policy: Replaces 'authorize' in nova-api (part 1)
Updates nova.api.openstack.compute modules to use the context's 'can' method instead of the existing 'authorize' function. Co-Authored-By: Andrew Laski <andrew@lascii.com> Change-Id: I834cff54c1bc079b566cb66b4173d4cf109bc686 Partially-Implements: bp policy-in-code
This commit is contained in:
parent
355749b97c
commit
604a0c2e81
@ -27,9 +27,9 @@ from nova.api import validation
|
|||||||
from nova.compute import api as compute_api
|
from nova.compute import api as compute_api
|
||||||
from nova import exception
|
from nova import exception
|
||||||
from nova.i18n import _
|
from nova.i18n import _
|
||||||
|
from nova.policies import aggregates as aggr_policies
|
||||||
|
|
||||||
ALIAS = "os-aggregates"
|
ALIAS = "os-aggregates"
|
||||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
|
||||||
|
|
||||||
|
|
||||||
def _get_context(req):
|
def _get_context(req):
|
||||||
@ -45,7 +45,7 @@ class AggregateController(wsgi.Controller):
|
|||||||
def index(self, req):
|
def index(self, req):
|
||||||
"""Returns a list a host aggregate's id, name, availability_zone."""
|
"""Returns a list a host aggregate's id, name, availability_zone."""
|
||||||
context = _get_context(req)
|
context = _get_context(req)
|
||||||
authorize(context, action='index')
|
context.can(aggr_policies.POLICY_ROOT % 'index')
|
||||||
aggregates = self.api.get_aggregate_list(context)
|
aggregates = self.api.get_aggregate_list(context)
|
||||||
return {'aggregates': [self._marshall_aggregate(a)['aggregate']
|
return {'aggregates': [self._marshall_aggregate(a)['aggregate']
|
||||||
for a in aggregates]}
|
for a in aggregates]}
|
||||||
@ -60,7 +60,7 @@ class AggregateController(wsgi.Controller):
|
|||||||
optional availability zone.
|
optional availability zone.
|
||||||
"""
|
"""
|
||||||
context = _get_context(req)
|
context = _get_context(req)
|
||||||
authorize(context, action='create')
|
context.can(aggr_policies.POLICY_ROOT % 'create')
|
||||||
host_aggregate = body["aggregate"]
|
host_aggregate = body["aggregate"]
|
||||||
name = common.normalize_name(host_aggregate["name"])
|
name = common.normalize_name(host_aggregate["name"])
|
||||||
avail_zone = host_aggregate.get("availability_zone")
|
avail_zone = host_aggregate.get("availability_zone")
|
||||||
@ -87,7 +87,7 @@ class AggregateController(wsgi.Controller):
|
|||||||
def show(self, req, id):
|
def show(self, req, id):
|
||||||
"""Shows the details of an aggregate, hosts and metadata included."""
|
"""Shows the details of an aggregate, hosts and metadata included."""
|
||||||
context = _get_context(req)
|
context = _get_context(req)
|
||||||
authorize(context, action='show')
|
context.can(aggr_policies.POLICY_ROOT % 'show')
|
||||||
try:
|
try:
|
||||||
aggregate = self.api.get_aggregate(context, id)
|
aggregate = self.api.get_aggregate(context, id)
|
||||||
except exception.AggregateNotFound as e:
|
except exception.AggregateNotFound as e:
|
||||||
@ -100,7 +100,7 @@ class AggregateController(wsgi.Controller):
|
|||||||
def update(self, req, id, body):
|
def update(self, req, id, body):
|
||||||
"""Updates the name and/or availability_zone of given aggregate."""
|
"""Updates the name and/or availability_zone of given aggregate."""
|
||||||
context = _get_context(req)
|
context = _get_context(req)
|
||||||
authorize(context, action='update')
|
context.can(aggr_policies.POLICY_ROOT % 'update')
|
||||||
updates = body["aggregate"]
|
updates = body["aggregate"]
|
||||||
if 'name' in updates:
|
if 'name' in updates:
|
||||||
updates['name'] = common.normalize_name(updates['name'])
|
updates['name'] = common.normalize_name(updates['name'])
|
||||||
@ -123,7 +123,7 @@ class AggregateController(wsgi.Controller):
|
|||||||
def delete(self, req, id):
|
def delete(self, req, id):
|
||||||
"""Removes an aggregate by id."""
|
"""Removes an aggregate by id."""
|
||||||
context = _get_context(req)
|
context = _get_context(req)
|
||||||
authorize(context, action='delete')
|
context.can(aggr_policies.POLICY_ROOT % 'delete')
|
||||||
try:
|
try:
|
||||||
self.api.delete_aggregate(context, id)
|
self.api.delete_aggregate(context, id)
|
||||||
except exception.AggregateNotFound as e:
|
except exception.AggregateNotFound as e:
|
||||||
@ -142,7 +142,7 @@ class AggregateController(wsgi.Controller):
|
|||||||
host = body['add_host']['host']
|
host = body['add_host']['host']
|
||||||
|
|
||||||
context = _get_context(req)
|
context = _get_context(req)
|
||||||
authorize(context, action='add_host')
|
context.can(aggr_policies.POLICY_ROOT % 'add_host')
|
||||||
try:
|
try:
|
||||||
aggregate = self.api.add_host_to_aggregate(context, id, host)
|
aggregate = self.api.add_host_to_aggregate(context, id, host)
|
||||||
except (exception.AggregateNotFound,
|
except (exception.AggregateNotFound,
|
||||||
@ -164,7 +164,7 @@ class AggregateController(wsgi.Controller):
|
|||||||
host = body['remove_host']['host']
|
host = body['remove_host']['host']
|
||||||
|
|
||||||
context = _get_context(req)
|
context = _get_context(req)
|
||||||
authorize(context, action='remove_host')
|
context.can(aggr_policies.POLICY_ROOT % 'remove_host')
|
||||||
try:
|
try:
|
||||||
aggregate = self.api.remove_host_from_aggregate(context, id, host)
|
aggregate = self.api.remove_host_from_aggregate(context, id, host)
|
||||||
except (exception.AggregateNotFound, exception.AggregateHostNotFound,
|
except (exception.AggregateNotFound, exception.AggregateHostNotFound,
|
||||||
@ -184,7 +184,7 @@ class AggregateController(wsgi.Controller):
|
|||||||
def _set_metadata(self, req, id, body):
|
def _set_metadata(self, req, id, body):
|
||||||
"""Replaces the aggregate's existing metadata with new metadata."""
|
"""Replaces the aggregate's existing metadata with new metadata."""
|
||||||
context = _get_context(req)
|
context = _get_context(req)
|
||||||
authorize(context, action='set_metadata')
|
context.can(aggr_policies.POLICY_ROOT % 'set_metadata')
|
||||||
|
|
||||||
metadata = body["set_metadata"]["metadata"]
|
metadata = body["set_metadata"]["metadata"]
|
||||||
try:
|
try:
|
||||||
|
Loading…
Reference in New Issue
Block a user