def delete_bgp_speaker(self, context, bgp_speaker_id):
policy.check_is_admin(context)
hosted_bgp_dragents = self.get_dragents_hosting_bgp_speakers(
context, [bgp_speaker_id])
super(BgpPlugin, self).delete_bgp_speaker(context, bgp_speaker_id)
for agent in hosted_bgp_dragents:
self._bgp_rpc.bgp_speaker_removed(context, bgp_speaker_id,
agent.host)
def get_bgp_peers(self, context, fields=None, filters=None, sorts=None,
limit=None, marker=None, page_reverse=False):
policy.check_is_admin(context)
return super(BgpPlugin, self).get_bgp_peers(
context, fields=fields,
filters=filters, sorts=sorts,
limit=limit, marker=marker,
page_reverse=page_reverse)
def delete_bgp_speaker(self, context, bgp_speaker_id):
policy.check_is_admin(context)
hosted_bgp_dragents = self.get_dragents_hosting_bgp_speakers(
context,
[bgp_speaker_id])
super(BgpPlugin, self).delete_bgp_speaker(context, bgp_speaker_id)
for agent in hosted_bgp_dragents:
self._bgp_rpc.bgp_speaker_removed(context,
bgp_speaker_id,
agent.host)
def add_bgp_peer(self, context, bgp_speaker_id, bgp_peer_info):
policy.check_is_admin(context)
ret_value = super(BgpPlugin,
self).add_bgp_peer(context, bgp_speaker_id,
bgp_peer_info)
hosted_bgp_dragents = self.get_dragents_hosting_bgp_speakers(
context, [bgp_speaker_id])
for agent in hosted_bgp_dragents:
self._bgp_rpc.bgp_peer_associated(context, bgp_speaker_id,
ret_value['bgp_peer_id'],
agent.host)
return ret_value
def add_bgp_peer(self, context, bgp_speaker_id, bgp_peer_info):
policy.check_is_admin(context)
ret_value = super(BgpPlugin, self).add_bgp_peer(context,
bgp_speaker_id,
bgp_peer_info)
hosted_bgp_dragents = self.get_dragents_hosting_bgp_speakers(
context,
[bgp_speaker_id])
for agent in hosted_bgp_dragents:
self._bgp_rpc.bgp_peer_associated(context, bgp_speaker_id,
ret_value['bgp_peer_id'],
agent.host)
return ret_value
def __init__(self, user_id, tenant_id, is_admin=None, roles=None,
timestamp=None, request_id=None, tenant_name=None,
user_name=None, overwrite=True, auth_token=None,
is_advsvc=None, **kwargs):
"""Object initialization.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
super(ContextBase, self).__init__(auth_token=auth_token,
user=user_id, tenant=tenant_id,
is_admin=is_admin,
request_id=request_id,
overwrite=overwrite)
self.user_name = user_name
self.tenant_name = tenant_name
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self.roles = roles or []
self.is_advsvc = is_advsvc
if self.is_advsvc is None:
self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
def __init__(self, user_id=None, tenant_id=None, is_admin=None,
timestamp=None, tenant_name=None, user_name=None,
is_advsvc=None, **kwargs):
"""Object initialization.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
"""
# NOTE(jamielennox): We maintain these arguments in order for tests
# that pass arguments positionally.
kwargs.setdefault('user', user_id)
kwargs.setdefault('tenant', tenant_id)
super(ContextBase, self).__init__(is_admin=is_admin, **kwargs)
self.user_name = user_name
self.tenant_name = tenant_name
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self.is_advsvc = is_advsvc
if self.is_advsvc is None:
self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
def __init__(self,
user_id,
tenant_id,
is_admin=None,
read_deleted="no",
roles=None,
timestamp=None,
load_admin_roles=True,
**kwargs):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
"""
if kwargs:
LOG.warn(_('Arguments dropped when creating '
'context: %s'), kwargs)
super(ContextBase, self).__init__(user=user_id,
tenant=tenant_id,
is_admin=is_admin)
self.read_deleted = read_deleted
if not timestamp:
timestamp = datetime.utcnow()
self.timestamp = timestamp
self._session = None
self.roles = roles or []
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin and load_admin_roles:
# Ensure context is populated with admin roles
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
def __init__(self, user_id, tenant_id, is_admin=None, read_deleted="no",
roles=None, timestamp=None, load_admin_roles=True, **kwargs):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
"""
if kwargs:
LOG.warn(_('Arguments dropped when creating '
'context: %s'), kwargs)
super(ContextBase, self).__init__(user=user_id, tenant=tenant_id,
is_admin=is_admin)
self.read_deleted = read_deleted
if not timestamp:
timestamp = datetime.utcnow()
self.timestamp = timestamp
self._session = None
self.roles = roles or []
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin and load_admin_roles:
# Ensure context is populated with admin roles
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
def __init__(self,
user_id=None,
tenant_id=None,
is_admin=None,
timestamp=None,
tenant_name=None,
user_name=None,
is_advsvc=None,
**kwargs):
"""Object initialization.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
"""
# NOTE(jamielennox): We maintain these arguments in order for tests
# that pass arguments positionally.
kwargs.setdefault('user', user_id)
kwargs.setdefault('tenant', tenant_id)
super(ContextBase, self).__init__(is_admin=is_admin, **kwargs)
self.user_name = user_name
# NOTE(sdague): tenant* is a deprecated set of names from
# keystone, and is no longer set in modern keystone middleware
# code, as such this is almost always going to be None.
self.tenant_name = tenant_name
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self.is_advsvc = is_advsvc
if self.is_advsvc is None:
self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
def __init__(self, user_id, tenant_id, is_admin=None, read_deleted="no",
roles=None, timestamp=None, **kwargs):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
"""
if kwargs:
LOG.warn(_('Arguments dropped when creating '
'context: %s'), kwargs)
super(ContextBase, self).__init__(user=user_id, tenant=tenant_id,
is_admin=is_admin)
self.read_deleted = read_deleted
if not timestamp:
timestamp = datetime.utcnow()
self.timestamp = timestamp
self._session = None
self.roles = roles or []
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin:
# Ensure context is populated with admin roles
# TODO(salvatore-orlando): It should not be necessary
# to populate roles in artificially-generated contexts
# address in bp/make-authz-orthogonal
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
def __init__(self,
user_id,
tenant_id,
is_admin=None,
read_deleted="no",
roles=None,
timestamp=None,
load_admin_roles=True,
request_id=None,
tenant_name=None,
user_name=None,
overwrite=True,
auth_token=None,
gc_resource_type=1,
**kwargs):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
super(ContextBase, self).__init__(auth_token=auth_token,
user=user_id,
tenant=tenant_id,
is_admin=is_admin,
request_id=request_id)
self.user_name = user_name
self.tenant_name = tenant_name
### add by xm at 2015.9.22
self.gc_resource_type = gc_resource_type
self.read_deleted = read_deleted
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self._session = None
self.roles = roles or []
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin and load_admin_roles:
# Ensure context is populated with admin roles
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
# Allow openstack.common.log to access the context
if overwrite or not hasattr(local.store, 'context'):
local.store.context = self
# Log only once the context has been configured to prevent
# format errors.
if kwargs:
LOG.debug(_('Arguments dropped when creating '
'context: %s'), kwargs)
def __init__(self,
user_id=None,
tenant_id=None,
is_admin=None,
timestamp=None,
tenant_name=None,
user_name=None,
is_advsvc=None,
**kwargs):
"""Object initialization.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
"""
# NOTE(jamielennox): We maintain these arguments in order for tests
# that pass arguments positionally.
kwargs.setdefault('user', user_id)
kwargs.setdefault('tenant', tenant_id)
super(ContextBase, self).__init__(is_admin=is_admin, **kwargs)
self.user_name = user_name
self.tenant_name = tenant_name
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self.is_advsvc = is_advsvc
if self.is_advsvc is None:
self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
def load_context(self, req):
super(NeutronContextFilter, self).load_context(req)
tenant_id = req.headers.get('X_TENANT_ID')
user_id = req.headers.get('X_USER_ID')
if tenant_id is None or user_id is None:
if self.require_auth_info:
return False
# get_admin_context() does not provide a parameter to set
# overwrite=True
# set overwrite=True to avoid duplicate request-id's
ctx = self.neutron_ctx.Context(user_id=None,
tenant_id=None,
is_admin=True,
overwrite=True)
else:
# set overwrite=True to avoid duplicate request-id's
ctx = self.neutron_ctx.Context(user_id=user_id,
tenant_id=tenant_id,
overwrite=True)
self.context = ctx
self._process_roles(req.headers.get('X_ROLES', ''))
# By default, the normal neutron context will set is_advcsvc to True if
# it is an admin context. This resets it to what the actual policy
# says it should be. This must be done after _process_roles is called
# because the policy check relies on the roles.
# TODO(blogan): remove this if upstream changes the behavior
# of is_advsvc to only depend on the policy.
self.context.is_advsvc = policy.check_is_advsvc(self.context)
# If not admin, check if current roles provide admin status.
if not self.context.is_admin:
self.context.is_admin = policy.check_is_admin(self.context)
req.environ['neutron.context'] = self.context
return True
def __init__(self, user_id, tenant_id, is_admin=None, roles=None,
timestamp=None, request_id=None, tenant_name=None,
user_name=None, overwrite=True, auth_token=None,
is_advsvc=None, **kwargs):
"""Object initialization.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
super(ContextBase, self).__init__(auth_token=auth_token,
user=user_id, tenant=tenant_id,
is_admin=is_admin,
request_id=request_id,
overwrite=overwrite)
self.user_name = user_name
self.tenant_name = tenant_name
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self.roles = roles or []
self.is_advsvc = is_advsvc
if self.is_advsvc is None:
self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
def get_bgp_peers(self,
context,
fields=None,
filters=None,
sorts=None,
limit=None,
marker=None,
page_reverse=False):
policy.check_is_admin(context)
return super(BgpPlugin, self).get_bgp_peers(context,
fields=fields,
filters=filters,
sorts=sorts,
limit=limit,
marker=marker,
page_reverse=page_reverse)
def __init__(
self,
user_id,
tenant_id,
is_admin=None,
read_deleted="no",
roles=None,
timestamp=None,
load_admin_roles=True,
request_id=None,
tenant_name=None,
user_name=None,
overwrite=True,
auth_token=None,
**kwargs
):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
super(ContextBase, self).__init__(
auth_token=auth_token, user=user_id, tenant=tenant_id, is_admin=is_admin, request_id=request_id
)
self.user_name = user_name
self.tenant_name = tenant_name
self.read_deleted = read_deleted
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self._session = None
self.roles = roles or []
self.is_advsvc = policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin and load_admin_roles:
# Ensure context is populated with admin roles
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
# Allow openstack.common.log to access the context
if overwrite or not hasattr(local.store, "context"):
local.store.context = self
# Log only once the context has been configured to prevent
# format errors.
if kwargs:
LOG.debug(_("Arguments dropped when creating " "context: %s"), kwargs)
def __init__(self,
user_id,
tenant_id,
is_admin=None,
read_deleted="no",
roles=None,
timestamp=None,
load_admin_roles=True,
request_id=None,
tenant_name=None,
user_name=None,
overwrite=True,
auth_token=None,
**kwargs):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
super(ContextBase, self).__init__(auth_token=auth_token,
user=user_id,
tenant=tenant_id,
is_admin=is_admin,
request_id=request_id,
overwrite=overwrite)
self.user_name = user_name
self.tenant_name = tenant_name
self.read_deleted = read_deleted
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self._session = None
self.roles = roles or []
self.is_advsvc = policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin and load_admin_roles:
# Ensure context is populated with admin roles
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
def __init__(self, user_id, tenant_id, is_admin=None, read_deleted="no",
roles=None, timestamp=None, load_admin_roles=True,
request_id=None, tenant_name=None, user_name=None,
overwrite=True, auth_token=None, **kwargs):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
:param kwargs: Extra arguments that might be present, but we ignore
because they possibly came in from older rpc messages.
"""
super(ContextBase, self).__init__(auth_token=auth_token,
user=user_id, tenant=tenant_id,
is_admin=is_admin,
request_id=request_id,
overwrite=overwrite)
self.user_name = user_name
self.tenant_name = tenant_name
self.read_deleted = read_deleted
if not timestamp:
timestamp = datetime.datetime.utcnow()
self.timestamp = timestamp
self._session = None
self.roles = roles or []
self.is_advsvc = policy.check_is_advsvc(self)
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin and load_admin_roles:
# Ensure context is populated with admin roles
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
def __init__(self,
user_id,
tenant_id,
is_admin=None,
read_deleted="no",
roles=None,
timestamp=None,
**kwargs):
"""Object initialization.
:param read_deleted: 'no' indicates deleted records are hidden, 'yes'
indicates deleted records are visible, 'only' indicates that
*only* deleted records are visible.
"""
if kwargs:
LOG.warn(_('Arguments dropped when creating '
'context: %s'), kwargs)
super(ContextBase, self).__init__(user=user_id,
tenant=tenant_id,
is_admin=is_admin)
self.read_deleted = read_deleted
if not timestamp:
timestamp = datetime.utcnow()
self.timestamp = timestamp
self._session = None
self.roles = roles or []
if self.is_admin is None:
self.is_admin = policy.check_is_admin(self)
elif self.is_admin:
# Ensure context is populated with admin roles
# TODO(salvatore-orlando): It should not be necessary
# to populate roles in artificially-generated contexts
# address in bp/make-authz-orthogonal
admin_roles = policy.get_admin_roles()
if admin_roles:
self.roles = list(set(self.roles) | set(admin_roles))
def list_bgp_speaker_on_dragent(self, context, agent_id):
policy.check_is_admin(context)
return super(BgpPlugin, self).list_bgp_speaker_on_dragent(context,
agent_id)
def list_dragent_hosting_bgp_speaker(self, context, speaker_id):
policy.check_is_admin(context)
return super(BgpPlugin, self).list_dragent_hosting_bgp_speaker(
context,
speaker_id)
def get_advertised_routes(self, context, bgp_speaker_id):
policy.check_is_admin(context)
return super(BgpPlugin, self).get_advertised_routes(context,
bgp_speaker_id)
def remove_gateway_network(self, context, bgp_speaker_id, network_info):
policy.check_is_admin(context)
return super(BgpPlugin, self).remove_gateway_network(context,
bgp_speaker_id,
network_info)
def test_check_is_admin_with_admin_context_succeeds(self):
admin_context = context.get_admin_context()
# explicitly set roles as this test verifies user credentials
# with the policy engine
admin_context.roles = ['admin']
self.assertTrue(policy.check_is_admin(admin_context))
def update_bgp_peer(self, context, bgp_peer_id, bgp_peer):
policy.check_is_admin(context)
return super(BgpPlugin, self).update_bgp_peer(context, bgp_peer_id,
bgp_peer)
def list_dragent_hosting_bgp_speaker(self, context, speaker_id):
policy.check_is_admin(context)
return super(BgpPlugin, self).list_dragent_hosting_bgp_speaker(
context, speaker_id)
def remove_gateway_network(self, context, bgp_speaker_id, network_info):
policy.check_is_admin(context)
return super(BgpPlugin,
self).remove_gateway_network(context, bgp_speaker_id,
network_info)
def test_check_is_admin_with_user_context_fails(self):
self.assertFalse(policy.check_is_admin(self.context))
def add_bgp_speaker_to_dragent(self, context, agent_id, speaker_id):
policy.check_is_admin(context)
super(BgpPlugin, self).add_bgp_speaker_to_dragent(context,
agent_id,
speaker_id)
def update_bgp_peer(self, context, bgp_peer_id, bgp_peer):
policy.check_is_admin(context)
return super(BgpPlugin, self).update_bgp_peer(context,
bgp_peer_id,
bgp_peer)
def test_check_is_admin_with_no_admin_policy_fails(self):
del self.rules[policy.ADMIN_CTX_POLICY]
admin_context = context.get_admin_context()
self.assertFalse(policy.check_is_admin(admin_context))
def delete_bgp_peer(self, context, bgp_peer_id):
policy.check_is_admin(context)
super(BgpPlugin, self).delete_bgp_peer(context, bgp_peer_id)
def test_check_is_admin_with_admin_context_succeeds(self):
admin_context = context.get_admin_context()
self.assertTrue(policy.check_is_admin(admin_context))
def get_advertised_routes(self, context, bgp_speaker_id):
policy.check_is_admin(context)
return super(BgpPlugin,
self).get_advertised_routes(context, bgp_speaker_id)
def remove_bgp_speaker_from_dragent(self, context, agent_id, speaker_id):
policy.check_is_admin(context)
super(BgpPlugin, self).remove_bgp_speaker_from_dragent(context,
agent_id,
speaker_id)
def create_bgp_speaker(self, context, bgp_speaker):
policy.check_is_admin(context)
bgp_speaker = super(BgpPlugin,
self).create_bgp_speaker(context, bgp_speaker)
return bgp_speaker
def test_check_is_admin_with_user_context_fails(self):
self.assertFalse(policy.check_is_admin(self.context))
def get_bgp_peer(self, context, bgp_peer_id, fields=None):
policy.check_is_admin(context)
return super(BgpPlugin, self).get_bgp_peer(context,
bgp_peer_id,
fields=fields)
def get_bgp_peer(self, context, bgp_peer_id, fields=None):
policy.check_is_admin(context)
return super(BgpPlugin, self).get_bgp_peer(context,
bgp_peer_id,
fields=fields)
def remove_bgp_speaker_from_dragent(self, context, agent_id, speaker_id):
policy.check_is_admin(context)
super(BgpPlugin,
self).remove_bgp_speaker_from_dragent(context, agent_id,
speaker_id)
def test_check_is_admin_with_admin_context_succeeds(self):
admin_context = context.get_admin_context()
# explicitly set roles as this test verifies user credentials
# with the policy engine
admin_context.roles = ['admin']
self.assertTrue(policy.check_is_admin(admin_context))
def list_bgp_speaker_on_dragent(self, context, agent_id):
policy.check_is_admin(context)
return super(BgpPlugin,
self).list_bgp_speaker_on_dragent(context, agent_id)
def test_check_is_admin_with_no_admin_policy_fails(self):
del self.rules[policy.ADMIN_CTX_POLICY]
admin_context = context.get_admin_context()
self.assertFalse(policy.check_is_admin(admin_context))
def delete_bgp_peer(self, context, bgp_peer_id):
policy.check_is_admin(context)
super(BgpPlugin, self).delete_bgp_peer(context, bgp_peer_id)
def add_bgp_speaker_to_dragent(self, context, agent_id, speaker_id):
policy.check_is_admin(context)
super(BgpPlugin,
self).add_bgp_speaker_to_dragent(context, agent_id, speaker_id)
def create_bgp_speaker(self, context, bgp_speaker):
policy.check_is_admin(context)
bgp_speaker = super(BgpPlugin, self).create_bgp_speaker(context,
bgp_speaker)
return bgp_speaker