コード例 #1
0
ファイル: test_api.py プロジェクト: rohitmalaga/neutron
    def test_get_object_create_update_delete(self):
        obj = api.create_object(self.ctxt, self.model, {'name': 'foo'})

        new_obj = api.get_object(self.ctxt, self.model, id=obj.id)
        self.assertEqual(obj, new_obj)

        obj = new_obj
        api.update_object(self.ctxt, self.model, {'name': 'bar'}, id=obj.id)

        new_obj = api.get_object(self.ctxt, self.model, id=obj.id)
        self.assertEqual(obj, new_obj)

        obj = new_obj
        api.delete_object(self.ctxt, self.model, id=obj.id)

        new_obj = api.get_object(self.ctxt, self.model, id=obj.id)
        self.assertIsNone(new_obj)

        # delete_object raises an exception on missing object
        self.assertRaises(n_exc.ObjectNotFound,
                          api.delete_object,
                          self.ctxt,
                          self.model,
                          id=obj.id)

        # but delete_objects does not not
        api.delete_objects(self.ctxt, self.model, id=obj.id)
コード例 #2
0
ファイル: test_api.py プロジェクト: sebrandon1/neutron
    def test_get_object_create_update_delete(self):
        obj = api.create_object(self.ctxt, self.model, {'name': 'foo'})

        new_obj = api.get_object(self.ctxt, self.model, id=obj.id)
        self.assertEqual(obj, new_obj)

        obj = new_obj
        api.update_object(self.ctxt, self.model, {'name': 'bar'}, id=obj.id)

        new_obj = api.get_object(self.ctxt, self.model, id=obj.id)
        self.assertEqual(obj, new_obj)

        obj = new_obj
        api.delete_object(self.ctxt, self.model, id=obj.id)

        new_obj = api.get_object(self.ctxt, self.model, id=obj.id)
        self.assertIsNone(new_obj)

        # delete_object raises an exception on missing object
        self.assertRaises(
            n_exc.ObjectNotFound,
            api.delete_object, self.ctxt, self.model, id=obj.id)

        # but delete_objects does not not
        api.delete_objects(self.ctxt, self.model, id=obj.id)
コード例 #3
0
    def get_object(cls, context, fields=None, **kwargs):
        """Fetch a single object

        Return the first result of given context or None if the result doesn't
        contain any row. Next, convert it to a versioned object.

        :param context:
        :param fields: indicate which fields the caller is interested in
                       using. Note that currently this is limited to
                       avoid loading synthetic fields when possible, and
                       does not affect db queries. Default is None, which
                       is the same as []. Example: ['id', 'name']
        :param kwargs: multiple keys defined by key=value pairs
        :return: single object of NeutronDbObject class or None
        """
        lookup_keys = set(kwargs.keys())
        all_keys = itertools.chain([cls.primary_keys], cls.unique_keys)
        if not any(lookup_keys.issuperset(keys) for keys in all_keys):
            missing_keys = set(cls.primary_keys).difference(lookup_keys)
            raise o_exc.NeutronPrimaryKeyMissing(object_class=cls,
                                                 missing_keys=missing_keys)

        with cls.db_context_reader(context):
            db_obj = obj_db_api.get_object(cls, context,
                                           **cls.modify_fields_to_db(kwargs))
            if db_obj:
                return cls._load_object(context, db_obj, fields=fields)
コード例 #4
0
ファイル: base.py プロジェクト: openstack/neutron
    def get_object(cls, context, fields=None, **kwargs):
        """Fetch a single object

        Return the first result of given context or None if the result doesn't
        contain any row. Next, convert it to a versioned object.

        :param context:
        :param fields: indicate which fields the caller is interested in
                       using. Note that currently this is limited to
                       avoid loading synthetic fields when possible, and
                       does not affect db queries. Default is None, which
                       is the same as []. Example: ['id', 'name']
        :param kwargs: multiple keys defined by key=value pairs
        :return: single object of NeutronDbObject class or None
        """
        lookup_keys = set(kwargs.keys())
        all_keys = itertools.chain([cls.primary_keys], cls.unique_keys)
        if not any(lookup_keys.issuperset(keys) for keys in all_keys):
            missing_keys = set(cls.primary_keys).difference(lookup_keys)
            raise o_exc.NeutronPrimaryKeyMissing(object_class=cls,
                                                 missing_keys=missing_keys)

        with cls.db_context_reader(context):
            db_obj = obj_db_api.get_object(
                cls, context, **cls.modify_fields_to_db(kwargs))
            if db_obj:
                return cls._load_object(context, db_obj, fields=fields)
コード例 #5
0
 def test_get_object_with_None_value_in_filters(self):
     obj = api.create_object(self.obj_cls, self.ctxt, {'name': 'foo'})
     new_obj = api.get_object(self.obj_cls,
                              self.ctxt,
                              name='foo',
                              status=None)
     self.assertEqual(obj, new_obj)
コード例 #6
0
ファイル: subnetpool.py プロジェクト: stackhpc/neutron
    def validate_rbac_policy_create(cls, resource, event, trigger,
                                    payload=None):
        context = payload.context
        policy = payload.request_body

        db_obj = obj_db_api.get_object(
            cls, context.elevated(), id=policy['object_id'])

        if not db_obj["address_scope_id"]:
            # Nothing to validate
            return

        with db_api.CONTEXT_READER.using(context):
            rbac_as_model = rbac_db_models.AddressScopeRBAC

            # Ensure that target project has access to AS
            shared_to_target_project_or_to_all = (
                sa.and_(
                    rbac_as_model.target_project.in_(
                        ["*", policy['target_project']]
                    ),
                    rbac_as_model.object_id == db_obj["address_scope_id"]
                )
            )

            matching_policies = model_query.query_with_hooks(
                context, rbac_db_models.AddressScopeRBAC
            ).filter(shared_to_target_project_or_to_all).count()

        if matching_policies == 0:
            raise ext_rbac.RbacPolicyInitError(
                object_id=policy['object_id'],
                reason=_("target project doesn't have access to "
                         "associated address scope."))
コード例 #7
0
ファイル: l3_fip_qos.py プロジェクト: xuwancai/neutron
 def _create_fip_qos_db(self, context, fip_id, policy_id):
     policy = self._get_policy_obj(context, policy_id)
     policy.attach_floatingip(fip_id)
     binding_db_obj = obj_db_api.get_object(context,
                                            policy.fip_binding_model,
                                            fip_id=fip_id)
     return binding_db_obj
コード例 #8
0
ファイル: rbac_db.py プロジェクト: zhouronghua/neutron
    def validate_rbac_policy_change(cls, resource, event, trigger, context,
                                    object_type, policy, **kwargs):
        """Callback to validate RBAC_POLICY changes.

        This is the dispatching function for create, update and delete
        callbacks. On creation and update, verify that the creator is an admin
        or owns the resource being shared.
        """
        # TODO(hdaniel): As this code was shamelessly stolen from
        # NeutronDbPluginV2.validate_network_rbac_policy_change(), those pieces
        # should be synced and contain the same bugs, until Network RBAC logic
        # (hopefully) melded with this one.
        if object_type != cls.rbac_db_model.object_type:
            return
        db_obj = obj_db_api.get_object(context.elevated(),
                                       cls.db_model,
                                       id=policy['object_id'])
        if event in (events.BEFORE_CREATE, events.BEFORE_UPDATE):
            if (not context.is_admin
                    and db_obj['tenant_id'] != context.tenant_id):
                msg = _("Only admins can manipulate policies on objects "
                        "they do not own")
                raise lib_exc.InvalidInput(error_message=msg)
        callback_map = {
            events.BEFORE_UPDATE: cls.validate_rbac_policy_update,
            events.BEFORE_DELETE: cls.validate_rbac_policy_delete
        }
        if event in callback_map:
            return callback_map[event](resource, event, trigger, context,
                                       object_type, policy, **kwargs)
コード例 #9
0
ファイル: rbac_db.py プロジェクト: sebrandon1/neutron
    def validate_rbac_policy_change(cls, resource, event, trigger, context,
                                    object_type, policy, **kwargs):
        """Callback to validate RBAC_POLICY changes.

        This is the dispatching function for create, update and delete
        callbacks. On creation and update, verify that the creator is an admin
        or owns the resource being shared.
        """
        # TODO(hdaniel): As this code was shamelessly stolen from
        # NeutronDbPluginV2.validate_network_rbac_policy_change(), those pieces
        # should be synced and contain the same bugs, until Network RBAC logic
        # (hopefully) melded with this one.
        if object_type != cls.rbac_db_model.object_type:
            return
        db_obj = obj_db_api.get_object(
            context.elevated(), cls.db_model, id=policy['object_id'])
        if event in (events.BEFORE_CREATE, events.BEFORE_UPDATE):
            if (not context.is_admin and
                    db_obj['tenant_id'] != context.tenant_id):
                msg = _("Only admins can manipulate policies on objects "
                        "they do not own")
                raise lib_exc.InvalidInput(error_message=msg)
        callback_map = {events.BEFORE_UPDATE: cls.validate_rbac_policy_update,
                        events.BEFORE_DELETE: cls.validate_rbac_policy_delete}
        if event in callback_map:
            return callback_map[event](resource, event, trigger, context,
                                       object_type, policy, **kwargs)
コード例 #10
0
 def _get_object_policy(cls, context, binding_cls, **kwargs):
     LOG.info('%s(): caller(): %s', log_utils.get_fname(1),
              log_utils.get_fname(2))
     with cls.db_context_reader(context):
         binding_db_obj = obj_db_api.get_object(binding_cls, context,
                                                **kwargs)
         if binding_db_obj:
             return cls.get_object(context, id=binding_db_obj['policy_id'])
コード例 #11
0
ファイル: policy.py プロジェクト: klmitch/neutron
    def delete(self):
        with db_api.autonested_transaction(self._context.session):
            for object_type, model in self.binding_models.items():
                binding_db_obj = obj_db_api.get_object(self._context, model, policy_id=self.id)
                if binding_db_obj:
                    raise exceptions.QosPolicyInUse(
                        policy_id=self.id, object_type=object_type, object_id=binding_db_obj["%s_id" % object_type]
                    )

            super(QosPolicy, self).delete()
コード例 #12
0
 def to_kwargs(self, context, model):
     res = {
         attr: getattr(self, attr)
         for attr in ('sorts', 'limit', 'page_reverse')
         if getattr(self, attr) is not None
     }
     if self.marker and self.limit:
         res['marker_obj'] = obj_db_api.get_object(
             context, model, id=self.marker)
     return res
コード例 #13
0
 def to_kwargs(self, context, model):
     res = {
         attr: getattr(self, attr)
         for attr in ('sorts', 'limit', 'page_reverse')
         if getattr(self, attr) is not None
     }
     if self.marker and self.limit:
         res['marker_obj'] = obj_db_api.get_object(
             context, model, id=self.marker)
     return res
コード例 #14
0
ファイル: policy.py プロジェクト: vinayakhegdev/neutron
    def delete(self):
        with db_api.autonested_transaction(self.obj_context.session):
            for object_type, model in self.binding_models.items():
                binding_db_obj = obj_db_api.get_object(self.obj_context, model,
                                                       policy_id=self.id)
                if binding_db_obj:
                    raise exceptions.QosPolicyInUse(
                        policy_id=self.id,
                        object_type=object_type,
                        object_id=binding_db_obj['%s_id' % object_type])

            super(QosPolicy, self).delete()
コード例 #15
0
ファイル: base.py プロジェクト: noironetworks/neutron
    def objects_exist(cls, context, validate_filters=True, **kwargs):
        """Check if objects are present in DB.

        :param context:
        :param validate_filters: Raises an error in case of passing an unknown
                                 filter
        :param kwargs: multiple keys defined by key=value pairs
        :return: boolean. True if object is present.
        """
        if validate_filters:
            cls.validate_filters(**kwargs)
        # Succeed if at least a single object matches; no need to fetch more
        return bool(obj_db_api.get_object(
            cls, context, **cls.modify_fields_to_db(kwargs))
        )
コード例 #16
0
ファイル: base.py プロジェクト: zhunzhong/neutron
    def objects_exist(cls, context, validate_filters=True, **kwargs):
        """Check if objects are present in DB.

        :param context:
        :param validate_filters: Raises an error in case of passing an unknown
                                 filter
        :param kwargs: multiple keys defined by key=value pairs
        :return: boolean. True if object is present.
        """
        if validate_filters:
            cls.validate_filters(**kwargs)
        # Succeed if at least a single object matches; no need to fetch more
        return bool(
            obj_db_api.get_object(cls, context,
                                  **cls.modify_fields_to_db(kwargs)))
コード例 #17
0
    def validate_rbac_policy_delete(cls, resource, event, trigger, context,
                                    object_type, policy, **kwargs):
        """Callback to handle RBAC_POLICY, BEFORE_DELETE callback.

        :raises: RbacPolicyInUse -- in case the policy is in use.
        """
        if policy['action'] != models.ACCESS_SHARED:
            return
        target_tenant = policy['target_tenant']
        db_obj = obj_db_api.get_object(
            cls, context.elevated(), id=policy['object_id'])
        if db_obj.tenant_id == target_tenant:
            return
        cls._validate_rbac_policy_delete(context=context,
                                         obj_id=policy['object_id'],
                                         target_tenant=target_tenant)
コード例 #18
0
ファイル: rbac_db.py プロジェクト: sebrandon1/neutron
    def validate_rbac_policy_delete(cls, resource, event, trigger, context,
                                    object_type, policy, **kwargs):
        """Callback to handle RBAC_POLICY, BEFORE_DELETE callback.

        :raises: RbacPolicyInUse -- in case the policy is in use.
        """
        if policy['action'] != models.ACCESS_SHARED:
            return
        target_tenant = policy['target_tenant']
        db_obj = obj_db_api.get_object(
            context.elevated(), cls.db_model, id=policy['object_id'])
        if db_obj.tenant_id == target_tenant:
            return
        cls._validate_rbac_policy_delete(context=context,
                                         obj_id=policy['object_id'],
                                         target_tenant=target_tenant)
コード例 #19
0
ファイル: base.py プロジェクト: ISCAS-VDI/neutron-base
    def get_object(cls, context, **kwargs):
        """
        Fetch object from DB and convert it to a versioned object.

        :param context:
        :param kwargs: multiple keys defined by key=value pairs
        :return: single object of NeutronDbObject class
        """
        missing_keys = set(cls.primary_keys).difference(kwargs.keys())
        if missing_keys:
            raise NeutronPrimaryKeyMissing(object_class=cls.__class__,
                                           missing_keys=missing_keys)

        with db_api.autonested_transaction(context.session):
            db_obj = obj_db_api.get_object(context, cls.db_model, **kwargs)
            if db_obj:
                return cls._load_object(context, db_obj)
コード例 #20
0
    def get_object(cls, context, **kwargs):
        """
        Fetch object from DB and convert it to a versioned object.

        :param context:
        :param kwargs: multiple keys defined by key=value pairs
        :return: single object of NeutronDbObject class
        """
        missing_keys = set(cls.primary_keys).difference(kwargs.keys())
        if missing_keys:
            raise NeutronPrimaryKeyMissing(object_class=cls.__class__,
                                           missing_keys=missing_keys)

        with db_api.autonested_transaction(context.session):
            db_obj = obj_db_api.get_object(context, cls.db_model, **kwargs)
            if db_obj:
                return cls._load_object(context, db_obj)
コード例 #21
0
    def update_shared(self, is_shared_new, obj_id):
        admin_context = self._context.elevated()
        shared_prev = obj_db_api.get_object(admin_context, self.rbac_db_model,
                                        object_id=obj_id, target_tenant='*',
                                        action=models.ACCESS_SHARED)
        is_shared_prev = bool(shared_prev)
        if is_shared_prev == is_shared_new:
            return

        # 'shared' goes False -> True
        if not is_shared_prev and is_shared_new:
            self.attach_rbac(obj_id, self._context.tenant_id)
            return

        # 'shared' goes True -> False is actually an attempt to delete
        # rbac rule for sharing obj_id with target_tenant = '*'
        self._validate_rbac_policy_delete(self._context, obj_id, '*')
        return self._context.session.delete(shared_prev)
コード例 #22
0
ファイル: rbac_db.py プロジェクト: jaguar13/neutron
    def update_shared(self, is_shared_new, obj_id):
        admin_context = self.obj_context.elevated()
        shared_prev = obj_db_api.get_object(admin_context, self.rbac_db_model,
                                        object_id=obj_id, target_tenant='*',
                                        action=models.ACCESS_SHARED)
        is_shared_prev = bool(shared_prev)
        if is_shared_prev == is_shared_new:
            return

        # 'shared' goes False -> True
        if not is_shared_prev and is_shared_new:
            self.attach_rbac(obj_id, self.obj_context.tenant_id)
            return

        # 'shared' goes True -> False is actually an attempt to delete
        # rbac rule for sharing obj_id with target_tenant = '*'
        self._validate_rbac_policy_delete(self.obj_context, obj_id, '*')
        return self.obj_context.session.delete(shared_prev)
コード例 #23
0
ファイル: rbac_db.py プロジェクト: stackhpc/neutron
    def validate_rbac_policy_change(cls,
                                    resource,
                                    event,
                                    trigger,
                                    payload=None):
        """Callback to validate  changes.

        This is the dispatching function for create, update and delete
        callbacks. On creation and update, verify that the creator is an admin
        or owns the resource being shared.
        """
        object_type = payload.metadata.get('object_type')
        context = payload.context
        policy = (payload.request_body
                  if event == events.BEFORE_CREATE else payload.latest_state)

        # TODO(hdaniel): As this code was shamelessly stolen from
        # NeutronDbPluginV2.validate_network_rbac_policy_change(), those pieces
        # should be synced and contain the same bugs, until Network RBAC logic
        # (hopefully) melded with this one.
        if object_type != cls.rbac_db_cls.db_model.object_type:
            return
        elevated_context = context.elevated()
        with db_api.CONTEXT_READER.using(elevated_context):
            db_obj = obj_db_api.get_object(cls,
                                           elevated_context,
                                           id=policy['object_id'])
        if event in (events.BEFORE_CREATE, events.BEFORE_UPDATE):
            if (not context.is_admin
                    and db_obj['project_id'] != context.project_id):
                msg = _("Only admins can manipulate policies on objects "
                        "they do not own")
                raise exceptions.InvalidInput(error_message=msg)
        callback_map = {
            events.BEFORE_CREATE: cls.validate_rbac_policy_create,
            events.BEFORE_UPDATE: cls.validate_rbac_policy_update,
            events.BEFORE_DELETE: cls.validate_rbac_policy_delete
        }
        if event in callback_map:
            return callback_map[event](resource,
                                       event,
                                       trigger,
                                       payload=payload)
コード例 #24
0
ファイル: base.py プロジェクト: kitch/neutron
    def get_object(cls, context, **kwargs):
        """
        This method fetches object from DB and convert it to versioned
        object.

        :param context:
        :param kwargs: multiple primary keys defined key=value pairs
        :return: single object of NeutronDbObject class
        """
        missing_keys = set(cls.primary_keys).difference(kwargs.keys())
        if missing_keys:
            raise NeutronPrimaryKeyMissing(object_class=cls.__class__,
                                           missing_keys=missing_keys)

        db_obj = obj_db_api.get_object(context, cls.db_model, **kwargs)
        if db_obj:
            obj = cls(context, **db_obj)
            obj.obj_reset_changes()
            return obj
コード例 #25
0
ファイル: base.py プロジェクト: FedericoRessi/neutron
    def get_object(cls, context, **kwargs):
        """
        This method fetches object from DB and convert it to versioned
        object.

        :param context:
        :param kwargs: multiple primary keys defined key=value pairs
        :return: single object of NeutronDbObject class
        """
        missing_keys = set(cls.primary_keys).difference(kwargs.keys())
        if missing_keys:
            raise NeutronPrimaryKeyMissing(object_class=cls.__class__,
                                           missing_keys=missing_keys)

        db_obj = obj_db_api.get_object(context, cls.db_model, **kwargs)
        if db_obj:
            obj = cls(context, **db_obj)
            obj.obj_reset_changes()
            return obj
コード例 #26
0
    def get_object(cls, context, **kwargs):
        """
        Fetch object from DB and convert it to a versioned object.

        :param context:
        :param kwargs: multiple keys defined by key=value pairs
        :return: single object of NeutronDbObject class
        """
        lookup_keys = set(kwargs.keys())
        all_keys = itertools.chain([cls.primary_keys], cls.unique_keys)
        if not any(lookup_keys.issuperset(keys) for keys in all_keys):
            missing_keys = set(cls.primary_keys).difference(lookup_keys)
            raise o_exc.NeutronPrimaryKeyMissing(object_class=cls.__name__,
                                                 missing_keys=missing_keys)

        with db_api.autonested_transaction(context.session):
            db_obj = obj_db_api.get_object(context, cls.db_model,
                                           **cls.modify_fields_to_db(kwargs))
            if db_obj:
                return cls._load_object(context, db_obj)
コード例 #27
0
ファイル: base.py プロジェクト: weizai118/neutron
    def get_object(cls, context, **kwargs):
        """
        Return the first result of given context or None if the result doesn't
        contain any row. Next, convert it to a versioned object.

        :param context:
        :param kwargs: multiple keys defined by key=value pairs
        :return: single object of NeutronDbObject class or None
        """
        lookup_keys = set(kwargs.keys())
        all_keys = itertools.chain([cls.primary_keys], cls.unique_keys)
        if not any(lookup_keys.issuperset(keys) for keys in all_keys):
            missing_keys = set(cls.primary_keys).difference(lookup_keys)
            raise o_exc.NeutronPrimaryKeyMissing(object_class=cls,
                                                 missing_keys=missing_keys)

        with cls.db_context_reader(context):
            db_obj = obj_db_api.get_object(
                cls, context, **cls.modify_fields_to_db(kwargs))
            if db_obj:
                return cls._load_object(context, db_obj)
コード例 #28
0
ファイル: base.py プロジェクト: mmalchuk/openstack-neutron
    def get_object(cls, context, **kwargs):
        """
        Return the first result of given context or None if the result doesn't
        contain any row. Next, convert it to a versioned object.

        :param context:
        :param kwargs: multiple keys defined by key=value pairs
        :return: single object of NeutronDbObject class or None
        """
        lookup_keys = set(kwargs.keys())
        all_keys = itertools.chain([cls.primary_keys], cls.unique_keys)
        if not any(lookup_keys.issuperset(keys) for keys in all_keys):
            missing_keys = set(cls.primary_keys).difference(lookup_keys)
            raise o_exc.NeutronPrimaryKeyMissing(object_class=cls,
                                                 missing_keys=missing_keys)

        with cls.db_context_reader(context):
            db_obj = obj_db_api.get_object(
                cls, context, **cls.modify_fields_to_db(kwargs))
            if db_obj:
                return cls._load_object(context, db_obj)
コード例 #29
0
    def get_object(cls, context, **kwargs):
        """
        Fetch object from DB and convert it to a versioned object.

        :param context:
        :param kwargs: multiple keys defined by key=value pairs
        :return: single object of NeutronDbObject class
        """
        lookup_keys = set(kwargs.keys())
        all_keys = itertools.chain([cls.primary_keys], cls.unique_keys)
        if not any(lookup_keys.issuperset(keys) for keys in all_keys):
            missing_keys = set(cls.primary_keys).difference(lookup_keys)
            raise o_exc.NeutronPrimaryKeyMissing(object_class=cls.__name__,
                                                 missing_keys=missing_keys)

        with db_api.autonested_transaction(context.session):
            db_obj = obj_db_api.get_object(
                context, cls.db_model,
                **cls.modify_fields_to_db(kwargs)
            )
            if db_obj:
                return cls._load_object(context, db_obj)
コード例 #30
0
ファイル: rbac_db.py プロジェクト: Frank889/neutron
    def validate_rbac_policy_delete(cls,
                                    resource,
                                    event,
                                    trigger,
                                    payload=None):
        """Callback to handle RBAC_POLICY, BEFORE_DELETE callback.

        :raises: RbacPolicyInUse -- in case the policy is in use.
        """
        context = payload.context
        policy = payload.latest_state

        if policy['action'] != models.ACCESS_SHARED:
            return
        target_tenant = policy['target_tenant']
        db_obj = obj_db_api.get_object(cls,
                                       utils.get_elevated_context(context),
                                       id=policy['object_id'])
        if db_obj.tenant_id == target_tenant:
            return
        cls._validate_rbac_policy_delete(context=context,
                                         obj_id=policy['object_id'],
                                         target_tenant=target_tenant)
コード例 #31
0
ファイル: rbac_db.py プロジェクト: stackhpc/neutron
    def validate_rbac_policy_delete(cls,
                                    resource,
                                    event,
                                    trigger,
                                    payload=None):
        """Callback to handle RBAC_POLICY, BEFORE_DELETE callback.

        :raises: RbacPolicyInUse -- in case the policy is in use.
        """
        context = payload.context
        policy = payload.latest_state

        if policy['action'] != models.ACCESS_SHARED:
            return
        target_project = policy['target_project']
        elevated_context = context.elevated()
        with db_api.CONTEXT_READER.using(elevated_context):
            db_obj = obj_db_api.get_object(cls,
                                           elevated_context,
                                           id=policy['object_id'])
        if db_obj.project_id == target_project:
            return
        cls._validate_rbac_policy_delete(context, policy['object_id'],
                                         target_project)
コード例 #32
0
ファイル: policy.py プロジェクト: zhhuabj/neutron
 def _get_object_policy(cls, context, binding_cls, **kwargs):
     with cls.db_context_reader(context):
         binding_db_obj = obj_db_api.get_object(binding_cls, context,
                                                **kwargs)
         if binding_db_obj:
             return cls.get_object(context, id=binding_db_obj['policy_id'])
コード例 #33
0
 def _get_object_policy(cls, context, model, **kwargs):
     with db_api.autonested_transaction(context.session):
         binding_db_obj = obj_db_api.get_object(context, model, **kwargs)
         if binding_db_obj:
             return cls.get_object(context, id=binding_db_obj['policy_id'])
コード例 #34
0
ファイル: test_api.py プロジェクト: eayunstack/neutron
 def test_get_object_with_None_value_in_filters(self):
     obj = api.create_object(self.ctxt, self.model, {'name': 'foo'})
     new_obj = api.get_object(
         self.ctxt, self.model, name='foo', status=None)
     self.assertEqual(obj, new_obj)
コード例 #35
0
ファイル: policy.py プロジェクト: openstack/neutron
 def _get_object_policy(cls, context, binding_cls, **kwargs):
     with cls.db_context_reader(context):
         binding_db_obj = obj_db_api.get_object(binding_cls, context,
                                                **kwargs)
         if binding_db_obj:
             return cls.get_object(context, id=binding_db_obj['policy_id'])
コード例 #36
0
ファイル: l3_fip_qos.py プロジェクト: eayunstack/neutron
 def _create_fip_qos_db(self, context, fip_id, policy_id):
     policy = self._get_policy_obj(context, policy_id)
     policy.attach_floatingip(fip_id)
     binding_db_obj = obj_db_api.get_object(
         context, policy.fip_binding_model, fip_id=fip_id)
     return binding_db_obj
コード例 #37
0
ファイル: policy.py プロジェクト: eayunstack/neutron
 def _get_object_policy(cls, context, model, **kwargs):
     with db_api.autonested_transaction(context.session):
         binding_db_obj = obj_db_api.get_object(context, model, **kwargs)
         if binding_db_obj:
             return cls.get_object(context, id=binding_db_obj['policy_id'])