def can(self, req, zone_name): roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')] if "Admin" in roles: return {"read": True, "write": True} if FLAGS.dns_auth_role not in roles: return {"read": True, "write": False} # will raise if no X_TENANT_ID header name = self.tenant2zonename(req.headers['X_TENANT_ID']) can_write = DNSRecord.normname(zone_name) == DNSRecord.normname(name) return {"read": True, "write": can_write}
def can(self, req, zone_name): roles = [r.strip() for r in req.headers.get("X_ROLE", "").split(",")] if "Admin" in roles: return {"read": True, "write": True} if FLAGS.dns_auth_role not in roles: return {"read": True, "write": False} # will raise if no X_TENANT_ID header name = self.tenant2zonename(req.headers["X_TENANT_ID"]) can_write = DNSRecord.normname(zone_name) == DNSRecord.normname(name) return {"read": True, "write": can_write}
def tenant2zonename(self, project_id): return "%s.%s" % (DNSRecord.normname(project_id), FLAGS.dns_zone)