def _admin_check(self, context, action):
"""Admin role check helper."""
# TODO(selva): his check should be required if the tenant_id is
# specified in the request, otherwise the policy.json do a trick
# this need further revision.
if not context.is_admin:
reason = _('Cannot %s resource for non admin tenant') % action
raise exceptions.AdminRequired(reason=reason)
def _get_tenant_id_for_create(self, context, resource):
if context.is_admin and 'tenant_id' in resource:
tenant_id = resource['tenant_id']
elif ('tenant_id' in resource
and resource['tenant_id'] != context.tenant_id):
reason = _('Cannot create resource for another tenant')
raise n_exc.AdminRequired(reason=reason)
else:
tenant_id = context.tenant_id
return tenant_id
def _get_tenant_id_for_create(self, context, resource):
"""Get tenant id for creation of resources."""
if context.is_admin and 'tenant_id' in resource:
tenant_id = resource['tenant_id']
elif ('tenant_id' in resource
and resource['tenant_id'] != context.tenant_id):
reason = _('Cannot create resource for another tenant')
raise exceptions.AdminRequired(reason=reason)
else:
tenant_id = context.tenant_id
return tenant_id
def check_subnet_cidr_meets_policy(context, subnet):
if context.is_admin:
return
elif getattr(context, '_akanda_auto_add', None):
return
net = netaddr.IPNetwork(subnet['subnet']['cidr'])
for allowed_cidr in cfg.CONF.akanda_allowed_cidr_ranges:
if net in netaddr.IPNetwork(allowed_cidr):
return
else:
reason = _('Cannot create a subnet that is not within the '
'allowed address ranges [%s].' %
cfg.CONF.akanda_allowed_cidr_ranges)
raise q_exc.AdminRequired(reason=reason)
def _check_admin(self, context,
reason=_("Only admin can view or configure quota")):
if not context.is_admin:
raise n_exc.AdminRequired(reason=reason)
def _admin_check(context, action):
"""Admin role check helper."""
if not context.is_admin:
reason = _('Cannot %s resource for non admin tenant') % action
raise exc.AdminRequired(reason=reason)
