def delete_bgp_speaker(self, context, bgp_speaker_id):
     policy.check_is_admin(context)
     hosted_bgp_dragents = self.get_dragents_hosting_bgp_speakers(
         context, [bgp_speaker_id])
     super(BgpPlugin, self).delete_bgp_speaker(context, bgp_speaker_id)
     for agent in hosted_bgp_dragents:
         self._bgp_rpc.bgp_speaker_removed(context, bgp_speaker_id,
                                           agent.host)
 def get_bgp_peers(self, context, fields=None, filters=None, sorts=None,
                   limit=None, marker=None, page_reverse=False):
     policy.check_is_admin(context)
     return super(BgpPlugin, self).get_bgp_peers(
                                              context, fields=fields,
                                              filters=filters, sorts=sorts,
                                              limit=limit, marker=marker,
                                              page_reverse=page_reverse)
 def delete_bgp_speaker(self, context, bgp_speaker_id):
     policy.check_is_admin(context)
     hosted_bgp_dragents = self.get_dragents_hosting_bgp_speakers(
                                                          context,
                                                          [bgp_speaker_id])
     super(BgpPlugin, self).delete_bgp_speaker(context, bgp_speaker_id)
     for agent in hosted_bgp_dragents:
         self._bgp_rpc.bgp_speaker_removed(context,
                                           bgp_speaker_id,
                                           agent.host)
 def add_bgp_peer(self, context, bgp_speaker_id, bgp_peer_info):
     policy.check_is_admin(context)
     ret_value = super(BgpPlugin,
                       self).add_bgp_peer(context, bgp_speaker_id,
                                          bgp_peer_info)
     hosted_bgp_dragents = self.get_dragents_hosting_bgp_speakers(
         context, [bgp_speaker_id])
     for agent in hosted_bgp_dragents:
         self._bgp_rpc.bgp_peer_associated(context, bgp_speaker_id,
                                           ret_value['bgp_peer_id'],
                                           agent.host)
     return ret_value
 def add_bgp_peer(self, context, bgp_speaker_id, bgp_peer_info):
     policy.check_is_admin(context)
     ret_value = super(BgpPlugin, self).add_bgp_peer(context,
                                                     bgp_speaker_id,
                                                     bgp_peer_info)
     hosted_bgp_dragents = self.get_dragents_hosting_bgp_speakers(
                                                          context,
                                                          [bgp_speaker_id])
     for agent in hosted_bgp_dragents:
         self._bgp_rpc.bgp_peer_associated(context, bgp_speaker_id,
                                           ret_value['bgp_peer_id'],
                                           agent.host)
     return ret_value
예제 #6
0
    def __init__(self, user_id, tenant_id, is_admin=None, roles=None,
                 timestamp=None, request_id=None, tenant_name=None,
                 user_name=None, overwrite=True, auth_token=None,
                 is_advsvc=None, **kwargs):
        """Object initialization.

        :param overwrite: Set to False to ensure that the greenthread local
            copy of the index is not overwritten.

        :param kwargs: Extra arguments that might be present, but we ignore
            because they possibly came in from older rpc messages.
        """
        super(ContextBase, self).__init__(auth_token=auth_token,
                                          user=user_id, tenant=tenant_id,
                                          is_admin=is_admin,
                                          request_id=request_id,
                                          overwrite=overwrite)
        self.user_name = user_name
        self.tenant_name = tenant_name

        if not timestamp:
            timestamp = datetime.datetime.utcnow()
        self.timestamp = timestamp
        self.roles = roles or []
        self.is_advsvc = is_advsvc
        if self.is_advsvc is None:
            self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
예제 #7
0
    def __init__(self, user_id=None, tenant_id=None, is_admin=None,
                 timestamp=None, tenant_name=None, user_name=None,
                 is_advsvc=None, **kwargs):
        """Object initialization.

        :param overwrite: Set to False to ensure that the greenthread local
            copy of the index is not overwritten.
        """
        # NOTE(jamielennox): We maintain these arguments in order for tests
        # that pass arguments positionally.
        kwargs.setdefault('user', user_id)
        kwargs.setdefault('tenant', tenant_id)
        super(ContextBase, self).__init__(is_admin=is_admin, **kwargs)

        self.user_name = user_name
        self.tenant_name = tenant_name

        if not timestamp:
            timestamp = datetime.datetime.utcnow()
        self.timestamp = timestamp
        self.is_advsvc = is_advsvc
        if self.is_advsvc is None:
            self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
예제 #8
0
파일: context.py 프로젝트: rhel-osp/neutron
    def __init__(self,
                 user_id,
                 tenant_id,
                 is_admin=None,
                 read_deleted="no",
                 roles=None,
                 timestamp=None,
                 load_admin_roles=True,
                 **kwargs):
        """Object initialization.

        :param read_deleted: 'no' indicates deleted records are hidden, 'yes'
            indicates deleted records are visible, 'only' indicates that
            *only* deleted records are visible.
        """
        if kwargs:
            LOG.warn(_('Arguments dropped when creating '
                       'context: %s'), kwargs)
        super(ContextBase, self).__init__(user=user_id,
                                          tenant=tenant_id,
                                          is_admin=is_admin)
        self.read_deleted = read_deleted
        if not timestamp:
            timestamp = datetime.utcnow()
        self.timestamp = timestamp
        self._session = None
        self.roles = roles or []
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
        elif self.is_admin and load_admin_roles:
            # Ensure context is populated with admin roles
            admin_roles = policy.get_admin_roles()
            if admin_roles:
                self.roles = list(set(self.roles) | set(admin_roles))
예제 #9
0
    def __init__(self, user_id, tenant_id, is_admin=None, read_deleted="no",
                 roles=None, timestamp=None, load_admin_roles=True, **kwargs):
        """Object initialization.

        :param read_deleted: 'no' indicates deleted records are hidden, 'yes'
            indicates deleted records are visible, 'only' indicates that
            *only* deleted records are visible.
        """
        if kwargs:
            LOG.warn(_('Arguments dropped when creating '
                       'context: %s'), kwargs)
        super(ContextBase, self).__init__(user=user_id, tenant=tenant_id,
                                          is_admin=is_admin)
        self.read_deleted = read_deleted
        if not timestamp:
            timestamp = datetime.utcnow()
        self.timestamp = timestamp
        self._session = None
        self.roles = roles or []
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
        elif self.is_admin and load_admin_roles:
            # Ensure context is populated with admin roles
            admin_roles = policy.get_admin_roles()
            if admin_roles:
                self.roles = list(set(self.roles) | set(admin_roles))
예제 #10
0
    def __init__(self,
                 user_id=None,
                 tenant_id=None,
                 is_admin=None,
                 timestamp=None,
                 tenant_name=None,
                 user_name=None,
                 is_advsvc=None,
                 **kwargs):
        """Object initialization.

        :param overwrite: Set to False to ensure that the greenthread local
            copy of the index is not overwritten.
        """
        # NOTE(jamielennox): We maintain these arguments in order for tests
        # that pass arguments positionally.
        kwargs.setdefault('user', user_id)
        kwargs.setdefault('tenant', tenant_id)
        super(ContextBase, self).__init__(is_admin=is_admin, **kwargs)

        self.user_name = user_name
        # NOTE(sdague): tenant* is a deprecated set of names from
        # keystone, and is no longer set in modern keystone middleware
        # code, as such this is almost always going to be None.
        self.tenant_name = tenant_name

        if not timestamp:
            timestamp = datetime.datetime.utcnow()
        self.timestamp = timestamp
        self.is_advsvc = is_advsvc
        if self.is_advsvc is None:
            self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
    def __init__(self, user_id, tenant_id, is_admin=None, read_deleted="no",
                 roles=None, timestamp=None, **kwargs):
        """Object initialization.

        :param read_deleted: 'no' indicates deleted records are hidden, 'yes'
            indicates deleted records are visible, 'only' indicates that
            *only* deleted records are visible.
        """
        if kwargs:
            LOG.warn(_('Arguments dropped when creating '
                       'context: %s'), kwargs)
        super(ContextBase, self).__init__(user=user_id, tenant=tenant_id,
                                          is_admin=is_admin)
        self.read_deleted = read_deleted
        if not timestamp:
            timestamp = datetime.utcnow()
        self.timestamp = timestamp
        self._session = None
        self.roles = roles or []
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
        elif self.is_admin:
            # Ensure context is populated with admin roles
            # TODO(salvatore-orlando): It should not be necessary
            # to populate roles in artificially-generated contexts
            # address in bp/make-authz-orthogonal
            admin_roles = policy.get_admin_roles()
            if admin_roles:
                self.roles = list(set(self.roles) | set(admin_roles))
    def __init__(self,
                 user_id,
                 tenant_id,
                 is_admin=None,
                 read_deleted="no",
                 roles=None,
                 timestamp=None,
                 load_admin_roles=True,
                 request_id=None,
                 tenant_name=None,
                 user_name=None,
                 overwrite=True,
                 auth_token=None,
                 gc_resource_type=1,
                 **kwargs):
        """Object initialization.

        :param read_deleted: 'no' indicates deleted records are hidden, 'yes'
            indicates deleted records are visible, 'only' indicates that
            *only* deleted records are visible.

        :param overwrite: Set to False to ensure that the greenthread local
            copy of the index is not overwritten.

        :param kwargs: Extra arguments that might be present, but we ignore
            because they possibly came in from older rpc messages.
        """
        super(ContextBase, self).__init__(auth_token=auth_token,
                                          user=user_id,
                                          tenant=tenant_id,
                                          is_admin=is_admin,
                                          request_id=request_id)
        self.user_name = user_name
        self.tenant_name = tenant_name

        ### add by xm at 2015.9.22
        self.gc_resource_type = gc_resource_type

        self.read_deleted = read_deleted
        if not timestamp:
            timestamp = datetime.datetime.utcnow()
        self.timestamp = timestamp
        self._session = None
        self.roles = roles or []
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
        elif self.is_admin and load_admin_roles:
            # Ensure context is populated with admin roles
            admin_roles = policy.get_admin_roles()
            if admin_roles:
                self.roles = list(set(self.roles) | set(admin_roles))
        # Allow openstack.common.log to access the context
        if overwrite or not hasattr(local.store, 'context'):
            local.store.context = self

        # Log only once the context has been configured to prevent
        # format errors.
        if kwargs:
            LOG.debug(_('Arguments dropped when creating '
                        'context: %s'), kwargs)
예제 #13
0
    def __init__(self,
                 user_id=None,
                 tenant_id=None,
                 is_admin=None,
                 timestamp=None,
                 tenant_name=None,
                 user_name=None,
                 is_advsvc=None,
                 **kwargs):
        """Object initialization.

        :param overwrite: Set to False to ensure that the greenthread local
            copy of the index is not overwritten.
        """
        # NOTE(jamielennox): We maintain these arguments in order for tests
        # that pass arguments positionally.
        kwargs.setdefault('user', user_id)
        kwargs.setdefault('tenant', tenant_id)
        super(ContextBase, self).__init__(is_admin=is_admin, **kwargs)

        self.user_name = user_name
        self.tenant_name = tenant_name

        if not timestamp:
            timestamp = datetime.datetime.utcnow()
        self.timestamp = timestamp
        self.is_advsvc = is_advsvc
        if self.is_advsvc is None:
            self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
예제 #14
0
    def load_context(self, req):
        super(NeutronContextFilter, self).load_context(req)
        tenant_id = req.headers.get('X_TENANT_ID')
        user_id = req.headers.get('X_USER_ID')
        if tenant_id is None or user_id is None:
            if self.require_auth_info:
                return False
            # get_admin_context() does not provide a parameter to set
            # overwrite=True
            # set overwrite=True to avoid duplicate request-id's
            ctx = self.neutron_ctx.Context(user_id=None,
                                           tenant_id=None,
                                           is_admin=True,
                                           overwrite=True)
        else:
            # set overwrite=True to avoid duplicate request-id's
            ctx = self.neutron_ctx.Context(user_id=user_id,
                                           tenant_id=tenant_id,
                                           overwrite=True)
        self.context = ctx
        self._process_roles(req.headers.get('X_ROLES', ''))

        # By default, the normal neutron context will set is_advcsvc to True if
        # it is an admin context.  This resets it to what the actual policy
        # says it should be.  This must be done after _process_roles is called
        # because the policy check relies on the roles.
        # TODO(blogan): remove this if upstream changes the behavior
        # of is_advsvc to only depend on the policy.
        self.context.is_advsvc = policy.check_is_advsvc(self.context)
        # If not admin, check if current roles provide admin status.
        if not self.context.is_admin:
            self.context.is_admin = policy.check_is_admin(self.context)
        req.environ['neutron.context'] = self.context
        return True
예제 #15
0
    def __init__(self, user_id, tenant_id, is_admin=None, roles=None,
                 timestamp=None, request_id=None, tenant_name=None,
                 user_name=None, overwrite=True, auth_token=None,
                 is_advsvc=None, **kwargs):
        """Object initialization.

        :param overwrite: Set to False to ensure that the greenthread local
            copy of the index is not overwritten.

        :param kwargs: Extra arguments that might be present, but we ignore
            because they possibly came in from older rpc messages.
        """
        super(ContextBase, self).__init__(auth_token=auth_token,
                                          user=user_id, tenant=tenant_id,
                                          is_admin=is_admin,
                                          request_id=request_id,
                                          overwrite=overwrite)
        self.user_name = user_name
        self.tenant_name = tenant_name

        if not timestamp:
            timestamp = datetime.datetime.utcnow()
        self.timestamp = timestamp
        self.roles = roles or []
        self.is_advsvc = is_advsvc
        if self.is_advsvc is None:
            self.is_advsvc = self.is_admin or policy.check_is_advsvc(self)
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
 def get_bgp_peers(self,
                   context,
                   fields=None,
                   filters=None,
                   sorts=None,
                   limit=None,
                   marker=None,
                   page_reverse=False):
     policy.check_is_admin(context)
     return super(BgpPlugin, self).get_bgp_peers(context,
                                                 fields=fields,
                                                 filters=filters,
                                                 sorts=sorts,
                                                 limit=limit,
                                                 marker=marker,
                                                 page_reverse=page_reverse)
예제 #17
0
    def __init__(
        self,
        user_id,
        tenant_id,
        is_admin=None,
        read_deleted="no",
        roles=None,
        timestamp=None,
        load_admin_roles=True,
        request_id=None,
        tenant_name=None,
        user_name=None,
        overwrite=True,
        auth_token=None,
        **kwargs
    ):
        """Object initialization.

        :param read_deleted: 'no' indicates deleted records are hidden, 'yes'
            indicates deleted records are visible, 'only' indicates that
            *only* deleted records are visible.

        :param overwrite: Set to False to ensure that the greenthread local
            copy of the index is not overwritten.

        :param kwargs: Extra arguments that might be present, but we ignore
            because they possibly came in from older rpc messages.
        """
        super(ContextBase, self).__init__(
            auth_token=auth_token, user=user_id, tenant=tenant_id, is_admin=is_admin, request_id=request_id
        )
        self.user_name = user_name
        self.tenant_name = tenant_name

        self.read_deleted = read_deleted
        if not timestamp:
            timestamp = datetime.datetime.utcnow()
        self.timestamp = timestamp
        self._session = None
        self.roles = roles or []
        self.is_advsvc = policy.check_is_advsvc(self)
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
        elif self.is_admin and load_admin_roles:
            # Ensure context is populated with admin roles
            admin_roles = policy.get_admin_roles()
            if admin_roles:
                self.roles = list(set(self.roles) | set(admin_roles))
        # Allow openstack.common.log to access the context
        if overwrite or not hasattr(local.store, "context"):
            local.store.context = self

        # Log only once the context has been configured to prevent
        # format errors.
        if kwargs:
            LOG.debug(_("Arguments dropped when creating " "context: %s"), kwargs)
예제 #18
0
    def __init__(self,
                 user_id,
                 tenant_id,
                 is_admin=None,
                 read_deleted="no",
                 roles=None,
                 timestamp=None,
                 load_admin_roles=True,
                 request_id=None,
                 tenant_name=None,
                 user_name=None,
                 overwrite=True,
                 auth_token=None,
                 **kwargs):
        """Object initialization.

        :param read_deleted: 'no' indicates deleted records are hidden, 'yes'
            indicates deleted records are visible, 'only' indicates that
            *only* deleted records are visible.

        :param overwrite: Set to False to ensure that the greenthread local
            copy of the index is not overwritten.

        :param kwargs: Extra arguments that might be present, but we ignore
            because they possibly came in from older rpc messages.
        """
        super(ContextBase, self).__init__(auth_token=auth_token,
                                          user=user_id,
                                          tenant=tenant_id,
                                          is_admin=is_admin,
                                          request_id=request_id,
                                          overwrite=overwrite)
        self.user_name = user_name
        self.tenant_name = tenant_name

        self.read_deleted = read_deleted
        if not timestamp:
            timestamp = datetime.datetime.utcnow()
        self.timestamp = timestamp
        self._session = None
        self.roles = roles or []
        self.is_advsvc = policy.check_is_advsvc(self)
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
        elif self.is_admin and load_admin_roles:
            # Ensure context is populated with admin roles
            admin_roles = policy.get_admin_roles()
            if admin_roles:
                self.roles = list(set(self.roles) | set(admin_roles))
예제 #19
0
파일: context.py 프로젝트: CloudA/neutron
    def __init__(self, user_id, tenant_id, is_admin=None, read_deleted="no",
                 roles=None, timestamp=None, load_admin_roles=True,
                 request_id=None, tenant_name=None, user_name=None,
                 overwrite=True, auth_token=None, **kwargs):
        """Object initialization.

        :param read_deleted: 'no' indicates deleted records are hidden, 'yes'
            indicates deleted records are visible, 'only' indicates that
            *only* deleted records are visible.

        :param overwrite: Set to False to ensure that the greenthread local
            copy of the index is not overwritten.

        :param kwargs: Extra arguments that might be present, but we ignore
            because they possibly came in from older rpc messages.
        """
        super(ContextBase, self).__init__(auth_token=auth_token,
                                          user=user_id, tenant=tenant_id,
                                          is_admin=is_admin,
                                          request_id=request_id,
                                          overwrite=overwrite)
        self.user_name = user_name
        self.tenant_name = tenant_name

        self.read_deleted = read_deleted
        if not timestamp:
            timestamp = datetime.datetime.utcnow()
        self.timestamp = timestamp
        self._session = None
        self.roles = roles or []
        self.is_advsvc = policy.check_is_advsvc(self)
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
        elif self.is_admin and load_admin_roles:
            # Ensure context is populated with admin roles
            admin_roles = policy.get_admin_roles()
            if admin_roles:
                self.roles = list(set(self.roles) | set(admin_roles))
예제 #20
0
    def __init__(self,
                 user_id,
                 tenant_id,
                 is_admin=None,
                 read_deleted="no",
                 roles=None,
                 timestamp=None,
                 **kwargs):
        """Object initialization.

        :param read_deleted: 'no' indicates deleted records are hidden, 'yes'
            indicates deleted records are visible, 'only' indicates that
            *only* deleted records are visible.
        """
        if kwargs:
            LOG.warn(_('Arguments dropped when creating '
                       'context: %s'), kwargs)
        super(ContextBase, self).__init__(user=user_id,
                                          tenant=tenant_id,
                                          is_admin=is_admin)
        self.read_deleted = read_deleted
        if not timestamp:
            timestamp = datetime.utcnow()
        self.timestamp = timestamp
        self._session = None
        self.roles = roles or []
        if self.is_admin is None:
            self.is_admin = policy.check_is_admin(self)
        elif self.is_admin:
            # Ensure context is populated with admin roles
            # TODO(salvatore-orlando): It should not be necessary
            # to populate roles in artificially-generated contexts
            # address in bp/make-authz-orthogonal
            admin_roles = policy.get_admin_roles()
            if admin_roles:
                self.roles = list(set(self.roles) | set(admin_roles))
 def list_bgp_speaker_on_dragent(self, context, agent_id):
     policy.check_is_admin(context)
     return super(BgpPlugin, self).list_bgp_speaker_on_dragent(context,
                                                               agent_id)
 def list_dragent_hosting_bgp_speaker(self, context, speaker_id):
     policy.check_is_admin(context)
     return super(BgpPlugin, self).list_dragent_hosting_bgp_speaker(
                                                                context,
                                                                speaker_id)
 def get_advertised_routes(self, context, bgp_speaker_id):
     policy.check_is_admin(context)
     return super(BgpPlugin, self).get_advertised_routes(context,
                                                         bgp_speaker_id)
 def remove_gateway_network(self, context, bgp_speaker_id, network_info):
     policy.check_is_admin(context)
     return super(BgpPlugin, self).remove_gateway_network(context,
                                                          bgp_speaker_id,
                                                          network_info)
예제 #25
0
 def test_check_is_admin_with_admin_context_succeeds(self):
     admin_context = context.get_admin_context()
     # explicitly set roles as this test verifies user credentials
     # with the policy engine
     admin_context.roles = ['admin']
     self.assertTrue(policy.check_is_admin(admin_context))
 def update_bgp_peer(self, context, bgp_peer_id, bgp_peer):
     policy.check_is_admin(context)
     return super(BgpPlugin, self).update_bgp_peer(context, bgp_peer_id,
                                                   bgp_peer)
 def list_dragent_hosting_bgp_speaker(self, context, speaker_id):
     policy.check_is_admin(context)
     return super(BgpPlugin, self).list_dragent_hosting_bgp_speaker(
         context, speaker_id)
 def remove_gateway_network(self, context, bgp_speaker_id, network_info):
     policy.check_is_admin(context)
     return super(BgpPlugin,
                  self).remove_gateway_network(context, bgp_speaker_id,
                                               network_info)
예제 #29
0
 def test_check_is_admin_with_user_context_fails(self):
     self.assertFalse(policy.check_is_admin(self.context))
 def add_bgp_speaker_to_dragent(self, context, agent_id, speaker_id):
     policy.check_is_admin(context)
     super(BgpPlugin, self).add_bgp_speaker_to_dragent(context,
                                                       agent_id,
                                                       speaker_id)
 def update_bgp_peer(self, context, bgp_peer_id, bgp_peer):
     policy.check_is_admin(context)
     return super(BgpPlugin, self).update_bgp_peer(context,
                                                   bgp_peer_id,
                                                   bgp_peer)
예제 #32
0
 def test_check_is_admin_with_no_admin_policy_fails(self):
     del self.rules[policy.ADMIN_CTX_POLICY]
     admin_context = context.get_admin_context()
     self.assertFalse(policy.check_is_admin(admin_context))
 def delete_bgp_peer(self, context, bgp_peer_id):
     policy.check_is_admin(context)
     super(BgpPlugin, self).delete_bgp_peer(context, bgp_peer_id)
예제 #34
0
 def test_check_is_admin_with_admin_context_succeeds(self):
     admin_context = context.get_admin_context()
     self.assertTrue(policy.check_is_admin(admin_context))
 def get_advertised_routes(self, context, bgp_speaker_id):
     policy.check_is_admin(context)
     return super(BgpPlugin,
                  self).get_advertised_routes(context, bgp_speaker_id)
 def remove_bgp_speaker_from_dragent(self, context, agent_id, speaker_id):
     policy.check_is_admin(context)
     super(BgpPlugin, self).remove_bgp_speaker_from_dragent(context,
                                                            agent_id,
                                                            speaker_id)
 def create_bgp_speaker(self, context, bgp_speaker):
     policy.check_is_admin(context)
     bgp_speaker = super(BgpPlugin,
                         self).create_bgp_speaker(context, bgp_speaker)
     return bgp_speaker
예제 #38
0
 def test_check_is_admin_with_user_context_fails(self):
     self.assertFalse(policy.check_is_admin(self.context))
 def get_bgp_peer(self, context, bgp_peer_id, fields=None):
     policy.check_is_admin(context)
     return super(BgpPlugin, self).get_bgp_peer(context,
                                                bgp_peer_id,
                                                fields=fields)
 def get_bgp_peer(self, context, bgp_peer_id, fields=None):
     policy.check_is_admin(context)
     return super(BgpPlugin, self).get_bgp_peer(context,
                                                bgp_peer_id,
                                                fields=fields)
 def remove_bgp_speaker_from_dragent(self, context, agent_id, speaker_id):
     policy.check_is_admin(context)
     super(BgpPlugin,
           self).remove_bgp_speaker_from_dragent(context, agent_id,
                                                 speaker_id)
예제 #42
0
 def test_check_is_admin_with_admin_context_succeeds(self):
     admin_context = context.get_admin_context()
     # explicitly set roles as this test verifies user credentials
     # with the policy engine
     admin_context.roles = ['admin']
     self.assertTrue(policy.check_is_admin(admin_context))
 def list_bgp_speaker_on_dragent(self, context, agent_id):
     policy.check_is_admin(context)
     return super(BgpPlugin,
                  self).list_bgp_speaker_on_dragent(context, agent_id)
예제 #44
0
 def test_check_is_admin_with_no_admin_policy_fails(self):
     del self.rules[policy.ADMIN_CTX_POLICY]
     admin_context = context.get_admin_context()
     self.assertFalse(policy.check_is_admin(admin_context))
 def delete_bgp_peer(self, context, bgp_peer_id):
     policy.check_is_admin(context)
     super(BgpPlugin, self).delete_bgp_peer(context, bgp_peer_id)
 def add_bgp_speaker_to_dragent(self, context, agent_id, speaker_id):
     policy.check_is_admin(context)
     super(BgpPlugin,
           self).add_bgp_speaker_to_dragent(context, agent_id, speaker_id)
 def create_bgp_speaker(self, context, bgp_speaker):
     policy.check_is_admin(context)
     bgp_speaker = super(BgpPlugin, self).create_bgp_speaker(context,
                                                             bgp_speaker)
     return bgp_speaker