def test_extension_authorizer(self, action, valid): self.mock_object(policy, 'enforce') target = 'fake' extensions.extension_authorizer('api', 'fake')({}, target, action) policy.enforce.assert_called_once_with(mock.ANY, valid, target)
def test_extension_authorizer(self, action, valid): self.mock_object(policy, 'enforce') target = 'fake' extensions.extension_authorizer('api', 'fake')( {}, target, action) policy.enforce.assert_called_once_with(mock.ANY, valid, target)
def test_extension_authorizer_empty_target(self): self.mock_object(policy, 'enforce') target = None context = mock.Mock() context.project_id = 'fake' context.user_id = 'fake' extensions.extension_authorizer('api', 'fake')( context, target, 'fake') policy.enforce.assert_called_once_with( mock.ANY, mock.ANY, {'project_id': 'fake', 'user_id': 'fake'})
# not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from manila.api import extensions from manila.api.openstack import wsgi from manila import db authorize = extensions.extension_authorizer('share', 'availability_zones') class Controller(wsgi.Controller): def index(self, req): """Describe all known availability zones.""" context = req.environ['manila.context'] authorize(context) azs = db.availability_zone_get_all(context) return {'availability_zones': azs} class Availability_zones(extensions.ExtensionDescriptor): """Describe Availability Zones.""" name = 'AvailabilityZones'
from manila.api import extensions from manila.api.openstack import wsgi from manila.api import xmlutil from manila import db from manila.db.sqlalchemy import api as sqlalchemy_api from manila import exception from manila.openstack.common import log as logging from manila.openstack.common import strutils from manila import quota QUOTAS = quota.QUOTAS LOG = logging.getLogger(__name__) NON_QUOTA_KEYS = ['tenant_id', 'id', 'force'] authorize_update = extensions.extension_authorizer('compute', 'quotas:update') authorize_show = extensions.extension_authorizer('compute', 'quotas:show') authorize_delete = extensions.extension_authorizer('compute', 'quotas:delete') class QuotaTemplate(xmlutil.TemplateBuilder): def construct(self): root = xmlutil.TemplateElement('quota_set', selector='quota_set') root.set('id') for resource in QUOTAS.resources: elem = xmlutil.SubTemplateElement(root, resource) elem.text = resource return xmlutil.MasterTemplate(root, 1)
# # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from manila.api import extensions from manila.api.openstack import wsgi from manila import quota QUOTAS = quota.QUOTAS authorize = extensions.extension_authorizer('limits', 'used_limits') class UsedLimitsController(wsgi.Controller): @wsgi.extends def index(self, req, resp_obj): context = req.environ['manila.context'] authorize(context) quotas = QUOTAS.get_project_quotas(context, context.project_id, usages=True) quota_map = { 'totalSharesUsed': 'shares',
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import re import six import webob from manila.api import extensions from manila.api.openstack import wsgi from manila.api import xmlutil from manila import exception from manila import share authorize = extensions.extension_authorizer('share', 'services') class ShareAccessTemplate(xmlutil.TemplateBuilder): """XML Template for share access management methods.""" def construct(self): root = xmlutil.TemplateElement('access', selector='access') root.set("share_id") root.set("deleted") root.set("created_at") root.set("updated_at") root.set("access_type") root.set("access_to") root.set("state") root.set("deleted_at") root.set("id")
# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob from manila.api import extensions from manila import db from manila import exception from manila import quota QUOTAS = quota.QUOTAS authorize = extensions.extension_authorizer('share', 'quota_classes') class QuotaClassSetsController(object): def _format_quota_set(self, quota_class, quota_set): """Convert the quota object to a result dict.""" result = dict(id=str(quota_class)) for resource in QUOTAS.resources: result[resource] = quota_set[resource] return dict(quota_class_set=result) def show(self, req, id):
def authorize(self, context, action_name): action = '%s_admin_actions:%s' % (self.resource_name, action_name) extensions.extension_authorizer('share', action)(context)
from manila.api import xmlutil from manila import db from manila.db.sqlalchemy import api as sqlalchemy_api from manila import exception from manila.openstack.common.gettextutils import _ from manila.openstack.common import log as logging from manila.openstack.common import strutils from manila import quota QUOTAS = quota.QUOTAS LOG = logging.getLogger(__name__) NON_QUOTA_KEYS = ['tenant_id', 'id', 'force'] authorize_update = extensions.extension_authorizer('compute', 'quotas:update') authorize_show = extensions.extension_authorizer('compute', 'quotas:show') authorize_delete = extensions.extension_authorizer('compute', 'quotas:delete') class QuotaTemplate(xmlutil.TemplateBuilder): def construct(self): root = xmlutil.TemplateElement('quota_set', selector='quota_set') root.set('id') for resource in QUOTAS.resources: elem = xmlutil.SubTemplateElement(root, resource) elem.text = resource return xmlutil.MasterTemplate(root, 1)
# under the License. """The volume types extra specs extension""" import six import webob from manila.api import common from manila.api import extensions from manila.api.openstack import wsgi from manila import db from manila import exception from manila.i18n import _ from manila import rpc from manila.share import volume_types authorize = extensions.extension_authorizer('share', 'types_extra_specs') class VolumeTypeExtraSpecsController(wsgi.Controller): """The volume type extra specs API controller for the OpenStack API.""" def _get_extra_specs(self, context, type_id): extra_specs = db.volume_type_extra_specs_get(context, type_id) specs_dict = {} for key, value in six.iteritems(extra_specs): specs_dict[key] = value return dict(extra_specs=specs_dict) def _check_type(self, context, type_id): try: volume_types.get_volume_type(context, type_id) except exception.NotFound as ex:
def get_all(self, context, search_opts=None, sort_key='created_at', sort_dir='desc'): policy.check_policy(context, 'share', 'get_all') if search_opts is None: search_opts = {} LOG.debug("Searching for shares by: %s", six.text_type(search_opts)) # Prepare filters filters = {} if 'metadata' in search_opts: filters['metadata'] = search_opts.pop('metadata') if not isinstance(filters['metadata'], dict): msg = _("Wrong metadata filter provided: " "%s.") % six.text_type(filters['metadata']) raise exception.InvalidInput(reason=msg) if 'extra_specs' in search_opts: # Verify policy for extra-specs access extensions.extension_authorizer('share', 'types_extra_specs')(context) filters['extra_specs'] = search_opts.pop('extra_specs') if not isinstance(filters['extra_specs'], dict): msg = _("Wrong extra specs filter provided: " "%s.") % six.text_type(filters['extra_specs']) raise exception.InvalidInput(reason=msg) if not (isinstance(sort_key, six.string_types) and sort_key): msg = _("Wrong sort_key filter provided: " "'%s'.") % six.text_type(sort_key) raise exception.InvalidInput(reason=msg) if not (isinstance(sort_dir, six.string_types) and sort_dir): msg = _("Wrong sort_dir filter provided: " "'%s'.") % six.text_type(sort_dir) raise exception.InvalidInput(reason=msg) is_public = search_opts.pop('is_public', False) is_public = strutils.bool_from_string(is_public, strict=True) # Get filtered list of shares if 'share_server_id' in search_opts: # NOTE(vponomaryov): this is project_id independent policy.check_policy(context, 'share', 'list_by_share_server_id') shares = self.db.share_get_all_by_share_server( context, search_opts.pop('share_server_id'), filters=filters, sort_key=sort_key, sort_dir=sort_dir) elif (context.is_admin and 'all_tenants' in search_opts): shares = self.db.share_get_all(context, filters=filters, sort_key=sort_key, sort_dir=sort_dir) else: shares = self.db.share_get_all_by_project( context, project_id=context.project_id, user_id=context.user_id, filters=filters, is_public=is_public, sort_key=sort_key, sort_dir=sort_dir) # NOTE(vponomaryov): we do not need 'all_tenants' opt anymore search_opts.pop('all_tenants', None) if search_opts: results = [] for s in shares: # values in search_opts can be only strings if all(s.get(k, None) == v for k, v in search_opts.items()): results.append(s) shares = results return shares
# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import six from manila.api import extensions from manila.api.openstack import wsgi from manila import quota QUOTAS = quota.QUOTAS authorize = extensions.extension_authorizer('limits', 'used_limits') class UsedLimitsController(wsgi.Controller): @wsgi.extends def index(self, req, resp_obj): context = req.environ['manila.context'] authorize(context) quotas = QUOTAS.get_project_quotas(context, context.project_id, usages=True) quota_map = { 'totalSharesUsed': 'shares', 'totalShareSnapshotsUsed': 'snapshots',
import webob.exc from manila.api import extensions from manila.api.openstack import wsgi from manila.api import xmlutil from manila import db from manila import exception from manila.openstack.common import log as logging from manila.openstack.common import timeutils from manila import utils LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer("share", "services") class ServicesIndexTemplate(xmlutil.TemplateBuilder): def construct(self): root = xmlutil.TemplateElement("services") elem = xmlutil.SubTemplateElement(root, "service", selector="services") elem.set("binary") elem.set("host") elem.set("zone") elem.set("status") elem.set("state") elem.set("update_at") return xmlutil.MasterTemplate(root, 1)
# under the License. """The volume types manage extension.""" import six import webob from manila.api import extensions from manila.api.openstack import wsgi from manila.api.views import types as views_types from manila import exception from manila import rpc from manila.share import volume_types authorize = extensions.extension_authorizer('share', 'types_manage') class VolumeTypesManageController(wsgi.Controller): """The volume types API controller for the OpenStack API.""" _view_builder_class = views_types.ViewBuilder def _notify_volume_type_error(self, context, method, payload): rpc.get_notifier('volumeType').error(context, method, payload) @wsgi.action("create") def _create(self, req, body): """Creates a new volume type.""" context = req.environ['manila.context'] authorize(context)
def authorize(self, context, action_name): action = "%s_admin_actions:%s" % (self.resource_name, action_name) extensions.extension_authorizer("share", action)(context)
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """The volume types manage extension.""" import six import webob from manila.api import extensions from manila.api.openstack import wsgi from manila.api.views import types as views_types from manila import exception from manila import rpc from manila.share import volume_types authorize = extensions.extension_authorizer('share', 'types_manage') class VolumeTypesManageController(wsgi.Controller): """The volume types API controller for the OpenStack API.""" _view_builder_class = views_types.ViewBuilder def _notify_volume_type_error(self, context, method, payload): rpc.get_notifier('volumeType').error(context, method, payload) @wsgi.action("create") def _create(self, req, body): """Creates a new volume type.""" context = req.environ['manila.context'] authorize(context)
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob from manila.api import extensions from manila.api.openstack import wsgi from manila.api import xmlutil from manila import db from manila import exception from manila import quota QUOTAS = quota.QUOTAS authorize = extensions.extension_authorizer('share', 'quota_classes') class QuotaClassTemplate(xmlutil.TemplateBuilder): def construct(self): root = xmlutil.TemplateElement('quota_class_set', selector='quota_class_set') root.set('id') for resource in QUOTAS.resources: elem = xmlutil.SubTemplateElement(root, resource) elem.text = resource return xmlutil.MasterTemplate(root, 1)
# License for the specific language governing permissions and limitations # under the License. import re import six import webob from manila.api import extensions from manila.api.openstack import wsgi from manila.api import xmlutil from manila import exception from manila import share authorize = extensions.extension_authorizer('share', 'services') class ShareAccessTemplate(xmlutil.TemplateBuilder): """XML Template for share access management methods.""" def construct(self): root = xmlutil.TemplateElement('access', selector='access') root.set("share_id") root.set("deleted") root.set("created_at") root.set("updated_at") root.set("access_type") root.set("access_to") root.set("state")
"""The share types extra specs extension""" import six import webob from manila.api import common from manila.api import extensions from manila.api.openstack import wsgi from manila import db from manila import exception from manila.i18n import _ from manila import rpc from manila.share import share_types authorize = extensions.extension_authorizer('share', 'types_extra_specs') class ShareTypeExtraSpecsController(wsgi.Controller): """The share type extra specs API controller for the OpenStack API.""" def _get_extra_specs(self, context, type_id): extra_specs = db.share_type_extra_specs_get(context, type_id) specs_dict = {} for key, value in six.iteritems(extra_specs): specs_dict[key] = value return dict(extra_specs=specs_dict) def _check_type(self, context, type_id): try: share_types.get_share_type(context, type_id)
def get_all(self, context, search_opts=None, sort_key='created_at', sort_dir='desc'): policy.check_policy(context, 'share', 'get_all') if search_opts is None: search_opts = {} LOG.debug("Searching for shares by: %s", six.text_type(search_opts)) # Prepare filters filters = {} if 'metadata' in search_opts: filters['metadata'] = search_opts.pop('metadata') if not isinstance(filters['metadata'], dict): msg = _("Wrong metadata filter provided: " "%s.") % six.text_type(filters['metadata']) raise exception.InvalidInput(reason=msg) if 'extra_specs' in search_opts: # Verify policy for extra-specs access extensions.extension_authorizer( 'share', 'types_extra_specs')(context) filters['extra_specs'] = search_opts.pop('extra_specs') if not isinstance(filters['extra_specs'], dict): msg = _("Wrong extra specs filter provided: " "%s.") % six.text_type(filters['extra_specs']) raise exception.InvalidInput(reason=msg) if not (isinstance(sort_key, six.string_types) and sort_key): msg = _("Wrong sort_key filter provided: " "'%s'.") % six.text_type(sort_key) raise exception.InvalidInput(reason=msg) if not (isinstance(sort_dir, six.string_types) and sort_dir): msg = _("Wrong sort_dir filter provided: " "'%s'.") % six.text_type(sort_dir) raise exception.InvalidInput(reason=msg) is_public = search_opts.pop('is_public', False) is_public = strutils.bool_from_string(is_public, strict=True) # Get filtered list of shares if 'share_server_id' in search_opts: # NOTE(vponomaryov): this is project_id independent policy.check_policy(context, 'share', 'list_by_share_server_id') shares = self.db.share_get_all_by_share_server( context, search_opts.pop('share_server_id'), filters=filters, sort_key=sort_key, sort_dir=sort_dir) elif (context.is_admin and 'all_tenants' in search_opts): shares = self.db.share_get_all( context, filters=filters, sort_key=sort_key, sort_dir=sort_dir) else: shares = self.db.share_get_all_by_project( context, project_id=context.project_id, filters=filters, is_public=is_public, sort_key=sort_key, sort_dir=sort_dir) # NOTE(vponomaryov): we do not need 'all_tenants' opt anymore search_opts.pop('all_tenants', None) if search_opts: results = [] for s in shares: # values in search_opts can be only strings if all(s.get(k, None) == v for k, v in search_opts.items()): results.append(s) shares = results return shares
# under the License. import webob from manila.api import extensions from manila.api.openstack import wsgi from manila.api import xmlutil from manila import db from manila import exception from manila import quota QUOTAS = quota.QUOTAS authorize = extensions.extension_authorizer("share", "quota_classes") class QuotaClassTemplate(xmlutil.TemplateBuilder): def construct(self): root = xmlutil.TemplateElement("quota_class_set", selector="quota_class_set") root.set("id") for resource in QUOTAS.resources: elem = xmlutil.SubTemplateElement(root, resource) elem.text = resource return xmlutil.MasterTemplate(root, 1) class QuotaClassSetsController(object):
# under the License. from oslo_log import log import six import webob from webob import exc from manila.api import extensions from manila.api.openstack import wsgi from manila.common import constants from manila import exception from manila.i18n import _ from manila.i18n import _LI from manila import share authorize = extensions.extension_authorizer('share', 'unmanage') LOG = log.getLogger(__name__) class ShareUnmanageController(wsgi.Controller): def __init__(self, *args, **kwargs): super(ShareUnmanageController, self).__init__(*args, **kwargs) self.share_api = share.API() @wsgi.action('create') def unmanage(self, req, id): """Unmanage a share.""" context = req.environ['manila.context'] authorize(context)
from oslo_utils import uuidutils import six import webob from manila.api import extensions from manila.api.openstack import wsgi from manila import exception from manila.i18n import _ from manila.share import share_types soft_authorize = extensions.soft_extension_authorizer('share', 'share_type_access') authorize = extensions.extension_authorizer('share', 'share_type_access') def _marshall_share_type_access(share_type): rval = [] for project_id in share_type['projects']: rval.append({'share_type_id': share_type['id'], 'project_id': project_id}) return {'share_type_access': rval} class ShareTypeAccessController(object): """The share type access API controller for the OpenStack API.""" def index(self, req, type_id):