||
def detail(self, req, resp_obj):
|
||||
context = req.environ['nova.context']
|
||||
if soft_authorize(context):
|
||||
if context.can(fa_policies.BASE_POLICY_NAME, fatal=False):
|
||||
flavors = list(resp_obj.obj['flavors'])
|
||||
for flavor_rval in flavors:
|
||||
db_flavor = req.get_db_flavor(flavor_rval['id'])
|
||||
|
@ -85,7 +84,7 @@ class FlavorActionController(wsgi.Controller):
|
|||
@wsgi.extends(action='create')
|
||||
def create(self, req, body, resp_obj):
|
||||
context = req.environ['nova.context']
|
||||
if soft_authorize(context):
|
||||
if context.can(fa_policies.BASE_POLICY_NAME, fatal=False):
|
||||
db_flavor = req.get_db_flavor(resp_obj.obj['flavor']['id'])
|
||||
|
||||
self._extend_flavor(resp_obj.obj['flavor'], db_flavor)
|
||||
|
@ -95,7 +94,7 @@ class FlavorActionController(wsgi.Controller):
|
|||
@validation.schema(flavor_access.add_tenant_access)
|
||||
def _add_tenant_access(self, req, id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action="add_tenant_access")
|
||||
context.can(fa_policies.POLICY_ROOT % "add_tenant_access")
|
||||
|
||||
vals = body['addTenantAccess']
|
||||
tenant = vals['tenant']
|
||||
|
@ -121,7 +120,8 @@ class FlavorActionController(wsgi.Controller):
|
|||
@validation.schema(flavor_access.remove_tenant_access)
|
||||
def _remove_tenant_access(self, req, id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action="remove_tenant_access")
|
||||
context.can(
|
||||
fa_policies.POLICY_ROOT % "remove_tenant_access")
|
||||
|
||||
vals = body['removeTenantAccess']
|
||||
tenant = vals['tenant']
|
||||
|
|
|
@ -21,11 +21,10 @@ from nova.compute import flavors
|
|||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova import objects
|
||||
from nova.policies import flavor_manage as fm_policies
|
||||
|
||||
ALIAS = "os-flavor-manage"
|
||||
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class FlavorManageController(wsgi.Controller):
|
||||
"""The Flavor Lifecycle API controller for the OpenStack API."""
|
||||
|
@ -42,7 +41,7 @@ class FlavorManageController(wsgi.Controller):
|
|||
@wsgi.action("delete")
|
||||
def _delete(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fm_policies.BASE_POLICY_NAME)
|
||||
|
||||
flavor = objects.Flavor(context=context, flavorid=id)
|
||||
try:
|
||||
|
@ -58,7 +57,7 @@ class FlavorManageController(wsgi.Controller):
|
|||
@validation.schema(flavor_manage.create, '2.1')
|
||||
def _create(self, req, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fm_policies.BASE_POLICY_NAME)
|
||||
|
||||
vals = body['flavor']
|
||||
|
||||
|
|
|
@ -16,9 +16,9 @@
|
|||
|
||||
from nova.api.openstack import extensions
|
||||
from nova.api.openstack import wsgi
|
||||
from nova.policies import flavor_rxtx as fr_policies
|
||||
|
||||
ALIAS = 'os-flavor-rxtx'
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
class FlavorRxtxController(wsgi.Controller):
|
||||
|
@ -29,7 +29,8 @@ class FlavorRxtxController(wsgi.Controller):
|
|||
flavor[key] = db_flavor['rxtx_factor'] or ""
|
||||
|
||||
def _show(self, req, resp_obj):
|
||||
if not authorize(req.environ['nova.context']):
|
||||
context = req.environ['nova.context']
|
||||
if not context.can(fr_policies.BASE_POLICY_NAME, fatal=False):
|
||||
return
|
||||
if 'flavor' in resp_obj.obj:
|
||||
self._extend_flavors(req, [resp_obj.obj['flavor']])
|
||||
|
@ -44,7 +45,8 @@ class FlavorRxtxController(wsgi.Controller):
|
|||
|
||||
@wsgi.extends
|
||||
def detail(self, req, resp_obj):
|
||||
if not authorize(req.environ['nova.context']):
|
||||
context = req.environ['nova.context']
|
||||
if not context.can(fr_policies.BASE_POLICY_NAME, fatal=False):
|
||||
return
|
||||
self._extend_flavors(req, list(resp_obj.obj['flavors']))
|
||||
|
||||
|
|
|
@ -23,10 +23,10 @@ from nova.api.openstack import wsgi
|
|||
from nova.api import validation
|
||||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova.policies import flavor_extra_specs as fes_policies
|
||||
from nova import utils
|
||||
|
||||
ALIAS = 'os-flavor-extra-specs'
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class FlavorExtraSpecsController(wsgi.Controller):
|
||||
|
@ -52,7 +52,7 @@ class FlavorExtraSpecsController(wsgi.Controller):
|
|||
def index(self, req, flavor_id):
|
||||
"""Returns the list of extra specs for a given flavor."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='index')
|
||||
context.can(fes_policies.POLICY_ROOT % 'index')
|
||||
return self._get_extra_specs(context, flavor_id)
|
||||
|
||||
# NOTE(gmann): Here should be 201 instead of 200 by v2.1
|
||||
|
@ -62,7 +62,7 @@ class FlavorExtraSpecsController(wsgi.Controller):
|
|||
@validation.schema(flavors_extraspecs.create)
|
||||
def create(self, req, flavor_id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='create')
|
||||
context.can(fes_policies.POLICY_ROOT % 'create')
|
||||
|
||||
specs = body['extra_specs']
|
||||
self._check_extra_specs_value(specs)
|
||||
|
@ -80,7 +80,7 @@ class FlavorExtraSpecsController(wsgi.Controller):
|
|||
@validation.schema(flavors_extraspecs.update)
|
||||
def update(self, req, flavor_id, id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='update')
|
||||
context.can(fes_policies.POLICY_ROOT % 'update')
|
||||
|
||||
self._check_extra_specs_value(body)
|
||||
if id not in body:
|
||||
|
@ -100,7 +100,7 @@ class FlavorExtraSpecsController(wsgi.Controller):
|
|||
def show(self, req, flavor_id, id):
|
||||
"""Return a single extra spec item."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='show')
|
||||
context.can(fes_policies.POLICY_ROOT % 'show')
|
||||
flavor = common.get_flavor(context, flavor_id)
|
||||
try:
|
||||
return {id: flavor.extra_specs[id]}
|
||||
|
@ -117,7 +117,7 @@ class FlavorExtraSpecsController(wsgi.Controller):
|
|||
def delete(self, req, flavor_id, id):
|
||||
"""Deletes an existing extra spec."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='delete')
|
||||
context.can(fes_policies.POLICY_ROOT % 'delete')
|
||||
flavor = common.get_flavor(context, flavor_id)
|
||||
try:
|
||||
del flavor.extra_specs[id]
|
||||
|
|
|
@ -24,10 +24,10 @@ from nova.api import validation
|
|||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova import network
|
||||
from nova.policies import floating_ip_dns as fid_policies
|
||||
|
||||
|
||||
ALIAS = "os-floating-ip-dns"
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
def _translate_dns_entry_view(dns_entry):
|
||||
|
@ -90,7 +90,7 @@ class FloatingIPDNSDomainController(wsgi.Controller):
|
|||
def index(self, req):
|
||||
"""Return a list of available DNS domains."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fid_policies.BASE_POLICY_NAME)
|
||||
|
||||
try:
|
||||
domains = self.network_api.get_dns_domains(context)
|
||||
|
@ -110,7 +110,7 @@ class FloatingIPDNSDomainController(wsgi.Controller):
|
|||
def update(self, req, id, body):
|
||||
"""Add or modify domain entry."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action="domain:update")
|
||||
context.can(fid_policies.POLICY_ROOT % "domain:update")
|
||||
fqdomain = _unquote_domain(id)
|
||||
entry = body['domain_entry']
|
||||
scope = entry['scope']
|
||||
|
@ -145,7 +145,7 @@ class FloatingIPDNSDomainController(wsgi.Controller):
|
|||
def delete(self, req, id):
|
||||
"""Delete the domain identified by id."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action="domain:delete")
|
||||
context.can(fid_policies.POLICY_ROOT % "domain:delete")
|
||||
domain = _unquote_domain(id)
|
||||
|
||||
# Delete the whole domain
|
||||
|
@ -168,7 +168,7 @@ class FloatingIPDNSEntryController(wsgi.Controller):
|
|||
def show(self, req, domain_id, id):
|
||||
"""Return the DNS entry that corresponds to domain_id and id."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fid_policies.BASE_POLICY_NAME)
|
||||
domain = _unquote_domain(domain_id)
|
||||
|
||||
floating_ip = None
|
||||
|
@ -206,7 +206,7 @@ class FloatingIPDNSEntryController(wsgi.Controller):
|
|||
def update(self, req, domain_id, id, body):
|
||||
"""Add or modify dns entry."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fid_policies.BASE_POLICY_NAME)
|
||||
domain = _unquote_domain(domain_id)
|
||||
name = id
|
||||
entry = body['dns_entry']
|
||||
|
@ -237,7 +237,7 @@ class FloatingIPDNSEntryController(wsgi.Controller):
|
|||
def delete(self, req, domain_id, id):
|
||||
"""Delete the entry identified by req and id."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fid_policies.BASE_POLICY_NAME)
|
||||
domain = _unquote_domain(domain_id)
|
||||
name = id
|
||||
|
||||
|
|
|
@ -15,10 +15,10 @@
|
|||
from nova.api.openstack import extensions
|
||||
from nova.api.openstack import wsgi
|
||||
from nova import network
|
||||
from nova.policies import floating_ip_pools as fip_policies
|
||||
|
||||
|
||||
ALIAS = 'os-floating-ip-pools'
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
def _translate_floating_ip_view(pool_name):
|
||||
|
@ -45,7 +45,7 @@ class FloatingIPPoolsController(wsgi.Controller):
|
|||
def index(self, req):
|
||||
"""Return a list of pools."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fip_policies.BASE_POLICY_NAME)
|
||||
pools = self.network_api.get_floating_ip_pools(context)
|
||||
return _translate_floating_ip_pools_view(pools)
|
||||
|
||||
|
|
|
@ -31,11 +31,11 @@ from nova import exception
|
|||
from nova.i18n import _
|
||||
from nova.i18n import _LW
|
||||
from nova import network
|
||||
from nova.policies import floating_ips as fi_policies
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
ALIAS = 'os-floating-ips'
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
def _translate_floating_ip_view(floating_ip):
|
||||
|
@ -116,7 +116,7 @@ class FloatingIPController(object):
|
|||
def show(self, req, id):
|
||||
"""Return data about the given floating IP."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fi_policies.BASE_POLICY_NAME)
|
||||
|
||||
try:
|
||||
floating_ip = self.network_api.get_floating_ip(context, id)
|
||||
|
@ -132,7 +132,7 @@ class FloatingIPController(object):
|
|||
def index(self, req):
|
||||
"""Return a list of floating IPs allocated to a project."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fi_policies.BASE_POLICY_NAME)
|
||||
|
||||
floating_ips = self.network_api.get_floating_ips_by_project(context)
|
||||
|
||||
|
@ -141,7 +141,7 @@ class FloatingIPController(object):
|
|||
@extensions.expected_errors((400, 403, 404))
|
||||
def create(self, req, body=None):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fi_policies.BASE_POLICY_NAME)
|
||||
|
||||
pool = None
|
||||
if body and 'pool' in body:
|
||||
|
@ -172,7 +172,7 @@ class FloatingIPController(object):
|
|||
@extensions.expected_errors((400, 403, 404, 409))
|
||||
def delete(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fi_policies.BASE_POLICY_NAME)
|
||||
|
||||
# get the floating ip object
|
||||
try:
|
||||
|
@ -209,7 +209,7 @@ class FloatingIPActionController(wsgi.Controller):
|
|||
def _add_floating_ip(self, req, id, body):
|
||||
"""Associate floating_ip to an instance."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fi_policies.BASE_POLICY_NAME)
|
||||
|
||||
address = body['addFloatingIp']['address']
|
||||
|
||||
|
@ -287,7 +287,7 @@ class FloatingIPActionController(wsgi.Controller):
|
|||
def _remove_floating_ip(self, req, id, body):
|
||||
"""Dissociate floating_ip from an instance."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fi_policies.BASE_POLICY_NAME)
|
||||
|
||||
address = body['removeFloatingIp']['address']
|
||||
|
||||
|
|
|
@ -24,12 +24,12 @@ import nova.conf
|
|||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova import objects
|
||||
from nova.policies import floating_ips_bulk as fib_policies
|
||||
|
||||
CONF = nova.conf.CONF
|
||||
|
||||
|
||||
ALIAS = 'os-floating-ips-bulk'
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class FloatingIPBulkController(wsgi.Controller):
|
||||
|
@ -38,7 +38,7 @@ class FloatingIPBulkController(wsgi.Controller):
|
|||
def index(self, req):
|
||||
"""Return a list of all floating IPs."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fib_policies.BASE_POLICY_NAME)
|
||||
|
||||
return self._get_floating_ip_info(context)
|
||||
|
||||
|
@ -46,7 +46,7 @@ class FloatingIPBulkController(wsgi.Controller):
|
|||
def show(self, req, id):
|
||||
"""Return a list of all floating IPs for a given host."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fib_policies.BASE_POLICY_NAME)
|
||||
|
||||
return self._get_floating_ip_info(context, id)
|
||||
|
||||
|
@ -87,7 +87,7 @@ class FloatingIPBulkController(wsgi.Controller):
|
|||
def create(self, req, body):
|
||||
"""Bulk create floating IPs."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fib_policies.BASE_POLICY_NAME)
|
||||
|
||||
params = body['floating_ips_bulk_create']
|
||||
ip_range = params['ip_range']
|
||||
|
@ -115,7 +115,7 @@ class FloatingIPBulkController(wsgi.Controller):
|
|||
def update(self, req, id, body):
|
||||
"""Bulk delete floating IPs."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(fib_policies.BASE_POLICY_NAME)
|
||||
|
||||
if id != "delete":
|
||||
msg = _("Unknown action")
|
||||
|
|
|
@ -26,12 +26,11 @@ from nova.api.openstack import wsgi
|
|||
from nova import compute
|
||||
import nova.conf
|
||||
from nova.i18n import _
|
||||
from nova.policies import fping as fping_policies
|
||||
from nova import utils
|
||||
|
||||
ALIAS = "os-fping"
|
||||
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
CONF = nova.conf.CONF
|
||||
|
||||
|
||||
|
@ -73,9 +72,9 @@ class FpingController(wsgi.Controller):
|
|||
context = req.environ["nova.context"]
|
||||
search_opts = dict(deleted=False)
|
||||
if "all_tenants" in req.GET:
|
||||
authorize(context, action='all_tenants')
|
||||
context.can(fping_policies.POLICY_ROOT % 'all_tenants')
|
||||
else:
|
||||
authorize(context)
|
||||
context.can(fping_policies.BASE_POLICY_NAME)
|
||||
if context.project_id:
|
||||
search_opts["project_id"] = context.project_id
|
||||
else:
|
||||
|
@ -121,7 +120,7 @@ class FpingController(wsgi.Controller):
|
|||
@extensions.expected_errors((404, 503))
|
||||
def show(self, req, id):
|
||||
context = req.environ["nova.context"]
|
||||
authorize(context)
|
||||
context.can(fping_policies.BASE_POLICY_NAME)
|
||||
self.check_fping()
|
||||
instance = common.get_instance(self.compute_api, context, id)
|
||||
ips = [str(ip) for ip in self._get_instance_ips(context, instance)]
|
||||
|
|
|
@ -19,12 +19,12 @@ from nova.api.openstack import extensions
|
|||
from nova.api.openstack import wsgi
|
||||
from nova.compute import vm_states
|
||||
import nova.conf
|
||||
from nova.policies import hide_server_addresses as hsa_policies
|
||||
|
||||
|
||||
CONF = nova.conf.CONF
|
||||
|
||||
ALIAS = 'os-hide-server-addresses'
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
class Controller(wsgi.Controller):
|
||||
|
@ -47,7 +47,8 @@ class Controller(wsgi.Controller):
|
|||
@wsgi.extends
|
||||
def show(self, req, resp_obj, id):
|
||||
resp = resp_obj
|
||||
if not authorize(req.environ['nova.context']):
|
||||
context = req.environ['nova.context']
|
||||
if not context.can(hsa_policies.BASE_POLICY_NAME, fatal=False):
|
||||
return
|
||||
|
||||
if 'server' in resp.obj and 'addresses' in resp.obj['server']:
|
||||
|
@ -57,7 +58,8 @@ class Controller(wsgi.Controller):
|
|||
@wsgi.extends
|
||||
def detail(self, req, resp_obj):
|
||||
resp = resp_obj
|
||||
if not authorize(req.environ['nova.context']):
|
||||
context = req.environ['nova.context']
|
||||
if not context.can(hsa_policies.BASE_POLICY_NAME, fatal=False):
|
||||
return
|
||||
|
||||
for server in list(resp.obj['servers']):
|
||||
|
|
|
@ -28,10 +28,10 @@ from nova import compute
|
|||
from nova import exception
|
||||
from nova.i18n import _LI
|
||||
from nova import objects
|
||||
from nova.policies import hosts as hosts_policies
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
ALIAS = 'os-hosts'
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class HostController(wsgi.Controller):
|
||||
|
@ -80,7 +80,7 @@ class HostController(wsgi.Controller):
|
|||
|
||||
"""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(hosts_policies.BASE_POLICY_NAME)
|
||||
filters = {'disabled': False}
|
||||
zone = req.GET.get('zone', None)
|
||||
if zone:
|
||||
|
@ -116,7 +116,7 @@ class HostController(wsgi.Controller):
|
|||
return val == "enable"
|
||||
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(hosts_policies.BASE_POLICY_NAME)
|
||||
# See what the user wants to 'update'
|
||||
status = body.get('status')
|
||||
maint_mode = body.get('maintenance_mode')
|
||||
|
@ -178,7 +178,7 @@ class HostController(wsgi.Controller):
|
|||
def _host_power_action(self, req, host_name, action):
|
||||
"""Reboots, shuts down or powers up the host."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(hosts_policies.BASE_POLICY_NAME)
|
||||
try:
|
||||
result = self.api.host_power_action(context, host_name=host_name,
|
||||
action=action)
|
||||
|
@ -264,7 +264,7 @@ class HostController(wsgi.Controller):
|
|||
'cpu': 1, 'memory_mb': 2048, 'disk_gb': 30}
|
||||
"""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(hosts_policies.BASE_POLICY_NAME)
|
||||
host_name = id
|
||||
try:
|
||||
compute_node = (
|
||||
|
|
|
@ -25,11 +25,11 @@ from nova.api.openstack import wsgi
|
|||
from nova import compute
|
||||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova.policies import hypervisors as hv_policies
|
||||
from nova import servicegroup
|
||||
|
||||
|
||||
ALIAS = "os-hypervisors"
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class HypervisorsController(wsgi.Controller):
|
||||
|
@ -83,7 +83,7 @@ class HypervisorsController(wsgi.Controller):
|
|||
@extensions.expected_errors(())
|
||||
def index(self, req):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(hv_policies.BASE_POLICY_NAME)
|
||||
compute_nodes = self.host_api.compute_node_get_all(context)
|
||||
req.cache_db_compute_nodes(compute_nodes)
|
||||
return dict(hypervisors=[self._view_hypervisor(
|
||||
|
@ -96,7 +96,7 @@ class HypervisorsController(wsgi.Controller):
|
|||
@extensions.expected_errors(())
|
||||
def detail(self, req):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(hv_policies.BASE_POLICY_NAME)
|
||||
compute_nodes = self.host_api.compute_node_get_all(context)
|
||||
req.cache_db_compute_nodes(compute_nodes)
|
||||
return dict(hypervisors=[self._view_hypervisor(
|
||||
|
@ -106,7 +106,7 @@ class HypervisorsController(wsgi.Controller):
|
|||
@extensions.expected_errors(404)
|
||||
def show(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(hv_policies.BASE_POLICY_NAME)
|
||||
try:
|
||||
hyp = self.host_api.compute_node_get(context, id)
|
||||
req.cache_db_compute_node(hyp)
|
||||
|
@ -121,7 +121,7 @@ class HypervisorsController(wsgi.Controller):
|
|||
@extensions.expected_errors((400, 404, 501))
|
||||
def uptime(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(hv_policies.BASE_POLICY_NAME)
|
||||
try:
|
||||
hyp = self.host_api.compute_node_get(context, id)
|
||||
req.cache_db_compute_node(hyp)
|
||||
|
@ -145,7 +145,7 @@ class HypervisorsController(wsgi.Controller):
|
|||
@extensions.expected_errors(404)
|
||||
def search(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(hv_policies.BASE_POLICY_NAME)
|
||||
hypervisors = self.host_api.compute_node_search_by_hypervisor(
|
||||
context, id)
|
||||
if hypervisors:
|
||||
|
@ -162,7 +162,7 @@ class HypervisorsController(wsgi.Controller):
|
|||
@extensions.expected_errors(404)
|
||||
def servers(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(hv_policies.BASE_POLICY_NAME)
|
||||
compute_nodes = self.host_api.compute_node_search_by_hypervisor(
|
||||
context, id)
|
||||
if not compute_nodes:
|
||||
|
@ -182,7 +182,7 @@ class HypervisorsController(wsgi.Controller):
|
|||
@extensions.expected_errors(())
|
||||
def statistics(self, req):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(hv_policies.BASE_POLICY_NAME)
|
||||
stats = self.host_api.compute_node_statistics(context)
|
||||
return dict(hypervisor_statistics=stats)
|
||||
|
||||
|
|
|
@ -15,11 +15,10 @@
|
|||
|
||||
from nova.api.openstack import extensions
|
||||
from nova.api.openstack import wsgi
|
||||
from nova.policies import image_size as is_policies
|
||||
|
||||
ALIAS = "image-size"
|
||||
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
class ImageSizeController(wsgi.Controller):
|
||||
|
||||
|
@ -33,7 +32,7 @@ class ImageSizeController(wsgi.Controller):
|
|||
@wsgi.extends
|
||||
def show(self, req, resp_obj, id):
|
||||
context = req.environ["nova.context"]
|
||||
if authorize(context):
|
||||
if context.can(is_policies.BASE_POLICY_NAME, fatal=False):
|
||||
image_resp = resp_obj.obj['image']
|
||||
# image guaranteed to be in the cache due to the core API adding
|
||||
# it in its 'show' method
|
||||
|
@ -43,7 +42,7 @@ class ImageSizeController(wsgi.Controller):
|
|||
@wsgi.extends
|
||||
def detail(self, req, resp_obj):
|
||||
context = req.environ['nova.context']
|
||||
if authorize(context):
|
||||
if context.can(is_policies.BASE_POLICY_NAME, fatal=False):
|
||||
images_resp = list(resp_obj.obj['images'])
|
||||
# images guaranteed to be in the cache due to the core API adding
|
||||
# it in its 'detail' method
|
||||
|
|
|
@ -20,11 +20,10 @@ from nova.api.openstack import extensions
|
|||
from nova.api.openstack import wsgi
|
||||
from nova import compute
|
||||
from nova.i18n import _
|
||||
from nova.policies import instance_actions as ia_policies
|
||||
from nova import utils
|
||||
|
||||
ALIAS = "os-instance-actions"
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
soft_authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
ACTION_KEYS = ['action', 'instance_uuid', 'request_id', 'user_id',
|
||||
'project_id', 'start_time', 'message']
|
||||
|
@ -64,7 +63,7 @@ class InstanceActionsController(wsgi.Controller):
|
|||
"""Returns the list of actions recorded for a given instance."""
|
||||
context = req.environ["nova.context"]
|
||||
instance = self._get_instance(req, context, server_id)
|
||||
authorize(context, target=instance)
|
||||
context.can(ia_policies.BASE_POLICY_NAME, instance)
|
||||
actions_raw = self.action_api.actions_get(context, instance)
|
||||
actions = [self._format_action(action) for action in actions_raw]
|
||||
return {'instanceActions': actions}
|
||||
|
@ -74,7 +73,7 @@ class InstanceActionsController(wsgi.Controller):
|
|||
"""Return data about the given instance action."""
|
||||
context = req.environ['nova.context']
|
||||
instance = self._get_instance(req, context, server_id)
|
||||
authorize(context, target=instance)
|
||||
context.can(ia_policies.BASE_POLICY_NAME, instance)
|
||||
action = self.action_api.action_get_by_request_id(context, instance,
|
||||
id)
|
||||
if action is None:
|
||||
|
@ -83,7 +82,7 @@ class InstanceActionsController(wsgi.Controller):
|
|||
|
||||
action_id = action['id']
|
||||
action = self._format_action(action)
|
||||
if soft_authorize(context, action='events'):
|
||||
if context.can(ia_policies.POLICY_ROOT % 'events', fatal=False):
|
||||
events_raw = self.action_api.action_events_get(context, instance,
|
||||
action_id)
|
||||
action['events'] = [self._format_event(evt) for evt in events_raw]
|
||||
|
|
|
@ -23,12 +23,12 @@ from nova.api.openstack import wsgi
|
|||
from nova import compute
|
||||
import nova.conf
|
||||
from nova.i18n import _
|
||||
from nova.policies import instance_usage_audit_log as iual_policies
|
||||
from nova import utils
|
||||
|
||||
CONF = nova.conf.CONF
|
||||
|
||||
ALIAS = 'os-instance-usage-audit-log'
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class InstanceUsageAuditLogController(wsgi.Controller):
|
||||
|
@ -38,14 +38,14 @@ class InstanceUsageAuditLogController(wsgi.Controller):
|
|||
@extensions.expected_errors(())
|
||||
def index(self, req):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(iual_policies.BASE_POLICY_NAME)
|
||||
task_log = self._get_audit_task_logs(context)
|
||||
return {'instance_usage_audit_logs': task_log}
|
||||
|
||||
@extensions.expected_errors(400)
|
||||
def show(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(iual_policies.BASE_POLICY_NAME)
|
||||
try:
|
||||
if '.' in id:
|
||||
before_date = datetime.datetime.strptime(str(id),
|
||||
|
|
|
@ -21,9 +21,9 @@ from nova.api.openstack.compute.views import addresses as views_addresses
|
|||
from nova.api.openstack import extensions
|
||||
from nova.api.openstack import wsgi
|
||||
from nova.i18n import _
|
||||
from nova.policies import ips as ips_policies
|
||||
|
||||
ALIAS = 'ips'
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class IPsController(wsgi.Controller):
|
||||
|
@ -41,7 +41,7 @@ class IPsController(wsgi.Controller):
|
|||
@extensions.expected_errors(404)
|
||||
def index(self, req, server_id):
|
||||
context = req.environ["nova.context"]
|
||||
authorize(context, action='index')
|
||||
context.can(ips_policies.POLICY_ROOT % 'index')
|
||||
instance = common.get_instance(self._compute_api, context, server_id)
|
||||
networks = common.get_networks_for_instance(context, instance)
|
||||
return self._view_builder.index(networks)
|
||||
|
@ -49,7 +49,7 @@ class IPsController(wsgi.Controller):
|
|||
@extensions.expected_errors(404)
|
||||
def show(self, req, server_id, id):
|
||||
context = req.environ["nova.context"]
|
||||
authorize(context, action='show')
|
||||
context.can(ips_policies.POLICY_ROOT % 'show')
|
||||
instance = common.get_instance(self._compute_api, context, server_id)
|
||||
networks = common.get_networks_for_instance(context, instance)
|
||||
if id not in networks:
|
||||
|
|
Loading…
Reference in New Issue