def _admin_check(self, context, action): """Admin role check helper.""" # TODO(selva): his check should be required if the tenant_id is # specified in the request, otherwise the policy.json do a trick # this need further revision. if not context.is_admin: reason = _('Cannot %s resource for non admin tenant') % action raise exceptions.AdminRequired(reason=reason)
def _get_tenant_id_for_create(self, context, resource): if context.is_admin and 'tenant_id' in resource: tenant_id = resource['tenant_id'] elif ('tenant_id' in resource and resource['tenant_id'] != context.tenant_id): reason = _('Cannot create resource for another tenant') raise n_exc.AdminRequired(reason=reason) else: tenant_id = context.tenant_id return tenant_id
def _get_tenant_id_for_create(self, context, resource): """Get tenant id for creation of resources.""" if context.is_admin and 'tenant_id' in resource: tenant_id = resource['tenant_id'] elif ('tenant_id' in resource and resource['tenant_id'] != context.tenant_id): reason = _('Cannot create resource for another tenant') raise exceptions.AdminRequired(reason=reason) else: tenant_id = context.tenant_id return tenant_id
def check_subnet_cidr_meets_policy(context, subnet): if context.is_admin: return elif getattr(context, '_akanda_auto_add', None): return net = netaddr.IPNetwork(subnet['subnet']['cidr']) for allowed_cidr in cfg.CONF.akanda_allowed_cidr_ranges: if net in netaddr.IPNetwork(allowed_cidr): return else: reason = _('Cannot create a subnet that is not within the ' 'allowed address ranges [%s].' % cfg.CONF.akanda_allowed_cidr_ranges) raise q_exc.AdminRequired(reason=reason)
def _check_admin(self, context, reason=_("Only admin can view or configure quota")): if not context.is_admin: raise n_exc.AdminRequired(reason=reason)
def _admin_check(context, action): """Admin role check helper.""" if not context.is_admin: reason = _('Cannot %s resource for non admin tenant') % action raise exc.AdminRequired(reason=reason)