Ejemplo n.º 1
0
    def get_all_permissions(self, user, obj=None):
        """Returns a set of permission strings that the user has.

        This permission available to the user is derived from the user's
        Keystone "roles".

        The permissions are returned as ``"openstack.{{ role.name }}"``.
        """
        if user.is_anonymous() or obj is not None:
            return set()
        # TODO(gabrielhurley): Integrate policy-driven RBAC
        #                      when supported by Keystone.
        role_perms = {utils.get_role_permission(role['name'])
                      for role in user.roles}

        services = []
        for service in user.service_catalog:
            try:
                service_type = service['type']
            except KeyError:
                continue
            service_regions = [utils.get_endpoint_region(endpoint) for endpoint
                               in service.get('endpoints', [])]
            if user.services_region in service_regions:
                services.append(service_type.lower())
        service_perms = {"openstack.services.%s" % service
                         for service in services}
        return role_perms | service_perms
Ejemplo n.º 2
0
 def available_services_regions(self):
     """Returns list of unique region name values in service catalog."""
     regions = []
     if self.service_catalog:
         for service in self.service_catalog:
             service_type = service.get('type')
             if service_type is None or service_type == 'identity':
                 continue
             for endpoint in service.get('endpoints', []):
                 region = utils.get_endpoint_region(endpoint)
                 if region not in regions:
                     regions.append(region)
     return regions