def get_offer_authorized(uuid_or_name, cdict, status_filter=None):
if uuidutils.is_uuid_like(uuid_or_name):
o = offer.Offer.get(uuid_or_name)
offer_objs = []
if not status_filter or o.status == status_filter:
try:
if o.project_id != cdict['project_id']:
policy.authorize('esi_leap:offer:offer_admin', cdict,
cdict)
offer_objs.append(o)
except oslo_policy.PolicyNotAuthorized:
pass
else:
try:
policy.authorize('esi_leap:offer:offer_admin', cdict, cdict)
offer_objs = offer.Offer.get_all({
'name': uuid_or_name,
'status': status_filter
})
except oslo_policy.PolicyNotAuthorized:
offer_objs = offer.Offer.get_all({
'name': uuid_or_name,
'project_id': cdict['project_id'],
'status': status_filter
})
if len(offer_objs) == 0:
raise exception.OfferNotFound(offer_uuid=uuid_or_name)
elif len(offer_objs) > 1:
raise exception.OfferDuplicateName(name=uuid_or_name)
return offer_objs[0]
def get_one(self, contract_uuid):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:contract:get', cdict, cdict)
c = contract.Contract.get(request, contract_uuid)
return Contract(**c.to_dict())
def delete(self, contract_uuid):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:contract:delete', cdict, cdict)
c = contract.Contract.get(request, contract_uuid)
c.destroy(pecan.request.context)
def get_one(self, offer_uuid):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:offer:get', cdict, cdict)
o = offer.Offer.get(request, offer_uuid)
return Offer(**o.to_dict())
def post(self, new_offer):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:offer:create', cdict, cdict)
offer_dict = new_offer.to_dict()
offer_dict['project_id'] = request.project_id
OffersController._verify_resource_permission(cdict, offer_dict)
offer_dict['uuid'] = uuidutils.generate_uuid()
if 'start_time' not in offer_dict:
offer_dict['start_time'] = datetime.datetime.now()
if 'end_time' not in offer_dict:
offer_dict['end_time'] = datetime.datetime.max
if offer_dict['start_time'] >= offer_dict['end_time']:
raise exception.\
InvalidTimeRange(resource="an offer",
start_time=str(offer_dict['start_time']),
end_time=str(offer_dict['end_time']))
o = offer.Offer(**offer_dict)
o.create(request)
o = OffersController._add_offer_availabilities(o)
return Offer(**o)
def delete(self, offer_uuid):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:offer:delete', cdict, cdict)
o = offer.Offer.get(request, offer_uuid)
o.destroy(pecan.request.context)
def delete(self, offer_id):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:offer:delete', cdict, cdict)
o_id = offer.Offer.get(offer_id)
permission = []
for o in o_id:
try:
if o.project_id != request.project_id:
policy.authorize('esi_leap:offer:offer_admin', cdict,
cdict)
permission.append(o)
except oslo_policy.PolicyNotAuthorized:
continue
if len(permission) > 1:
raise exception.ContractDuplicateName(name=offer_id)
if len(permission) == 0:
raise exception.OfferNotFound(offer_id=offer_id)
OffersController._verify_resource_permission(cdict, o_id[0].to_dict())
o_id[0].cancel()
def _verify_resource_permission(cdict, offer_dict):
resource_type = offer_dict.get('resource_type')
resource_uuid = offer_dict.get('resource_uuid')
resource = ro_factory.ResourceObjectFactory.get_resource_object(
resource_type, resource_uuid)
if not resource.is_resource_admin(offer_dict['project_id']):
policy.authorize('esi_leap:offer:offer_admin', cdict, cdict)
def post(self, new_contract):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:contract:create', cdict, cdict)
contract_dict = new_contract.to_dict()
contract_dict['project_id'] = request.project_id
contract_dict['uuid'] = uuidutils.generate_uuid()
if new_contract.offer_uuid_or_name is None:
raise exception.ContractNoOfferUUID()
related_offer = utils.get_offer(new_contract.offer_uuid_or_name,
statuses.AVAILABLE)
contract_dict['offer_uuid'] = related_offer.uuid
if 'start_time' not in contract_dict:
contract_dict['start_time'] = datetime.datetime.now()
if 'end_time' not in contract_dict:
q = related_offer.get_first_availability(
contract_dict['start_time'])
if q is None:
contract_dict['end_time'] = related_offer.end_time
else:
contract_dict['end_time'] = q.start_time
c = contract.Contract(**contract_dict)
c.create(request)
return Contract(**c.to_dict())
def get_one(self, offer_id):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:offer:get', cdict, cdict)
o_object = utils.get_offer(offer_id)
o = OffersController._add_offer_availabilities(o_object)
return Offer(**o)
def post(self, new_offer):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:offer:create', cdict, cdict)
o = offer.Offer(**new_offer.to_dict())
o.create(request)
return Offer(**o.to_dict())
def post(self, new_contract):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:contract:create', cdict, cdict)
c = contract.Contract(**new_contract.to_dict())
c.create(request)
return Contract(**c.to_dict())
def get_one(self, contract_id):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:contract:get', cdict, cdict)
permitted = utils.get_contract_authorized(contract_id, cdict)
return Contract(**permitted.to_dict())
def delete(self, contract_id):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:contract:delete', cdict, cdict)
permitted = ContractsController._contract_get_authorized_contract(
contract_id, cdict)
permitted.cancel()
def get_all(self):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:offer:get', cdict, cdict)
offer_collection = OfferCollection()
offers = offer.Offer.get_all(request)
offer_collection.offers = [Offer(**o.to_dict()) for o in offers]
return offer_collection
def contract_authorize_management(c, cdict):
if c.project_id != cdict['project_id']:
try:
policy.authorize('esi_leap:contract:contract_admin', cdict, cdict)
except oslo_policy.PolicyNotAuthorized:
o = offer.Offer.get(c.offer_uuid)
if o.project_id != cdict['project_id']:
policy.authorize('esi_leap:offer:offer_admin', cdict, cdict)
def delete(self, contract_id):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:contract:delete', cdict, cdict)
permitted = utils.get_contract_authorized(
contract_id, cdict, [statuses.CREATED, statuses.ACTIVE])
permitted.cancel()
def delete(self, offer_id):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:offer:delete', cdict, cdict)
o_object = utils.get_offer_authorized(offer_id, cdict,
statuses.AVAILABLE)
o_object.cancel()
def get_all(self):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:contract:get', cdict, cdict)
contract_collection = ContractCollection()
contracts = contract.Contract.get_all(request)
contract_collection.contracts = [
Contract(**c.to_dict()) for c in contracts
]
return contract_collection
def _contract_get_all_authorize_filters(cdict,
start_time=None, end_time=None,
status=None, offer_uuid=None,
project_id=None, view=None,
owner=None):
if status is None:
status = [statuses.CREATED, statuses.ACTIVE]
elif status == 'any':
status = None
possible_filters = {
'status': status,
'offer_uuid': offer_uuid,
'start_time': start_time,
'end_time': end_time,
}
if view == 'all':
policy.authorize('esi_leap:contract:contract_admin', cdict, cdict)
possible_filters['owner'] = owner
possible_filters['project_id'] = project_id
else:
policy.authorize('esi_leap:contract:get', cdict, cdict)
if owner:
if cdict['project_id'] != owner:
policy.authorize('esi_leap:contract:contract_admin',
cdict, cdict)
possible_filters['owner'] = owner
possible_filters['project_id'] = project_id
else:
if project_id is None:
project_id = cdict['project_id']
elif project_id != cdict['project_id']:
policy.authorize('esi_leap:contract:contract_admin',
cdict, cdict)
possible_filters['project_id'] = project_id
if (start_time and end_time is None) or \
(end_time and start_time is None):
raise exception.InvalidTimeAPICommand(resource="a contract",
start_time=str(start_time),
end_time=str(end_time))
if start_time and end_time and\
end_time <= start_time:
raise exception.InvalidTimeAPICommand(resource='a contract',
start_time=str(start_time),
end_time=str(end_time))
filters = {}
for k, v in possible_filters.items():
if v is not None:
filters[k] = v
return filters
def post(self, new_offer):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:offer:create', cdict, cdict)
offer_dict = new_offer.to_dict()
offer_dict['project_id'] = request.project_id
OffersController._verify_resource_permission(cdict, offer_dict)
o = offer.Offer(**offer_dict)
o.create(request)
o = OffersController._add_offer_availabilities(o)
return Offer(**o)
def get_one(self, offer_id):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:offer:get', cdict, cdict)
o_id = offer.Offer.get(offer_id)
if len(o_id) > 1:
raise exception.OfferDuplicateName(name=offer_id)
elif len(o_id) == 0:
raise exception.OfferNotFound(offer_uuid=offer_id)
o = OffersController._add_offer_availabilities(o_id[0])
return Offer(**o)
def post(self, new_contract):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:contract:create', cdict, cdict)
contract_dict = new_contract.to_dict()
contract_dict['project_id'] = request.project_id
contract_dict['uuid'] = uuidutils.generate_uuid()
if new_contract.offer_uuid_or_name is None:
raise exception.ContractNoOfferUUID()
o_objects = offer.Offer.get(new_contract.offer_uuid_or_name)
if len(o_objects) > 1:
raise exception.OfferDuplicateName(
name=new_contract.offer_uuid_or_name)
elif len(o_objects) == 0:
raise exception.OfferNotFound(
offer_uuid=new_contract.offer_uuid_or_name)
related_offer = o_objects[0]
contract_dict['offer_uuid'] = related_offer.uuid
if 'start_time' not in contract_dict:
contract_dict['start_time'] = datetime.datetime.now()
if 'end_time' not in contract_dict:
q = related_offer.get_first_availability(
contract_dict['start_time'])
if q is None:
contract_dict['end_time'] = related_offer.end_time
else:
contract_dict['end_time'] = q.start_time
c = contract.Contract(**contract_dict)
c.create(request)
return Contract(**c.to_dict())
def policy_authorize(policy_name, target, creds):
try:
policy.authorize(policy_name, target, creds)
except oslo_policy.PolicyNotAuthorized:
raise exception.HTTPForbidden(rule=policy_name)
def get_all(self,
project_id=None,
resource_type=None,
resource_uuid=None,
start_time=None,
end_time=None,
available_start_time=None,
available_end_time=None,
status=None):
request = pecan.request.context
cdict = request.to_policy_values()
policy.authorize('esi_leap:offer:get', cdict, cdict)
if (start_time and end_time is None) or\
(end_time and start_time is None):
raise exception.InvalidTimeAPICommand(resource='an offer',
start_time=str(start_time),
end_time=str(end_time))
if start_time and end_time and\
end_time <= start_time:
raise exception.InvalidTimeAPICommand(resource='an offer',
start_time=str(start_time),
end_time=str(end_time))
if (available_start_time and available_end_time is None) or\
(available_end_time and available_start_time is None):
raise exception.InvalidAvailabilityAPICommand(
a_start=str(start_time), a_end=str(end_time))
if available_start_time and available_end_time and\
available_end_time <= available_start_time:
raise exception.InvalidAvailabilityAPICommand(
a_start=available_start_time, a_end=available_end_time)
if status is None:
status = statuses.AVAILABLE
elif status == 'any':
status = None
possible_filters = {
'project_id': project_id,
'resource_type': resource_type,
'resource_uuid': resource_uuid,
'status': status,
'start_time': start_time,
'end_time': end_time,
'available_start_time': available_start_time,
'available_end_time': available_end_time,
}
filters = {}
for k, v in possible_filters.items():
if v is not None:
filters[k] = v
offer_collection = OfferCollection()
offers = offer.Offer.get_all(request, filters)
offer_collection.offers = [
Offer(**OffersController._add_offer_availabilities(o))
for o in offers
]
return offer_collection
def test_authorized(self):
creds = {'roles': ['esi_leap_owner']}
self.assertTrue(policy.authorize('esi_leap:offer:get', creds, creds))
