def show(self, req, tenant_id, id): """Return a single backup.""" LOG.debug("Showing a backup for tenant %s ID: '%s'" % (tenant_id, id)) context = req.environ[wsgi.CONTEXT_KEY] backup = Backup.get_by_id(context, id) policy.authorize_on_target(context, 'backup:show', {'tenant': backup.tenant_id}) return wsgi.Result(views.BackupView(backup).data(), 200)
def authorize_module_action(cls, context, module_rule_name, module): """If a module is not owned by any particular tenant just check that the current tenant is allowed to perform the action. """ if module.tenant_id is not None: policy.authorize_on_target(context, 'module:%s' % module_rule_name, {'tenant': module.tenant_id}) else: policy.authorize_on_tenant(context, 'module:%s' % module_rule_name)
def test_authorize_on_target(self): test_rule = NonCallableMock() test_target = NonCallableMock() trove_policy.authorize_on_target(self.context, test_rule, test_target) self.mock_get_enforcer.assert_called_once_with() self.mock_enforcer.authorize.assert_called_once_with( test_rule, test_target, self.context.to_dict(), do_raise=True, exc=trove_exceptions.PolicyNotAuthorized, action=test_rule)
def delete(self, req, tenant_id, id): LOG.info(_('Deleting backup for tenant %(tenant_id)s ' 'ID: %(backup_id)s') % {'tenant_id': tenant_id, 'backup_id': id}) context = req.environ[wsgi.CONTEXT_KEY] backup = Backup.get_by_id(context, id) policy.authorize_on_target(context, 'backup:delete', {'tenant': backup.tenant_id}) context.notification = notification.DBaaSBackupDelete(context, request=req) with StartNotification(context, backup_id=id): Backup.delete(context, id) return wsgi.Result(None, 202)
def authorize_instance_action(cls, context, instance_rule_name, instance_id, is_cluster=False): instance = instance_models.Instance.load(context, instance_id) if not instance: raise exception.NotFound(uuid=instance_id) target_type = 'cluster' if is_cluster else 'instance' policy.authorize_on_target( context, '%s:extension:%s' % (target_type, instance_rule_name), {'tenant': instance.tenant_id})
def authorize_target_action(cls, context, target_rule_name, target_id, is_cluster=False): target = None if is_cluster: target = cluster_models.Cluster.load(context, target_id) else: target = instance_models.Instance.load(context, target_id) if not target: if is_cluster: raise exception.ClusterNotFound(cluster=target_id) raise exception.InstanceNotFound(instance=target_id) target_type = 'cluster' if is_cluster else 'instance' policy.authorize_on_target( context, '%s:extension:%s' % (target_type, target_rule_name), {'tenant': target.tenant_id})
def authorize_instance_action(cls, context, instance_rule_name, instance): policy.authorize_on_target(context, 'instance:%s' % instance_rule_name, {'tenant': instance.tenant_id})
def authorize_config_action(cls, context, config_rule_name, config): policy.authorize_on_target( context, 'configuration:%s' % config_rule_name, {'tenant': config.tenant_id})
def authorize_cluster_action(cls, context, cluster_rule_name, cluster): policy.authorize_on_target(context, 'cluster:%s' % cluster_rule_name, {'tenant': cluster.tenant_id})