def get_rbac_policies(self,
context,
filters=None,
fields=None,
sorts=None,
limit=None,
page_reverse=False):
filters = filters or {}
object_type_filters = filters.pop('object_type', None)
models_to_query = [
m for t, m in models.get_type_model_map().items()
if object_type_filters is None or t in object_type_filters
]
collections = [
model_query.get_collection(context,
model,
self._make_rbac_policy_dict,
filters=filters,
fields=fields,
sorts=sorts,
limit=limit,
page_reverse=page_reverse)
for model in models_to_query
]
# NOTE(kevinbenton): we don't have to worry about pagination,
# limits, or page_reverse currently because allow_pagination is
# set to False in 'neutron.extensions.rbac'
return [item for c in collections for item in c]
def get_rbac_policies(self, context, filters=None, fields=None,
sorts=None, limit=None, page_reverse=False):
model = common_db_mixin.UnionModel(
models.get_type_model_map(), 'object_type')
return self._get_collection(
context, model, self._make_rbac_policy_dict, filters=filters,
fields=fields, sorts=sorts, limit=limit, page_reverse=page_reverse)
def _get_rbac_policy(self, context, id):
object_type = self._get_object_type(context, id)
dbmodel = models.get_type_model_map()[object_type]
try:
return self._model_query(context, dbmodel).filter(dbmodel.id == id).one()
except exc.NoResultFound:
raise ext_rbac.RbacPolicyNotFound(id=id, object_type=object_type)
def get_rbac_policies(self, context, filters=None, fields=None,
sorts=None, limit=None, page_reverse=False):
model = common_db_mixin.UnionModel(
models.get_type_model_map(), 'object_type')
return self._get_collection(
context, model, self._make_rbac_policy_dict, filters=filters,
sorts=sorts, limit=limit, page_reverse=page_reverse)
def _get_rbac_policy(self, context, id):
object_type = self._get_object_type(context, id)
dbmodel = models.get_type_model_map()[object_type]
try:
return model_query.query_with_hooks(
context, dbmodel).filter(dbmodel.id == id).one()
except exc.NoResultFound:
raise ext_rbac.RbacPolicyNotFound(id=id, object_type=object_type)
def _get_object_type(self, context, entry_id):
"""Scans all RBAC tables for an ID to figure out the type.
This will be an expensive operation as the number of RBAC tables grows.
The result is cached since object types cannot be updated for a policy.
"""
if entry_id in self.object_type_cache:
return self.object_type_cache[entry_id]
for otype, model in models.get_type_model_map().items():
if context.session.query(model).filter(model.id == entry_id).first():
self.object_type_cache[entry_id] = otype
return otype
raise ext_rbac.RbacPolicyNotFound(id=entry_id, object_type="unknown")
def _get_object_type(self, context, entry_id):
"""Scans all RBAC tables for an ID to figure out the type.
This will be an expensive operation as the number of RBAC tables grows.
The result is cached since object types cannot be updated for a policy.
"""
if entry_id in self.object_type_cache:
return self.object_type_cache[entry_id]
for otype, model in models.get_type_model_map().items():
if (context.session.query(model).filter(
model.id == entry_id).first()):
self.object_type_cache[entry_id] = otype
return otype
raise ext_rbac.RbacPolicyNotFound(id=entry_id, object_type='unknown')
def create_rbac_policy(self, context, rbac_policy):
e = rbac_policy["rbac_policy"]
try:
registry.notify(
RBAC_POLICY, events.BEFORE_CREATE, self, context=context, object_type=e["object_type"], policy=e
)
except c_exc.CallbackFailure as e:
raise n_exc.InvalidInput(error_message=e)
dbmodel = models.get_type_model_map()[e["object_type"]]
with context.session.begin(subtransactions=True):
db_entry = dbmodel(
object_id=e["object_id"], target_tenant=e["target_tenant"], action=e["action"], tenant_id=e["tenant_id"]
)
context.session.add(db_entry)
return self._make_rbac_policy_dict(db_entry)
def get_rbac_policies(self, context, filters=None, fields=None,
sorts=None, limit=None, page_reverse=False):
filters = filters or {}
object_type_filters = filters.pop('object_type', None)
models_to_query = [
m for t, m in models.get_type_model_map().items()
if object_type_filters is None or t in object_type_filters
]
collections = [self._get_collection(
context, model, self._make_rbac_policy_dict,
filters=filters, fields=fields, sorts=sorts,
limit=limit, page_reverse=page_reverse)
for model in models_to_query]
# NOTE(kevinbenton): we don't have to worry about pagination,
# limits, or page_reverse currently because allow_pagination is
# set to False in 'neutron.extensions.rbac'
return [item for c in collections for item in c]
def create_rbac_policy(self, context, rbac_policy):
e = rbac_policy['rbac_policy']
try:
registry.notify(RBAC_POLICY, events.BEFORE_CREATE, self,
context=context, object_type=e['object_type'],
policy=e)
except c_exc.CallbackFailure as e:
raise n_exc.InvalidInput(error_message=e)
dbmodel = models.get_type_model_map()[e['object_type']]
tenant_id = self._get_tenant_id_for_create(context, e)
with context.session.begin(subtransactions=True):
db_entry = dbmodel(object_id=e['object_id'],
target_tenant=e['target_tenant'],
action=e['action'],
tenant_id=tenant_id)
context.session.add(db_entry)
return self._make_rbac_policy_dict(db_entry)
def create_rbac_policy(self, context, rbac_policy):
e = rbac_policy['rbac_policy']
try:
registry.notify(RBAC_POLICY, events.BEFORE_CREATE, self,
context=context, object_type=e['object_type'],
policy=e)
except c_exc.CallbackFailure as e:
raise n_exc.InvalidInput(error_message=e)
dbmodel = models.get_type_model_map()[e['object_type']]
try:
with context.session.begin(subtransactions=True):
db_entry = dbmodel(object_id=e['object_id'],
target_tenant=e['target_tenant'],
action=e['action'],
tenant_id=e['tenant_id'])
context.session.add(db_entry)
except db_exc.DBDuplicateEntry:
raise ext_rbac.DuplicateRbacPolicy()
return self._make_rbac_policy_dict(db_entry)
def convert_valid_object_type(otype):
normalized = otype.strip().lower()
if normalized in rbac_db_models.get_type_model_map():
return normalized
msg = _("'%s' is not a valid RBAC object type") % otype
raise n_exc.InvalidInput(error_message=msg)
def convert_valid_object_type(otype):
normalized = otype.strip().lower()
if normalized in rbac_db_models.get_type_model_map():
return normalized
msg = _("'%s' is not a valid RBAC object type") % otype
raise n_exc.InvalidInput(error_message=msg)
