def get_repo(self, context): #生成数据库操作对象 image_repo = glance.db.ImageRepo(context, self.db_api) #??? store_image_repo = glance.location.ImageRepoProxy( image_repo, context, self.store_api, self.store_utils) #包装上配额检查 quota_image_repo = glance.quota.ImageRepoProxy( store_image_repo, context, self.db_api, self.store_utils) #包装上策略检查 policy_image_repo = policy.ImageRepoProxy( quota_image_repo, context, self.policy) #包装上消息通知 notifier_image_repo = glance.notifier.ImageRepoProxy( policy_image_repo, context, self.notifier) if property_utils.is_property_protection_enabled(): property_rules = property_utils.PropertyRules(self.policy) pir = property_protections.ProtectedImageRepoProxy( notifier_image_repo, context, property_rules) authorized_image_repo = authorization.ImageRepoProxy( pir, context) else: #简单起点,我们认为没有开启,再封装一层 authorized_image_repo = authorization.ImageRepoProxy( notifier_image_repo, context) return authorized_image_repo
def get_repo(self, context): image_repo = glance.db.ImageRepo(context, self.db_api) store_image_repo = glance.location.ImageRepoProxy( image_repo, context, self.store_api, self.store_utils) quota_image_repo = glance.quota.ImageRepoProxy(store_image_repo, context, self.db_api, self.store_utils) policy_image_repo = policy.ImageRepoProxy(quota_image_repo, context, self.policy) notifier_image_repo = glance.notifier.ImageRepoProxy( policy_image_repo, context, self.notifier) if property_utils.is_property_protection_enabled(): property_rules = property_utils.PropertyRules(self.policy) protected_image_repo = property_protections.\ ProtectedImageRepoProxy(notifier_image_repo, context, property_rules) authorized_image_repo = authorization.ImageRepoProxy( protected_image_repo, context) else: authorized_image_repo = authorization.ImageRepoProxy( notifier_image_repo, context) if CONF.sync_enabled: sync_image_repo = glance.sync.ImageRepoProxy( authorized_image_repo, context, self.sync_api) return sync_image_repo return authorized_image_repo
def get_repo(self, context, authorization_layer=True): """Get the layered ImageRepo model. This is where we construct the "the onion" by layering ImageRepo models on top of each other, starting with the DB at the bottom. NB: Code that has implemented policy checks fully above this layer should pass authorization_layer=False to ensure that no conflicts with old checks happen. Legacy code should continue passing True until legacy checks are no longer needed. :param context: The RequestContext :param authorization_layer: Controls whether or not we add the legacy glance.authorization and glance.policy layers. :returns: An ImageRepo-like object """ repo = glance.db.ImageRepo(context, self.db_api) repo = glance.location.ImageRepoProxy(repo, context, self.store_api, self.store_utils) repo = glance.quota.ImageRepoProxy(repo, context, self.db_api, self.store_utils) if authorization_layer: repo = policy.ImageRepoProxy(repo, context, self.policy) repo = glance.notifier.ImageRepoProxy(repo, context, self.notifier) if property_utils.is_property_protection_enabled(): property_rules = property_utils.PropertyRules(self.policy) repo = property_protections.ProtectedImageRepoProxy( repo, context, property_rules) if authorization_layer: repo = authorization.ImageRepoProxy(repo, context) return repo
def get_repo(self, context): image_repo = glance.db.ImageRepo(context, self.db_api) store_image_repo = glance.store.ImageRepoProxy(image_repo, context, self.store_api) policy_image_repo = policy.ImageRepoProxy(store_image_repo, context, self.policy) notifier_image_repo = glance.notifier.ImageRepoProxy( policy_image_repo, context, self.notifier) authorized_image_repo = authorization.ImageRepoProxy( notifier_image_repo, context) return authorized_image_repo