openstack/placement
Code Issues Proposed changes

policy: Replaces 'authorize' in nova-api (part 1)

Browse Source 
Updates nova.api.openstack.compute modules to use the
context's 'can' method instead of the existing
'authorize' function.

Co-Authored-By: Andrew Laski <andrew@lascii.com>

Change-Id: I834cff54c1bc079b566cb66b4173d4cf109bc686
Partially-Implements: bp policy-in-code
This commit is contained in:
Claudiu Belu 2016-06-13 08:29:47 +03:00
parent 355749b97c
commit 604a0c2e81
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nova/api/openstack/compute/aggregates.py
View File

@ -27,9 +27,9 @@ from nova.api import validation
from nova.compute import api as compute_api
from nova import exception
from nova.i18n import _
from nova.policies import aggregates as aggr_policies
ALIAS = "os-aggregates"
authorize = extensions.os_compute_authorizer(ALIAS)
def _get_context(req):
@ -45,7 +45,7 @@ class AggregateController(wsgi.Controller):
def index(self, req):
"""Returns a list a host aggregate's id, name, availability_zone."""
context = _get_context(req)
authorize(context, action='index')
context.can(aggr_policies.POLICY_ROOT % 'index')
aggregates = self.api.get_aggregate_list(context)
return {'aggregates': [self._marshall_aggregate(a)['aggregate']
for a in aggregates]}
@ -60,7 +60,7 @@ class AggregateController(wsgi.Controller):
optional availability zone.
"""
context = _get_context(req)
authorize(context, action='create')
context.can(aggr_policies.POLICY_ROOT % 'create')
host_aggregate = body["aggregate"]
name = common.normalize_name(host_aggregate["name"])
avail_zone = host_aggregate.get("availability_zone")
@ -87,7 +87,7 @@ class AggregateController(wsgi.Controller):
def show(self, req, id):
"""Shows the details of an aggregate, hosts and metadata included."""
context = _get_context(req)
authorize(context, action='show')
context.can(aggr_policies.POLICY_ROOT % 'show')
try:
aggregate = self.api.get_aggregate(context, id)
except exception.AggregateNotFound as e:
@ -100,7 +100,7 @@ class AggregateController(wsgi.Controller):
def update(self, req, id, body):
"""Updates the name and/or availability_zone of given aggregate."""
context = _get_context(req)
authorize(context, action='update')
context.can(aggr_policies.POLICY_ROOT % 'update')
updates = body["aggregate"]
if 'name' in updates:
updates['name'] = common.normalize_name(updates['name'])
@ -123,7 +123,7 @@ class AggregateController(wsgi.Controller):
def delete(self, req, id):
"""Removes an aggregate by id."""
context = _get_context(req)
authorize(context, action='delete')
context.can(aggr_policies.POLICY_ROOT % 'delete')
try:
self.api.delete_aggregate(context, id)
except exception.AggregateNotFound as e:
@ -142,7 +142,7 @@ class AggregateController(wsgi.Controller):
host = body['add_host']['host']
context = _get_context(req)
authorize(context, action='add_host')
context.can(aggr_policies.POLICY_ROOT % 'add_host')
try:
aggregate = self.api.add_host_to_aggregate(context, id, host)
except (exception.AggregateNotFound,
@ -164,7 +164,7 @@ class AggregateController(wsgi.Controller):
host = body['remove_host']['host']
context = _get_context(req)
authorize(context, action='remove_host')
context.can(aggr_policies.POLICY_ROOT % 'remove_host')
try:
aggregate = self.api.remove_host_from_aggregate(context, id, host)
except (exception.AggregateNotFound, exception.AggregateHostNotFound,
@ -184,7 +184,7 @@ class AggregateController(wsgi.Controller):
def _set_metadata(self, req, id, body):
"""Replaces the aggregate's existing metadata with new metadata."""
context = _get_context(req)
authorize(context, action='set_metadata')
context.can(aggr_policies.POLICY_ROOT % 'set_metadata')
metadata = body["set_metadata"]["metadata"]
try: