def show(self, req, tenant_id, id):
"""Return a single backup."""
LOG.debug("Showing a backup for tenant %s ID: '%s'" % (tenant_id, id))
context = req.environ[wsgi.CONTEXT_KEY]
backup = Backup.get_by_id(context, id)
policy.authorize_on_target(context, 'backup:show',
{'tenant': backup.tenant_id})
return wsgi.Result(views.BackupView(backup).data(), 200)
def authorize_module_action(cls, context, module_rule_name, module):
"""If a module is not owned by any particular tenant just check
that the current tenant is allowed to perform the action.
"""
if module.tenant_id is not None:
policy.authorize_on_target(context, 'module:%s' % module_rule_name,
{'tenant': module.tenant_id})
else:
policy.authorize_on_tenant(context, 'module:%s' % module_rule_name)
def test_authorize_on_target(self):
test_rule = NonCallableMock()
test_target = NonCallableMock()
trove_policy.authorize_on_target(self.context, test_rule, test_target)
self.mock_get_enforcer.assert_called_once_with()
self.mock_enforcer.authorize.assert_called_once_with(
test_rule, test_target, self.context.to_dict(),
do_raise=True, exc=trove_exceptions.PolicyNotAuthorized,
action=test_rule)
def show(self, req, tenant_id, id):
"""Return a single backup."""
LOG.debug("Showing a backup for tenant %s ID: '%s'"
% (tenant_id, id))
context = req.environ[wsgi.CONTEXT_KEY]
backup = Backup.get_by_id(context, id)
policy.authorize_on_target(context, 'backup:show',
{'tenant': backup.tenant_id})
return wsgi.Result(views.BackupView(backup).data(), 200)
def test_authorize_on_target(self):
test_rule = NonCallableMock()
test_target = NonCallableMock()
trove_policy.authorize_on_target(self.context, test_rule, test_target)
self.mock_get_enforcer.assert_called_once_with()
self.mock_enforcer.authorize.assert_called_once_with(
test_rule, test_target, self.context.to_dict(),
do_raise=True, exc=trove_exceptions.PolicyNotAuthorized,
action=test_rule)
def authorize_module_action(cls, context, module_rule_name, module):
"""If a module is not owned by any particular tenant just check
that the current tenant is allowed to perform the action.
"""
if module.tenant_id is not None:
policy.authorize_on_target(context, 'module:%s' % module_rule_name,
{'tenant': module.tenant_id})
else:
policy.authorize_on_tenant(context, 'module:%s' % module_rule_name)
def delete(self, req, tenant_id, id):
LOG.info(_('Deleting backup for tenant %(tenant_id)s '
'ID: %(backup_id)s') %
{'tenant_id': tenant_id, 'backup_id': id})
context = req.environ[wsgi.CONTEXT_KEY]
backup = Backup.get_by_id(context, id)
policy.authorize_on_target(context, 'backup:delete',
{'tenant': backup.tenant_id})
context.notification = notification.DBaaSBackupDelete(context,
request=req)
with StartNotification(context, backup_id=id):
Backup.delete(context, id)
return wsgi.Result(None, 202)
def authorize_instance_action(cls,
context,
instance_rule_name,
instance_id,
is_cluster=False):
instance = instance_models.Instance.load(context, instance_id)
if not instance:
raise exception.NotFound(uuid=instance_id)
target_type = 'cluster' if is_cluster else 'instance'
policy.authorize_on_target(
context, '%s:extension:%s' % (target_type, instance_rule_name),
{'tenant': instance.tenant_id})
def authorize_target_action(cls, context, target_rule_name,
target_id, is_cluster=False):
target = None
if is_cluster:
target = cluster_models.Cluster.load(context, target_id)
else:
target = instance_models.Instance.load(context, target_id)
if not target:
if is_cluster:
raise exception.ClusterNotFound(cluster=target_id)
raise exception.InstanceNotFound(instance=target_id)
target_type = 'cluster' if is_cluster else 'instance'
policy.authorize_on_target(
context, '%s:extension:%s' % (target_type, target_rule_name),
{'tenant': target.tenant_id})
def authorize_target_action(cls, context, target_rule_name,
target_id, is_cluster=False):
target = None
if is_cluster:
target = cluster_models.Cluster.load(context, target_id)
else:
target = instance_models.Instance.load(context, target_id)
if not target:
if is_cluster:
raise exception.ClusterNotFound(cluster=target_id)
raise exception.InstanceNotFound(instance=target_id)
target_type = 'cluster' if is_cluster else 'instance'
policy.authorize_on_target(
context, '%s:extension:%s' % (target_type, target_rule_name),
{'tenant': target.tenant_id})
def authorize_instance_action(cls, context, instance_rule_name, instance):
policy.authorize_on_target(context, 'instance:%s' % instance_rule_name,
{'tenant': instance.tenant_id})
def authorize_config_action(cls, context, config_rule_name, config):
policy.authorize_on_target(
context, 'configuration:%s' % config_rule_name,
{'tenant': config.tenant_id})
def authorize_cluster_action(cls, context, cluster_rule_name, cluster):
policy.authorize_on_target(context, 'cluster:%s' % cluster_rule_name,
{'tenant': cluster.tenant_id})
def authorize_instance_action(cls, context, instance_rule_name, instance):
policy.authorize_on_target(context, 'instance:%s' % instance_rule_name,
{'tenant': instance.tenant_id})
def authorize_cluster_action(cls, context, cluster_rule_name, cluster):
policy.authorize_on_target(context, 'cluster:%s' % cluster_rule_name,
{'tenant': cluster.tenant_id})
