openstack/nova
Code Issues Proposed changes
Files
c15ffc2ee22c85813f5c36324d3a3097fff45d48
nova/nova/policies/limits.py
Ghanshyam Mann c15ffc2ee2 Combine the limits policies in single place 
limits and used_limits extensions were megred in
- I76e02214e958a55b6de8033243b46b259949e5ac

But policy were left in separate file. limits policy
is in policies/limits which is general policy to get the
limit of project. used_limit is in polocies/used_limit
which is enforced in view builder for gettting the limit
of other project.

This commit:
- move used_limit in policies/limit file
- move the used_limit policy enforcement from view buidler to limit API controller.
- adjust the tests due to above changes.

Partial implement blueprint policy-defaults-refresh

Change-Id: Iefe41cc95cd967b368588dea5ff195bb4af3eca7
2020-04-01 19:58:22 +00:00

57 lines
1.7 KiB
Python
Raw Blame History

# Copyright 2016 Cloudbase Solutions Srl
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
BASE_POLICY_NAME = 'os_compute_api:limits'
USED_LIMIT_POLICY_NAME = 'os_compute_api:os-used-limits'
limits_policies = [
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ANY,
"Show rate and absolute limits for the current user project",
[
{
'method': 'GET',
'path': '/limits'
}
]),
# TODO(aunnam): Remove this rule after we separate the scope check from
# policies, as this is only checking the scope.
policy.DocumentedRuleDefault(
USED_LIMIT_POLICY_NAME,
base.RULE_ADMIN_API,
"""Show rate and absolute limits for the project.
This policy only checks if the user has access to the requested
project limits. And this check is performed only after the check
os_compute_api:limits passes""",
[
{
'method': 'GET',
'path': '/limits'
}
]),
]
def list_rules():
return limits_policies
View Git Blame Copy Permalink