Merge "policy: Replaces 'authorize' in nova-api (part 4)"
This commit is contained in:
commit
ceaacaa24f
@ -27,11 +27,10 @@ from nova.compute import api as compute_api
|
||||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova.objects import keypair as keypair_obj
|
||||
from nova.policies import keypairs as kp_policies
|
||||
|
||||
|
||||
ALIAS = 'os-keypairs'
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
soft_authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
class KeypairController(wsgi.Controller):
|
||||
@ -116,9 +115,9 @@ class KeypairController(wsgi.Controller):
|
||||
name = common.normalize_name(params['name'])
|
||||
key_type = params.get('type', keypair_obj.KEYPAIR_TYPE_SSH)
|
||||
user_id = user_id or context.user_id
|
||||
authorize(context, action='create',
|
||||
target={'user_id': user_id,
|
||||
'project_id': context.project_id})
|
||||
context.can(kp_policies.POLICY_ROOT % 'create',
|
||||
target={'user_id': user_id,
|
||||
'project_id': context.project_id})
|
||||
|
||||
try:
|
||||
if 'public_key' in params:
|
||||
@ -169,9 +168,9 @@ class KeypairController(wsgi.Controller):
|
||||
context = req.environ['nova.context']
|
||||
# handle optional user-id for admin only
|
||||
user_id = user_id or context.user_id
|
||||
authorize(context, action='delete',
|
||||
target={'user_id': user_id,
|
||||
'project_id': context.project_id})
|
||||
context.can(kp_policies.POLICY_ROOT % 'delete',
|
||||
target={'user_id': user_id,
|
||||
'project_id': context.project_id})
|
||||
try:
|
||||
self.api.delete_key_pair(context, user_id, id)
|
||||
except exception.KeypairNotFound as exc:
|
||||
@ -203,9 +202,9 @@ class KeypairController(wsgi.Controller):
|
||||
"""Return data for the given key name."""
|
||||
context = req.environ['nova.context']
|
||||
user_id = user_id or context.user_id
|
||||
authorize(context, action='show',
|
||||
target={'user_id': user_id,
|
||||
'project_id': context.project_id})
|
||||
context.can(kp_policies.POLICY_ROOT % 'show',
|
||||
target={'user_id': user_id,
|
||||
'project_id': context.project_id})
|
||||
|
||||
try:
|
||||
# The return object needs to be a dict in order to pop the 'type'
|
||||
@ -243,9 +242,9 @@ class KeypairController(wsgi.Controller):
|
||||
"""List of keypairs for a user."""
|
||||
context = req.environ['nova.context']
|
||||
user_id = user_id or context.user_id
|
||||
authorize(context, action='index',
|
||||
target={'user_id': user_id,
|
||||
'project_id': context.project_id})
|
||||
context.can(kp_policies.POLICY_ROOT % 'index',
|
||||
target={'user_id': user_id,
|
||||
'project_id': context.project_id})
|
||||
key_pairs = self.api.get_key_pairs(context, user_id)
|
||||
rval = []
|
||||
for key_pair in key_pairs:
|
||||
@ -272,13 +271,14 @@ class Controller(wsgi.Controller):
|
||||
@wsgi.extends
|
||||
def show(self, req, resp_obj, id):
|
||||
context = req.environ['nova.context']
|
||||
if soft_authorize(context):
|
||||
if context.can(kp_policies.BASE_POLICY_NAME, fatal=False):
|
||||
self._show(req, resp_obj)
|
||||
|
||||
@wsgi.extends
|
||||
def detail(self, req, resp_obj):
|
||||
context = req.environ['nova.context']
|
||||
if 'servers' in resp_obj.obj and soft_authorize(context):
|
||||
if 'servers' in resp_obj.obj and context.can(
|
||||
kp_policies.BASE_POLICY_NAME, fatal=False):
|
||||
servers = resp_obj.obj['servers']
|
||||
self._add_key_name(req, servers)
|
||||
|
||||
|
@ -16,12 +16,12 @@
|
||||
from nova.api.openstack.compute.views import limits as limits_views
|
||||
from nova.api.openstack import extensions
|
||||
from nova.api.openstack import wsgi
|
||||
from nova.policies import limits as limits_policies
|
||||
from nova import quota
|
||||
|
||||
|
||||
QUOTAS = quota.QUOTAS
|
||||
ALIAS = 'limits'
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class LimitsController(wsgi.Controller):
|
||||
@ -31,7 +31,7 @@ class LimitsController(wsgi.Controller):
|
||||
def index(self, req):
|
||||
"""Return all global limit information."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(limits_policies.BASE_POLICY_NAME)
|
||||
project_id = req.params.get('tenant_id', context.project_id)
|
||||
quotas = QUOTAS.get_project_quotas(context, project_id,
|
||||
usages=False)
|
||||
|
@ -17,11 +17,10 @@ from nova.api.openstack import common
|
||||
from nova.api.openstack import extensions
|
||||
from nova.api.openstack import wsgi
|
||||
from nova import compute
|
||||
from nova.policies import lock_server as ls_policies
|
||||
|
||||
ALIAS = "os-lock-server"
|
||||
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class LockServerController(wsgi.Controller):
|
||||
def __init__(self, *args, **kwargs):
|
||||
@ -34,7 +33,7 @@ class LockServerController(wsgi.Controller):
|
||||
def _lock(self, req, id, body):
|
||||
"""Lock a server instance."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='lock')
|
||||
context.can(ls_policies.POLICY_ROOT % 'lock')
|
||||
instance = common.get_instance(self.compute_api, context, id)
|
||||
self.compute_api.lock(context, instance)
|
||||
|
||||
@ -44,11 +43,11 @@ class LockServerController(wsgi.Controller):
|
||||
def _unlock(self, req, id, body):
|
||||
"""Unlock a server instance."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='unlock')
|
||||
context.can(ls_policies.POLICY_ROOT % 'unlock')
|
||||
instance = common.get_instance(self.compute_api, context, id)
|
||||
if not self.compute_api.is_expected_locked_by(context, instance):
|
||||
authorize(context, target=instance,
|
||||
action='unlock:unlock_override')
|
||||
context.can(ls_policies.POLICY_ROOT % 'unlock:unlock_override',
|
||||
instance)
|
||||
|
||||
self.compute_api.unlock(context, instance)
|
||||
|
||||
|
@ -25,13 +25,11 @@ from nova.api import validation
|
||||
from nova import compute
|
||||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova.policies import migrate_server as ms_policies
|
||||
|
||||
ALIAS = "os-migrate-server"
|
||||
|
||||
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class MigrateServerController(wsgi.Controller):
|
||||
def __init__(self, *args, **kwargs):
|
||||
super(MigrateServerController, self).__init__(*args, **kwargs)
|
||||
@ -43,7 +41,7 @@ class MigrateServerController(wsgi.Controller):
|
||||
def _migrate(self, req, id, body):
|
||||
"""Permit admins to migrate a server to a new host."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='migrate')
|
||||
context.can(ms_policies.POLICY_ROOT % 'migrate')
|
||||
|
||||
instance = common.get_instance(self.compute_api, context, id)
|
||||
try:
|
||||
@ -69,7 +67,7 @@ class MigrateServerController(wsgi.Controller):
|
||||
def _migrate_live(self, req, id, body):
|
||||
"""Permit admins to (live) migrate a server to a new host."""
|
||||
context = req.environ["nova.context"]
|
||||
authorize(context, action='migrate_live')
|
||||
context.can(ms_policies.POLICY_ROOT % 'migrate_live')
|
||||
|
||||
host = body["os-migrateLive"]["host"]
|
||||
block_migration = body["os-migrateLive"]["block_migration"]
|
||||
|
@ -16,15 +16,12 @@ from nova.api.openstack import extensions
|
||||
from nova.api.openstack import wsgi
|
||||
from nova import compute
|
||||
from nova.objects import base as obj_base
|
||||
from nova.policies import migrations as migrations_policies
|
||||
|
||||
|
||||
ALIAS = "os-migrations"
|
||||
|
||||
|
||||
def authorize(context, action_name):
|
||||
extensions.os_compute_authorizer(ALIAS)(context, action=action_name)
|
||||
|
||||
|
||||
class MigrationsController(wsgi.Controller):
|
||||
"""Controller for accessing migrations in OpenStack API."""
|
||||
|
||||
@ -76,7 +73,7 @@ class MigrationsController(wsgi.Controller):
|
||||
def index(self, req):
|
||||
"""Return all migrations in progress."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, "index")
|
||||
context.can(migrations_policies.POLICY_ROOT % 'index')
|
||||
migrations = self.compute_api.get_migrations(context, req.GET)
|
||||
|
||||
if api_version_request.is_supported(req, min_version='2.23'):
|
||||
|
@ -24,10 +24,10 @@ from nova.api.openstack import wsgi
|
||||
from nova.api import validation
|
||||
from nova import compute
|
||||
from nova import exception
|
||||
from nova.policies import multinic as multinic_policies
|
||||
|
||||
|
||||
ALIAS = "os-multinic"
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class MultinicController(wsgi.Controller):
|
||||
@ -42,7 +42,7 @@ class MultinicController(wsgi.Controller):
|
||||
def _add_fixed_ip(self, req, id, body):
|
||||
"""Adds an IP on a given network to an instance."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(multinic_policies.BASE_POLICY_NAME)
|
||||
|
||||
instance = common.get_instance(self.compute_api, context, id)
|
||||
network_id = body['addFixedIp']['networkId']
|
||||
@ -60,7 +60,7 @@ class MultinicController(wsgi.Controller):
|
||||
def _remove_fixed_ip(self, req, id, body):
|
||||
"""Removes an IP from an instance."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(multinic_policies.BASE_POLICY_NAME)
|
||||
|
||||
instance = common.get_instance(self.compute_api, context, id)
|
||||
address = body['removeFixedIp']['address']
|
||||
|
@ -27,9 +27,9 @@ from nova.i18n import _
|
||||
from nova import network
|
||||
from nova.objects import base as base_obj
|
||||
from nova.objects import fields as obj_fields
|
||||
from nova.policies import networks as net_policies
|
||||
|
||||
ALIAS = 'os-networks'
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
def network_dict(context, network):
|
||||
@ -85,7 +85,7 @@ class NetworkController(wsgi.Controller):
|
||||
@extensions.expected_errors(())
|
||||
def index(self, req):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='view')
|
||||
context.can(net_policies.POLICY_ROOT % 'view')
|
||||
networks = self.network_api.get_all(context)
|
||||
result = [network_dict(context, net_ref) for net_ref in networks]
|
||||
return {'networks': result}
|
||||
@ -95,7 +95,7 @@ class NetworkController(wsgi.Controller):
|
||||
@wsgi.action("disassociate")
|
||||
def _disassociate_host_and_project(self, req, id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(net_policies.BASE_POLICY_NAME)
|
||||
|
||||
try:
|
||||
self.network_api.associate(context, id, host=None, project=None)
|
||||
@ -108,7 +108,7 @@ class NetworkController(wsgi.Controller):
|
||||
@extensions.expected_errors(404)
|
||||
def show(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='view')
|
||||
context.can(net_policies.POLICY_ROOT % 'view')
|
||||
|
||||
try:
|
||||
network = self.network_api.get(context, id)
|
||||
@ -121,7 +121,7 @@ class NetworkController(wsgi.Controller):
|
||||
@extensions.expected_errors((404, 409))
|
||||
def delete(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(net_policies.BASE_POLICY_NAME)
|
||||
|
||||
try:
|
||||
self.network_api.delete(context, id)
|
||||
@ -135,7 +135,7 @@ class NetworkController(wsgi.Controller):
|
||||
@validation.schema(schema.create)
|
||||
def create(self, req, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(net_policies.BASE_POLICY_NAME)
|
||||
|
||||
params = body["network"]
|
||||
|
||||
@ -160,7 +160,7 @@ class NetworkController(wsgi.Controller):
|
||||
@validation.schema(schema.add_network_to_project)
|
||||
def add(self, req, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(net_policies.BASE_POLICY_NAME)
|
||||
|
||||
network_id = body['id']
|
||||
project_id = context.project_id
|
||||
|
@ -20,11 +20,10 @@ from nova.api import validation
|
||||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova import network
|
||||
from nova.policies import networks_associate as na_policies
|
||||
|
||||
ALIAS = "os-networks-associate"
|
||||
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class NetworkAssociateActionController(wsgi.Controller):
|
||||
"""Network Association API Controller."""
|
||||
@ -37,7 +36,7 @@ class NetworkAssociateActionController(wsgi.Controller):
|
||||
@extensions.expected_errors((404, 501))
|
||||
def _disassociate_host_only(self, req, id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(na_policies.BASE_POLICY_NAME)
|
||||
try:
|
||||
self.network_api.associate(context, id, host=None)
|
||||
except exception.NetworkNotFound:
|
||||
@ -51,7 +50,7 @@ class NetworkAssociateActionController(wsgi.Controller):
|
||||
@extensions.expected_errors((404, 501))
|
||||
def _disassociate_project_only(self, req, id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(na_policies.BASE_POLICY_NAME)
|
||||
try:
|
||||
self.network_api.associate(context, id, project=None)
|
||||
except exception.NetworkNotFound:
|
||||
@ -66,7 +65,7 @@ class NetworkAssociateActionController(wsgi.Controller):
|
||||
@validation.schema(networks_associate.associate_host)
|
||||
def _associate_host(self, req, id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(na_policies.BASE_POLICY_NAME)
|
||||
|
||||
try:
|
||||
self.network_api.associate(context, id,
|
||||
|
@ -20,11 +20,10 @@ from nova.api.openstack import extensions
|
||||
from nova.api.openstack import wsgi
|
||||
from nova import compute
|
||||
from nova import exception
|
||||
from nova.policies import pause_server as ps_policies
|
||||
|
||||
ALIAS = "os-pause-server"
|
||||
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class PauseServerController(wsgi.Controller):
|
||||
def __init__(self, *args, **kwargs):
|
||||
@ -37,7 +36,7 @@ class PauseServerController(wsgi.Controller):
|
||||
def _pause(self, req, id, body):
|
||||
"""Permit Admins to pause the server."""
|
||||
ctxt = req.environ['nova.context']
|
||||
authorize(ctxt, action='pause')
|
||||
ctxt.can(ps_policies.POLICY_ROOT % 'pause')
|
||||
server = common.get_instance(self.compute_api, ctxt, id)
|
||||
try:
|
||||
self.compute_api.pause(ctxt, server)
|
||||
@ -58,7 +57,7 @@ class PauseServerController(wsgi.Controller):
|
||||
def _unpause(self, req, id, body):
|
||||
"""Permit Admins to unpause the server."""
|
||||
ctxt = req.environ['nova.context']
|
||||
authorize(ctxt, action='unpause')
|
||||
ctxt.can(ps_policies.POLICY_ROOT % 'unpause')
|
||||
server = common.get_instance(self.compute_api, ctxt, id)
|
||||
try:
|
||||
self.compute_api.unpause(ctxt, server)
|
||||
|
@ -20,11 +20,10 @@ from nova.api.openstack import wsgi
|
||||
from nova import compute
|
||||
from nova import exception
|
||||
from nova import objects
|
||||
from nova.policies import pci as pci_policies
|
||||
|
||||
|
||||
ALIAS = 'os-pci'
|
||||
soft_authorize = extensions.os_compute_soft_authorizer(ALIAS + ':pci_servers')
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
PCI_ADMIN_KEYS = ['id', 'address', 'vendor_id', 'product_id', 'status',
|
||||
'compute_node_id']
|
||||
@ -42,7 +41,7 @@ class PciServerController(wsgi.Controller):
|
||||
@wsgi.extends
|
||||
def show(self, req, resp_obj, id):
|
||||
context = req.environ['nova.context']
|
||||
if soft_authorize(context):
|
||||
if context.can(pci_policies.POLICY_ROOT % 'pci_servers', fatal=False):
|
||||
server = resp_obj.obj['server']
|
||||
instance = req.get_db_instance(server['id'])
|
||||
self._extend_server(server, instance)
|
||||
@ -50,7 +49,7 @@ class PciServerController(wsgi.Controller):
|
||||
@wsgi.extends
|
||||
def detail(self, req, resp_obj):
|
||||
context = req.environ['nova.context']
|
||||
if soft_authorize(context):
|
||||
if context.can(pci_policies.POLICY_ROOT % 'pci_servers', fatal=False):
|
||||
servers = list(resp_obj.obj['servers'])
|
||||
for server in servers:
|
||||
instance = req.get_db_instance(server['id'])
|
||||
@ -99,7 +98,7 @@ class PciController(wsgi.Controller):
|
||||
|
||||
def _get_all_nodes_pci_devices(self, req, detail, action):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action=action)
|
||||
context.can(pci_policies.POLICY_ROOT % action)
|
||||
compute_nodes = self.host_api.compute_node_get_all(context)
|
||||
results = []
|
||||
for node in compute_nodes:
|
||||
@ -117,7 +116,7 @@ class PciController(wsgi.Controller):
|
||||
@extensions.expected_errors(404)
|
||||
def show(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='show')
|
||||
context.can(pci_policies.POLICY_ROOT % 'show')
|
||||
try:
|
||||
pci_dev = objects.PciDevice.get_by_dev_id(context, id)
|
||||
except exception.PciDeviceNotFoundById as e:
|
||||
|
@ -22,6 +22,7 @@ from nova.api.openstack import wsgi
|
||||
from nova.api import validation
|
||||
from nova import db
|
||||
from nova import exception
|
||||
from nova.policies import quota_class_sets as qcs_policies
|
||||
from nova import quota
|
||||
from nova import utils
|
||||
|
||||
@ -34,9 +35,6 @@ EXTENDED_QUOTAS = {'server_groups': 'os-server-group-quotas',
|
||||
'server_group_members': 'os-server-group-quotas'}
|
||||
|
||||
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class QuotaClassSetsController(wsgi.Controller):
|
||||
|
||||
supported_quotas = []
|
||||
@ -65,7 +63,7 @@ class QuotaClassSetsController(wsgi.Controller):
|
||||
@extensions.expected_errors(())
|
||||
def show(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='show', target={'quota_class': id})
|
||||
context.can(qcs_policies.POLICY_ROOT % 'show', {'quota_class': id})
|
||||
values = QUOTAS.get_class_quotas(context, id)
|
||||
return self._format_quota_set(id, values)
|
||||
|
||||
@ -73,7 +71,7 @@ class QuotaClassSetsController(wsgi.Controller):
|
||||
@validation.schema(quota_classes.update)
|
||||
def update(self, req, id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='update', target={'quota_class': id})
|
||||
context.can(qcs_policies.POLICY_ROOT % 'update', {'quota_class': id})
|
||||
try:
|
||||
utils.check_string_length(id, 'quota_class_name',
|
||||
min_length=1, max_length=255)
|
||||
|
@ -25,12 +25,12 @@ from nova.api import validation
|
||||
from nova import exception
|
||||
from nova.i18n import _
|
||||
from nova import objects
|
||||
from nova.policies import quota_sets as qs_policies
|
||||
from nova import quota
|
||||
|
||||
|
||||
ALIAS = "os-quota-sets"
|
||||
QUOTAS = quota.QUOTAS
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class QuotaSetsController(wsgi.Controller):
|
||||
@ -85,7 +85,7 @@ class QuotaSetsController(wsgi.Controller):
|
||||
@extensions.expected_errors(())
|
||||
def show(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='show', target={'project_id': id})
|
||||
context.can(qs_policies.POLICY_ROOT % 'show', {'project_id': id})
|
||||
params = urlparse.parse_qs(req.environ.get('QUERY_STRING', ''))
|
||||
user_id = params.get('user_id', [None])[0]
|
||||
return self._format_quota_set(id,
|
||||
@ -94,7 +94,7 @@ class QuotaSetsController(wsgi.Controller):
|
||||
@extensions.expected_errors(())
|
||||
def detail(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='detail', target={'project_id': id})
|
||||
context.can(qs_policies.POLICY_ROOT % 'detail', {'project_id': id})
|
||||
user_id = req.GET.get('user_id', None)
|
||||
return self._format_quota_set(id, self._get_quotas(context, id,
|
||||
user_id=user_id,
|
||||
@ -104,7 +104,7 @@ class QuotaSetsController(wsgi.Controller):
|
||||
@validation.schema(quota_sets.update)
|
||||
def update(self, req, id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='update', target={'project_id': id})
|
||||
context.can(qs_policies.POLICY_ROOT % 'update', {'project_id': id})
|
||||
project_id = id
|
||||
params = urlparse.parse_qs(req.environ.get('QUERY_STRING', ''))
|
||||
user_id = params.get('user_id', [None])[0]
|
||||
@ -150,7 +150,7 @@ class QuotaSetsController(wsgi.Controller):
|
||||
@extensions.expected_errors(())
|
||||
def defaults(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='defaults', target={'project_id': id})
|
||||
context.can(qs_policies.POLICY_ROOT % 'defaults', {'project_id': id})
|
||||
values = QUOTAS.get_defaults(context)
|
||||
return self._format_quota_set(id, values)
|
||||
|
||||
@ -161,7 +161,7 @@ class QuotaSetsController(wsgi.Controller):
|
||||
@wsgi.response(202)
|
||||
def delete(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context, action='delete', target={'project_id': id})
|
||||
context.can(qs_policies.POLICY_ROOT % 'delete', {'project_id': id})
|
||||
params = urlparse.parse_qs(req.environ.get('QUERY_STRING', ''))
|
||||
user_id = params.get('user_id', [None])[0]
|
||||
if user_id:
|
||||
|
@ -21,10 +21,10 @@ from nova.api.openstack import wsgi
|
||||
from nova.api import validation
|
||||
from nova import compute
|
||||
from nova import exception
|
||||
from nova.policies import remote_consoles as rc_policies
|
||||
|
||||
|
||||
ALIAS = "os-remote-consoles"
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class RemoteConsolesController(wsgi.Controller):
|
||||
@ -44,7 +44,7 @@ class RemoteConsolesController(wsgi.Controller):
|
||||
def get_vnc_console(self, req, id, body):
|
||||
"""Get text console output."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(rc_policies.BASE_POLICY_NAME)
|
||||
|
||||
# If type is not supplied or unknown, get_vnc_console below will cope
|
||||
console_type = body['os-getVNCConsole'].get('type')
|
||||
@ -73,7 +73,7 @@ class RemoteConsolesController(wsgi.Controller):
|
||||
def get_spice_console(self, req, id, body):
|
||||
"""Get text console output."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(rc_policies.BASE_POLICY_NAME)
|
||||
|
||||
# If type is not supplied or unknown, get_spice_console below will cope
|
||||
console_type = body['os-getSPICEConsole'].get('type')
|
||||
@ -102,7 +102,7 @@ class RemoteConsolesController(wsgi.Controller):
|
||||
def get_rdp_console(self, req, id, body):
|
||||
"""Get text console output."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(rc_policies.BASE_POLICY_NAME)
|
||||
|
||||
# If type is not supplied or unknown, get_rdp_console below will cope
|
||||
console_type = body['os-getRDPConsole'].get('type')
|
||||
@ -133,7 +133,7 @@ class RemoteConsolesController(wsgi.Controller):
|
||||
def get_serial_console(self, req, id, body):
|
||||
"""Get connection to a serial console."""
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(rc_policies.BASE_POLICY_NAME)
|
||||
|
||||
# If type is not supplied or unknown get_serial_console below will cope
|
||||
console_type = body['os-getSerialConsole'].get('type')
|
||||
@ -163,7 +163,7 @@ class RemoteConsolesController(wsgi.Controller):
|
||||
@validation.schema(remote_consoles.create_v28, "2.8")
|
||||
def create(self, req, server_id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
context.can(rc_policies.BASE_POLICY_NAME)
|
||||
instance = common.get_instance(self.compute_api, context, server_id)
|
||||
protocol = body['remote_console']['protocol']
|
||||
console_type = body['remote_console']['type']
|
||||
|
@ -24,14 +24,13 @@ from nova.api import validation
|
||||
from nova import compute
|
||||
import nova.conf
|
||||
from nova import exception
|
||||
from nova.policies import rescue as rescue_policies
|
||||
from nova import utils
|
||||
|
||||
|
||||
ALIAS = "os-rescue"
|
||||
CONF = nova.conf.CONF
|
||||
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class RescueController(wsgi.Controller):
|
||||
def __init__(self, *args, **kwargs):
|
||||
@ -47,7 +46,7 @@ class RescueController(wsgi.Controller):
|
||||
def _rescue(self, req, id, body):
|
||||
"""Rescue an instance."""
|
||||
context = req.environ["nova.context"]
|
||||
authorize(context)
|
||||
context.can(rescue_policies.BASE_POLICY_NAME)
|
||||
|
||||
if body['rescue'] and 'adminPass' in body['rescue']:
|
||||
password = body['rescue']['adminPass']
|
||||
@ -88,7 +87,7 @@ class RescueController(wsgi.Controller):
|
||||
def _unrescue(self, req, id, body):
|
||||
"""Unrescue an instance."""
|
||||
context = req.environ["nova.context"]
|
||||
authorize(context)
|
||||
context.can(rescue_policies.BASE_POLICY_NAME)
|
||||
instance = common.get_instance(self.compute_api, context, id)
|
||||
try:
|
||||
self.compute_api.unrescue(context, instance)
|
||||
|
Loading…
Reference in New Issue
Block a user