def _validate_cross_tenant_id(self, tenant_id, cross_tenant_id):
if not service.is_delegate(tenant_id):
if cross_tenant_id:
raise falcon.HTTPForbidden(
'Permission denied',
'Projects %s cannot POST cross tenant logs' % tenant_id
)
def _before_logs_post(req, res, payload, params):
cross_tenant_id = req.get_param('tenant_id')
tenant_id = req.get_header(*headers.X_TENANT_ID)
if not service.is_delegate(req.get_header(*headers.X_ROLES)):
if cross_tenant_id:
raise falcon.HTTPForbidden(
'Permission denied',
'Projects %s cannot POST cross tenant metrics' % tenant_id
)
def test_is_delegate_not_ok_role(self):
roles = 'a_role,b_role'
self.assertFalse(common_service.is_delegate(roles))
def test_is_delegate_ok_role_in_roles(self):
roles = logs_api.MONITORING_DELEGATE_ROLE + ',a_role,b_role'
self.assertTrue(common_service.is_delegate(roles))
