def details(self, request, id): if id != request.context.project_id: # Check if admin if not request.context.is_admin: reason = _("Only admin is authorized to access quotas for" " another tenant") raise n_exc.AdminRequired(reason=reason) return {self._resource_name: self._get_detailed_quotas(request, id)}
def _admin_check(self, context, action): """Admin role check helper.""" # TODO(selva): his check should be required if the tenant_id is # specified in the request, otherwise the policy.json do a trick # this need further revision. if not context.is_admin: reason = _('Cannot %s resource for non admin tenant') % action raise exceptions.AdminRequired(reason=reason)
def get_tenant_id_for_create(context, resource): if context.is_admin and 'tenant_id' in resource: tenant_id = resource['tenant_id'] elif ('tenant_id' in resource and resource['tenant_id'] != context.tenant_id): reason = _('Cannot create resource for another tenant') raise n_exc.AdminRequired(reason=reason) else: tenant_id = context.tenant_id return tenant_id
def _get_tenant_id_for_create(self, context, resource): if context.is_admin and 'tenant_id' in resource: tenant_id = resource['tenant_id'] elif ('tenant_id' in resource and resource['tenant_id'] != context.project_id): reason = _('Cannot create resource for another tenant') raise exceptions.AdminRequired(reason=reason) else: tenant_id = context.project_id return tenant_id
def _get_tenant_id_for_create(self, context, resource): """Get tenant id for creation of resources.""" if context.is_admin and 'tenant_id' in resource: tenant_id = resource['tenant_id'] elif ('tenant_id' in resource and resource['tenant_id'] != context.tenant_id): reason = 'Cannot create resource for another tenant' raise exceptions.AdminRequired(reason=reason) else: tenant_id = context.tenant_id return tenant_id
def run(self, context, job_name, readonly=False): self.results = {} if context.is_admin: if self.email_notifier: self.email_notifier.start('Cloud Housekeeper Execution Report') with locking.LockManager.get_lock('nsx-housekeeper'): error_count = 0 fixed_count = 0 error_info = '' if job_name == ALL_DUMMY_JOB_NAME: if (not readonly and not self.readwrite_allowed(ALL_DUMMY_JOB_NAME)): raise n_exc.ObjectNotFound(id=ALL_DUMMY_JOB_NAME) for job in self.jobs.values(): if (not readonly and not self.readwrite_allowed(job.get_name())): # skip this job as it is readonly continue result = job.run(context, readonly=readonly) if result: if self.email_notifier and result['error_count']: self._add_job_text_to_notifier(job, result) error_count += result['error_count'] fixed_count += result['fixed_count'] error_info += result['error_info'] + "\n" self.results[job_name] = { 'error_count': error_count, 'fixed_count': fixed_count, 'error_info': error_info } else: job = self.jobs.get(job_name) if job: if (not readonly and not self.readwrite_allowed(job_name)): raise n_exc.ObjectNotFound(id=job_name) result = job.run(context, readonly=readonly) if result: error_count = result['error_count'] if self.email_notifier: self._add_job_text_to_notifier(job, result) self.results[job.get_name()] = result else: raise n_exc.ObjectNotFound(id=job_name) if self.email_notifier and error_count: self.email_notifier.send() else: raise n_exc.AdminRequired()
def run(self, context, job_name): if context.is_admin: with locking.LockManager.get_lock('nsx-housekeeper'): if job_name == ALL_DUMMY_JOB.get('name'): for job in self.jobs.values(): job.run(context) else: job = self.jobs.get(job_name) if job: job.run(context) else: raise n_exc.ObjectNotFound(id=job_name) else: raise n_exc.AdminRequired()
def _check_admin(self, context, reason=_("Only admin can view or configure quota")): if not context.is_admin: raise n_exc.AdminRequired(reason=reason)
def _admin_check(context, action): """Admin role check helper.""" if not context.is_admin: reason = _('Cannot %s resource for non admin tenant') % action raise exc.AdminRequired(reason=reason)
def request(self, method, url, token=None, args=None, headers=None, accepted_codes=[200, 201, 202, 204]): params = {} if args: # extract filter and fields if 'filters' in args: params = args.pop('filters') if 'fields' in args: params['fields'] = args.pop('fields') args = jsonutils.dumps(args) if not headers: headers = { 'Content-type': 'application/json', 'X-Auth-Token': token } headers['User-Agent'] = OCTAVIA_PROXY_CLIENT url = '{}/{}'.format(self.base_url, str(url)) LOG.debug("url = %s", url) LOG.debug("args = %s", args) LOG.debug("params = %s", str(params)) r = requests.request(method, url, data=args, params=params, headers=headers) LOG.debug("Octavia Response Code: {0}".format(r.status_code)) LOG.debug("Octavia Response Body: {0}".format(r.content)) LOG.debug("Octavia Response Headers: {0}".format(r.headers)) if r.status_code in accepted_codes: if method != 'DELETE': return r.json() elif r.status_code == 413: e = lib_exc.OverQuota() e.msg = str(r.content) raise e elif r.status_code == 409: e = lib_exc.Conflict() e.msg = str(r.content) raise e elif r.status_code == 401: e = lib_exc.NotAuthorized() e.msg = str(r.content) raise e elif r.status_code == 403: e = lib_exc.AdminRequired() e.msg = str(r.content) raise e elif r.status_code == 404: e = lib_exc.NotFound() e.msg = str(r.content) raise e elif r.status_code == 400: e = lib_exc.BadRequest(resource="", msg="") e.msg = str(r.content) raise e else: raise loadbalancerv2.DriverError(msg=str(r.content))