Esempio n. 1
0
 def _load_backend(self):
     with self._lock:
         if not self._backend:
             # Import the untranslated name if we don't have a mapping
             backend_path = self._backend_mapping.get(
                 self._backend_name, self._backend_name)
             backend_mod = importutils.import_module(backend_path)
             self._backend = backend_mod.get_backend()
Esempio n. 2
0
 def _load_backend(self):
     with self._lock:
         if not self._backend:
             # Import the untranslated name if we don't have a mapping
             backend_path = self._backend_mapping.get(self._backend_name,
                                                      self._backend_name)
             backend_mod = importutils.import_module(backend_path)
             self._backend = backend_mod.get_backend()
Esempio n. 3
0
    def __call__(self, target, creds):
        if self.target_field not in target:
            # policy needs a plugin check
            # target field is in the form resource:field
            # however if they're not separated by a colon, use an underscore
            # as a separator for backward compatibility

            def do_split(separator):
                parent_res, parent_field = self.target_field.split(separator, 1)
                return parent_res, parent_field

            for separator in (":", "_"):
                try:
                    parent_res, parent_field = do_split(separator)
                    break
                except ValueError:
                    LOG.debug(_("Unable to find ':' as separator in %s."), self.target_field)
            else:
                # If we are here split failed with both separators
                err_reason = _("Unable to find resource name in %s") % self.target_field
                LOG.exception(err_reason)
                raise exceptions.PolicyCheckError(policy="%s:%s" % (self.kind, self.match), reason=err_reason)
            parent_foreign_key = attributes.RESOURCE_FOREIGN_KEYS.get("%ss" % parent_res, None)
            if not parent_foreign_key:
                err_reason = _("Unable to verify match:%(match)s as the " "parent resource: %(res)s was not found") % {
                    "match": self.match,
                    "res": parent_res,
                }
                LOG.exception(err_reason)
                raise exceptions.PolicyCheckError(policy="%s:%s" % (self.kind, self.match), reason=err_reason)
            # NOTE(salv-orlando): This check currently assumes the parent
            # resource is handled by the core plugin. It might be worth
            # having a way to map resources to plugins so to make this
            # check more general
            # FIXME(ihrachys): if import is put in global, circular
            # import failure occurs
            from tacker import manager

            f = getattr(manager.TackerManager.get_instance().plugin, "get_%s" % parent_res)
            # f *must* exist, if not found it is better to let tacker
            # explode. Check will be performed with admin context
            context = importutils.import_module("tacker.context")
            try:
                data = f(context.get_admin_context(), target[parent_foreign_key], fields=[parent_field])
                target[self.target_field] = data[parent_field]
            except Exception:
                with excutils.save_and_reraise_exception():
                    LOG.exception(_("Policy check error while calling %s!"), f)
        match = self.match % target
        if self.kind in creds:
            return match == unicode(creds[self.kind])
        return False
Esempio n. 4
0
    def __call__(self, target, creds):
        if self.target_field not in target:
            # policy needs a plugin check
            # target field is in the form resource:field
            # however if they're not separated by a colon, use an underscore
            # as a separator for backward compatibility

            def do_split(separator):
                parent_res, parent_field = self.target_field.split(
                    separator, 1)
                return parent_res, parent_field

            for separator in (':', '_'):
                try:
                    parent_res, parent_field = do_split(separator)
                    break
                except ValueError:
                    LOG.debug(_("Unable to find ':' as separator in %s."),
                              self.target_field)
            else:
                # If we are here split failed with both separators
                err_reason = (_("Unable to find resource name in %s") %
                              self.target_field)
                LOG.exception(err_reason)
                raise exceptions.PolicyCheckError(policy="%s:%s" %
                                                  (self.kind, self.match),
                                                  reason=err_reason)
            parent_foreign_key = attributes.RESOURCE_FOREIGN_KEYS.get(
                "%ss" % parent_res, None)
            if not parent_foreign_key:
                err_reason = (_("Unable to verify match:%(match)s as the "
                                "parent resource: %(res)s was not found") % {
                                    'match': self.match,
                                    'res': parent_res
                                })
                LOG.exception(err_reason)
                raise exceptions.PolicyCheckError(policy="%s:%s" %
                                                  (self.kind, self.match),
                                                  reason=err_reason)
            # NOTE(salv-orlando): This check currently assumes the parent
            # resource is handled by the core plugin. It might be worth
            # having a way to map resources to plugins so to make this
            # check more general
            # FIXME(ihrachys): if import is put in global, circular
            # import failure occurs
            from tacker import manager
            f = getattr(manager.TackerManager.get_instance().plugin,
                        'get_%s' % parent_res)
            # f *must* exist, if not found it is better to let tacker
            # explode. Check will be performed with admin context
            context = importutils.import_module('tacker.context')
            try:
                data = f(context.get_admin_context(),
                         target[parent_foreign_key],
                         fields=[parent_field])
                target[self.target_field] = data[parent_field]
            except Exception:
                with excutils.save_and_reraise_exception():
                    LOG.exception(_('Policy check error while calling %s!'), f)
        match = self.match % target
        if self.kind in creds:
            return match == six.text_type(creds[self.kind])
        return False