Ejemplo n.º 1
0
 def before_delete(self, resource):
     if resource.port == 0:
         # FIXME(dhellmann): This will apply if the user creates
         # any of their own aliases with a zero port.
         raise exceptions.PolicyNotAuthorized(
             action='modification of system port aliases.'
         )
     return super(PortaliasResource, self).before_delete(resource)
Ejemplo n.º 2
0
 def update(self, context, resource, resource_dict):
     if resource.name == 'Any':
         raise exceptions.PolicyNotAuthorized(
             action='modification of system address groups')
     return super(AddressGroupResource, self).update(
         context,
         resource,
         resource_dict,
     )
Ejemplo n.º 3
0
 def create(self, context, tenant_id, body):
     if body.get('name', '').lower() == 'any':
         raise exceptions.PolicyNotAuthorized(
             action='creation of wildcard address groups')
     return super(AddressGroupResource, self).create(
         context,
         tenant_id,
         body,
     )
Ejemplo n.º 4
0
 def create(self, context, tenant_id, body):
     if body.get('port') == 0:
         # FIXME(dhellmann): This will apply if the user creates
         # any of their own aliases with a zero port.
         raise exceptions.PolicyNotAuthorized(
             action='creation of wildcard port aliases'
         )
     return super(PortaliasResource, self).create(context,
                                                  tenant_id,
                                                  body
                                                  )
Ejemplo n.º 5
0
 def update(self, context, resource, resource_dict):
     if resource.port == 0:
         # FIXME(dhellmann): This will apply if the user creates
         # any of their own aliases with a zero port.
         raise exceptions.PolicyNotAuthorized(
             action='deletion of system port aliases.'
         )
     return super(PortaliasResource, self).update(context,
                                                  resource,
                                                  resource_dict,
                                                  )
Ejemplo n.º 6
0
def enforce(context, action, target, plugin=None):
    """Verifies that the action is valid on the target in this context.

    :param context: neutron context
    :param action: string representing the action to be checked
        this should be colon separated for clarity.
    :param target: dictionary representing the object of the action
        for object creation this should be a dictionary representing the
        location of the object e.g. ``{'project_id': context.project_id}``
    :param plugin: currently unused and deprecated.
        Kept for backward compatibility.

    :raises neutron.exceptions.PolicyNotAuthorized: if verification fails.
    """

    rule, target, credentials = _prepare_check(context, action, target)
    result = policy.check(rule, target, credentials, action=action)
    if not result:
        LOG.debug(_("Failed policy check for '%s'"), action)
        raise exceptions.PolicyNotAuthorized(action=action)
    return result
Ejemplo n.º 7
0
 def before_delete(self, resource):
     if resource.name == 'Any':
         raise exceptions.PolicyNotAuthorized(
             action='modification of system address groups')
     return super(AddressGroupResource, self).before_delete(resource)