def test_policy_authorize(self, mock_authorize):
utils.policy_authorize('test_policy:test',
lessee_ctx.to_policy_values(),
lessee_ctx.to_policy_values())
mock_authorize.assert_called_once_with('test_policy:test',
lessee_ctx.to_policy_values(),
lessee_ctx.to_policy_values())
def post(self, new_offer):
request = pecan.request.context
cdict = request.to_policy_values()
utils.policy_authorize('esi_leap:offer:create', cdict, cdict)
offer_dict = new_offer.to_dict()
offer_dict['project_id'] = request.project_id
offer_dict['uuid'] = uuidutils.generate_uuid()
if 'resource_type' not in offer_dict:
offer_dict['resource_type'] = CONF.api.default_resource_type
resource = get_resource_object(offer_dict['resource_type'],
offer_dict['resource_uuid'])
offer_dict['resource_uuid'] = resource.get_resource_uuid()
if 'lessee_id' in offer_dict:
offer_dict['lessee_id'] = keystone.get_project_uuid_from_ident(
offer_dict['lessee_id'])
if 'start_time' not in offer_dict:
offer_dict['start_time'] = datetime.datetime.now()
if 'end_time' not in offer_dict:
offer_dict['end_time'] = datetime.datetime.max
if offer_dict['start_time'] >= offer_dict['end_time']:
raise exception.InvalidTimeRange(
resource='an offer',
start_time=str(offer_dict['start_time']),
end_time=str(offer_dict['end_time']))
try:
utils.check_resource_admin(cdict, resource, request.project_id)
except exception.HTTPResourceForbidden:
parent_lease_uuid = utils.check_resource_lease_admin(
cdict,
resource,
request.project_id,
offer_dict.get('start_time'),
offer_dict.get('end_time'))
if parent_lease_uuid is None:
raise
offer_dict['parent_lease_uuid'] = parent_lease_uuid
o = offer_obj.Offer(**offer_dict)
o.create()
return Offer(**utils.offer_get_dict_with_added_info(o))
def post(self, new_lease):
request = pecan.request.context
cdict = request.to_policy_values()
utils.policy_authorize('esi_leap:lease:create', cdict, cdict)
lease_dict = new_lease.to_dict()
lease_dict['owner_id'] = request.project_id
lease_dict['uuid'] = uuidutils.generate_uuid()
if 'resource_type' not in lease_dict:
lease_dict['resource_type'] = CONF.api.default_resource_type
resource = get_resource_object(lease_dict['resource_type'],
lease_dict['resource_uuid'])
lease_dict['resource_uuid'] = resource.get_resource_uuid()
if 'project_id' in lease_dict:
lease_dict['project_id'] = keystone.get_project_uuid_from_ident(
lease_dict['project_id'])
if 'start_time' not in lease_dict:
lease_dict['start_time'] = datetime.datetime.now()
if 'end_time' not in lease_dict:
lease_dict['end_time'] = datetime.datetime.max
try:
utils.check_resource_admin(cdict, resource, request.project_id)
except exception.HTTPResourceForbidden:
parent_lease_uuid = utils.check_resource_lease_admin(
cdict, resource, request.project_id,
lease_dict.get('start_time'), lease_dict.get('end_time'))
if parent_lease_uuid is None:
raise
lease_dict['parent_lease_uuid'] = parent_lease_uuid
lease = lease_obj.Lease(**lease_dict)
lease.create(request)
return Lease(**utils.lease_get_dict_with_added_info(lease))
def get_all(self,
project_id=None,
resource_type=None,
resource_class=None,
resource_uuid=None,
start_time=None,
end_time=None,
available_start_time=None,
available_end_time=None,
status=None):
request = pecan.request.context
cdict = request.to_policy_values()
utils.policy_authorize('esi_leap:offer:get_all', cdict, cdict)
if project_id is not None:
project_id = keystone.get_project_uuid_from_ident(project_id)
if resource_uuid is not None:
if resource_type is None:
resource_type = CONF.api.default_resource_type
resource = get_resource_object(resource_type, resource_uuid)
resource_uuid = resource.get_resource_uuid()
# either both are defined or both are None
if bool(start_time) != bool(end_time):
raise exception.InvalidTimeAPICommand(resource='an offer',
start_time=str(start_time),
end_time=str(end_time))
if (start_time or end_time) and (end_time <= start_time):
raise exception.InvalidTimeAPICommand(resource='an offer',
start_time=str(start_time),
end_time=str(end_time))
if bool(available_start_time) != bool(available_end_time):
raise exception.InvalidAvailabilityAPICommand(
a_start=str(available_start_time),
a_end=str(available_end_time))
if ((available_start_time or available_end_time)
and (available_end_time <= available_start_time)):
raise exception.InvalidAvailabilityAPICommand(
a_start=str(available_start_time),
a_end=str(available_end_time))
if status is None:
status = statuses.OFFER_CAN_DELETE
elif status == 'any':
status = None
try:
utils.policy_authorize('esi_leap:offer:offer_admin', cdict, cdict)
lessee_id = None
except exception.HTTPForbidden:
lessee_id = cdict['project_id']
filters = {
'project_id': project_id,
'lessee_id': lessee_id,
'resource_type': resource_type,
'resource_uuid': resource_uuid,
'status': status,
'start_time': start_time,
'end_time': end_time,
'available_start_time': available_start_time,
'available_end_time': available_end_time,
}
# unpack iterator to tuple so we can use 'del'
for k, v in tuple(filters.items()):
if v is None:
del filters[k]
offer_collection = OfferCollection()
offers = offer_obj.Offer.get_all(filters, request)
offer_collection.offers = []
if len(offers) > 0:
project_list = keystone.get_project_list()
node_list = ironic.get_node_list()
offers_with_added_info = [
Offer(**utils.offer_get_dict_with_added_info(
o, project_list, node_list)) for o in offers
]
if resource_class:
offer_collection.offers = [
o for o in offers_with_added_info
if o.resource_class == resource_class
]
else:
offer_collection.offers = offers_with_added_info
return offer_collection
def _lease_get_all_authorize_filters(cdict,
start_time=None,
end_time=None,
status=None,
offer_uuid=None,
project_id=None,
view=None,
owner_id=None,
resource_type=None,
resource_uuid=None):
if status is not None:
status = [status] if status != 'any' else None
else:
status = [
statuses.CREATED, statuses.ACTIVE, statuses.ERROR,
statuses.WAIT_CANCEL, statuses.WAIT_EXPIRE,
statuses.WAIT_FULFILL
]
filters = {
'status': status,
'offer_uuid': offer_uuid,
'start_time': start_time,
'end_time': end_time,
'resource_type': resource_type,
'resource_uuid': resource_uuid,
'time_filter_type': constants.WITHIN_TIME_FILTER,
}
if view == 'all':
utils.policy_authorize('esi_leap:lease:lease_admin', cdict, cdict)
filters['owner_id'] = owner_id
filters['project_id'] = project_id
else:
utils.policy_authorize('esi_leap:lease:get_all', cdict, cdict)
if owner_id:
if cdict['project_id'] != owner_id:
utils.policy_authorize('esi_leap:lease:lease_admin', cdict,
cdict)
filters['owner_id'] = owner_id
filters['project_id'] = project_id
else:
if project_id is None:
project_id = cdict['project_id']
filters['project_or_owner_id'] = project_id
else:
if project_id != cdict['project_id']:
utils.policy_authorize('esi_leap:lease:lease_admin',
cdict, cdict)
filters['project_id'] = project_id
# either both are defined or both are None
if bool(start_time) != bool(end_time):
raise exception.InvalidTimeAPICommand(resource='a lease',
start_time=str(start_time),
end_time=str(end_time))
if (start_time or end_time) and (end_time <= start_time):
raise exception.InvalidTimeAPICommand(resource='a lease',
start_time=str(start_time),
end_time=str(end_time))
# unpack iterator to tuple so we can use 'del'
for k, v in tuple(filters.items()):
if v is None:
del filters[k]
return filters