policy: Replaces 'authorize' in nova-api (part 1)

Updates nova.api.openstack.compute modules to use the
context's 'can' method instead of the existing
'authorize' function.

Co-Authored-By: Andrew Laski <andrew@lascii.com>

Change-Id: I834cff54c1bc079b566cb66b4173d4cf109bc686
Partially-Implements: bp policy-in-code
This commit is contained in:
Claudiu Belu 2016-06-13 08:29:47 +03:00
parent 355749b97c
commit 604a0c2e81

View File

@ -27,9 +27,9 @@ from nova.api import validation
from nova.compute import api as compute_api from nova.compute import api as compute_api
from nova import exception from nova import exception
from nova.i18n import _ from nova.i18n import _
from nova.policies import aggregates as aggr_policies
ALIAS = "os-aggregates" ALIAS = "os-aggregates"
authorize = extensions.os_compute_authorizer(ALIAS)
def _get_context(req): def _get_context(req):
@ -45,7 +45,7 @@ class AggregateController(wsgi.Controller):
def index(self, req): def index(self, req):
"""Returns a list a host aggregate's id, name, availability_zone.""" """Returns a list a host aggregate's id, name, availability_zone."""
context = _get_context(req) context = _get_context(req)
authorize(context, action='index') context.can(aggr_policies.POLICY_ROOT % 'index')
aggregates = self.api.get_aggregate_list(context) aggregates = self.api.get_aggregate_list(context)
return {'aggregates': [self._marshall_aggregate(a)['aggregate'] return {'aggregates': [self._marshall_aggregate(a)['aggregate']
for a in aggregates]} for a in aggregates]}
@ -60,7 +60,7 @@ class AggregateController(wsgi.Controller):
optional availability zone. optional availability zone.
""" """
context = _get_context(req) context = _get_context(req)
authorize(context, action='create') context.can(aggr_policies.POLICY_ROOT % 'create')
host_aggregate = body["aggregate"] host_aggregate = body["aggregate"]
name = common.normalize_name(host_aggregate["name"]) name = common.normalize_name(host_aggregate["name"])
avail_zone = host_aggregate.get("availability_zone") avail_zone = host_aggregate.get("availability_zone")
@ -87,7 +87,7 @@ class AggregateController(wsgi.Controller):
def show(self, req, id): def show(self, req, id):
"""Shows the details of an aggregate, hosts and metadata included.""" """Shows the details of an aggregate, hosts and metadata included."""
context = _get_context(req) context = _get_context(req)
authorize(context, action='show') context.can(aggr_policies.POLICY_ROOT % 'show')
try: try:
aggregate = self.api.get_aggregate(context, id) aggregate = self.api.get_aggregate(context, id)
except exception.AggregateNotFound as e: except exception.AggregateNotFound as e:
@ -100,7 +100,7 @@ class AggregateController(wsgi.Controller):
def update(self, req, id, body): def update(self, req, id, body):
"""Updates the name and/or availability_zone of given aggregate.""" """Updates the name and/or availability_zone of given aggregate."""
context = _get_context(req) context = _get_context(req)
authorize(context, action='update') context.can(aggr_policies.POLICY_ROOT % 'update')
updates = body["aggregate"] updates = body["aggregate"]
if 'name' in updates: if 'name' in updates:
updates['name'] = common.normalize_name(updates['name']) updates['name'] = common.normalize_name(updates['name'])
@ -123,7 +123,7 @@ class AggregateController(wsgi.Controller):
def delete(self, req, id): def delete(self, req, id):
"""Removes an aggregate by id.""" """Removes an aggregate by id."""
context = _get_context(req) context = _get_context(req)
authorize(context, action='delete') context.can(aggr_policies.POLICY_ROOT % 'delete')
try: try:
self.api.delete_aggregate(context, id) self.api.delete_aggregate(context, id)
except exception.AggregateNotFound as e: except exception.AggregateNotFound as e:
@ -142,7 +142,7 @@ class AggregateController(wsgi.Controller):
host = body['add_host']['host'] host = body['add_host']['host']
context = _get_context(req) context = _get_context(req)
authorize(context, action='add_host') context.can(aggr_policies.POLICY_ROOT % 'add_host')
try: try:
aggregate = self.api.add_host_to_aggregate(context, id, host) aggregate = self.api.add_host_to_aggregate(context, id, host)
except (exception.AggregateNotFound, except (exception.AggregateNotFound,
@ -164,7 +164,7 @@ class AggregateController(wsgi.Controller):
host = body['remove_host']['host'] host = body['remove_host']['host']
context = _get_context(req) context = _get_context(req)
authorize(context, action='remove_host') context.can(aggr_policies.POLICY_ROOT % 'remove_host')
try: try:
aggregate = self.api.remove_host_from_aggregate(context, id, host) aggregate = self.api.remove_host_from_aggregate(context, id, host)
except (exception.AggregateNotFound, exception.AggregateHostNotFound, except (exception.AggregateNotFound, exception.AggregateHostNotFound,
@ -184,7 +184,7 @@ class AggregateController(wsgi.Controller):
def _set_metadata(self, req, id, body): def _set_metadata(self, req, id, body):
"""Replaces the aggregate's existing metadata with new metadata.""" """Replaces the aggregate's existing metadata with new metadata."""
context = _get_context(req) context = _get_context(req)
authorize(context, action='set_metadata') context.can(aggr_policies.POLICY_ROOT % 'set_metadata')
metadata = body["set_metadata"]["metadata"] metadata = body["set_metadata"]["metadata"]
try: try: