def get_offer_authorized(uuid_or_name, cdict, status_filter=None): if uuidutils.is_uuid_like(uuid_or_name): o = offer.Offer.get(uuid_or_name) offer_objs = [] if not status_filter or o.status == status_filter: try: if o.project_id != cdict['project_id']: policy.authorize('esi_leap:offer:offer_admin', cdict, cdict) offer_objs.append(o) except oslo_policy.PolicyNotAuthorized: pass else: try: policy.authorize('esi_leap:offer:offer_admin', cdict, cdict) offer_objs = offer.Offer.get_all({ 'name': uuid_or_name, 'status': status_filter }) except oslo_policy.PolicyNotAuthorized: offer_objs = offer.Offer.get_all({ 'name': uuid_or_name, 'project_id': cdict['project_id'], 'status': status_filter }) if len(offer_objs) == 0: raise exception.OfferNotFound(offer_uuid=uuid_or_name) elif len(offer_objs) > 1: raise exception.OfferDuplicateName(name=uuid_or_name) return offer_objs[0]
def get_one(self, contract_uuid): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:contract:get', cdict, cdict) c = contract.Contract.get(request, contract_uuid) return Contract(**c.to_dict())
def delete(self, contract_uuid): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:contract:delete', cdict, cdict) c = contract.Contract.get(request, contract_uuid) c.destroy(pecan.request.context)
def get_one(self, offer_uuid): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:offer:get', cdict, cdict) o = offer.Offer.get(request, offer_uuid) return Offer(**o.to_dict())
def post(self, new_offer): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:offer:create', cdict, cdict) offer_dict = new_offer.to_dict() offer_dict['project_id'] = request.project_id OffersController._verify_resource_permission(cdict, offer_dict) offer_dict['uuid'] = uuidutils.generate_uuid() if 'start_time' not in offer_dict: offer_dict['start_time'] = datetime.datetime.now() if 'end_time' not in offer_dict: offer_dict['end_time'] = datetime.datetime.max if offer_dict['start_time'] >= offer_dict['end_time']: raise exception.\ InvalidTimeRange(resource="an offer", start_time=str(offer_dict['start_time']), end_time=str(offer_dict['end_time'])) o = offer.Offer(**offer_dict) o.create(request) o = OffersController._add_offer_availabilities(o) return Offer(**o)
def delete(self, offer_uuid): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:offer:delete', cdict, cdict) o = offer.Offer.get(request, offer_uuid) o.destroy(pecan.request.context)
def delete(self, offer_id): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:offer:delete', cdict, cdict) o_id = offer.Offer.get(offer_id) permission = [] for o in o_id: try: if o.project_id != request.project_id: policy.authorize('esi_leap:offer:offer_admin', cdict, cdict) permission.append(o) except oslo_policy.PolicyNotAuthorized: continue if len(permission) > 1: raise exception.ContractDuplicateName(name=offer_id) if len(permission) == 0: raise exception.OfferNotFound(offer_id=offer_id) OffersController._verify_resource_permission(cdict, o_id[0].to_dict()) o_id[0].cancel()
def _verify_resource_permission(cdict, offer_dict): resource_type = offer_dict.get('resource_type') resource_uuid = offer_dict.get('resource_uuid') resource = ro_factory.ResourceObjectFactory.get_resource_object( resource_type, resource_uuid) if not resource.is_resource_admin(offer_dict['project_id']): policy.authorize('esi_leap:offer:offer_admin', cdict, cdict)
def post(self, new_contract): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:contract:create', cdict, cdict) contract_dict = new_contract.to_dict() contract_dict['project_id'] = request.project_id contract_dict['uuid'] = uuidutils.generate_uuid() if new_contract.offer_uuid_or_name is None: raise exception.ContractNoOfferUUID() related_offer = utils.get_offer(new_contract.offer_uuid_or_name, statuses.AVAILABLE) contract_dict['offer_uuid'] = related_offer.uuid if 'start_time' not in contract_dict: contract_dict['start_time'] = datetime.datetime.now() if 'end_time' not in contract_dict: q = related_offer.get_first_availability( contract_dict['start_time']) if q is None: contract_dict['end_time'] = related_offer.end_time else: contract_dict['end_time'] = q.start_time c = contract.Contract(**contract_dict) c.create(request) return Contract(**c.to_dict())
def get_one(self, offer_id): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:offer:get', cdict, cdict) o_object = utils.get_offer(offer_id) o = OffersController._add_offer_availabilities(o_object) return Offer(**o)
def post(self, new_offer): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:offer:create', cdict, cdict) o = offer.Offer(**new_offer.to_dict()) o.create(request) return Offer(**o.to_dict())
def post(self, new_contract): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:contract:create', cdict, cdict) c = contract.Contract(**new_contract.to_dict()) c.create(request) return Contract(**c.to_dict())
def get_one(self, contract_id): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:contract:get', cdict, cdict) permitted = utils.get_contract_authorized(contract_id, cdict) return Contract(**permitted.to_dict())
def delete(self, contract_id): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:contract:delete', cdict, cdict) permitted = ContractsController._contract_get_authorized_contract( contract_id, cdict) permitted.cancel()
def get_all(self): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:offer:get', cdict, cdict) offer_collection = OfferCollection() offers = offer.Offer.get_all(request) offer_collection.offers = [Offer(**o.to_dict()) for o in offers] return offer_collection
def contract_authorize_management(c, cdict): if c.project_id != cdict['project_id']: try: policy.authorize('esi_leap:contract:contract_admin', cdict, cdict) except oslo_policy.PolicyNotAuthorized: o = offer.Offer.get(c.offer_uuid) if o.project_id != cdict['project_id']: policy.authorize('esi_leap:offer:offer_admin', cdict, cdict)
def delete(self, contract_id): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:contract:delete', cdict, cdict) permitted = utils.get_contract_authorized( contract_id, cdict, [statuses.CREATED, statuses.ACTIVE]) permitted.cancel()
def delete(self, offer_id): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:offer:delete', cdict, cdict) o_object = utils.get_offer_authorized(offer_id, cdict, statuses.AVAILABLE) o_object.cancel()
def get_all(self): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:contract:get', cdict, cdict) contract_collection = ContractCollection() contracts = contract.Contract.get_all(request) contract_collection.contracts = [ Contract(**c.to_dict()) for c in contracts ] return contract_collection
def _contract_get_all_authorize_filters(cdict, start_time=None, end_time=None, status=None, offer_uuid=None, project_id=None, view=None, owner=None): if status is None: status = [statuses.CREATED, statuses.ACTIVE] elif status == 'any': status = None possible_filters = { 'status': status, 'offer_uuid': offer_uuid, 'start_time': start_time, 'end_time': end_time, } if view == 'all': policy.authorize('esi_leap:contract:contract_admin', cdict, cdict) possible_filters['owner'] = owner possible_filters['project_id'] = project_id else: policy.authorize('esi_leap:contract:get', cdict, cdict) if owner: if cdict['project_id'] != owner: policy.authorize('esi_leap:contract:contract_admin', cdict, cdict) possible_filters['owner'] = owner possible_filters['project_id'] = project_id else: if project_id is None: project_id = cdict['project_id'] elif project_id != cdict['project_id']: policy.authorize('esi_leap:contract:contract_admin', cdict, cdict) possible_filters['project_id'] = project_id if (start_time and end_time is None) or \ (end_time and start_time is None): raise exception.InvalidTimeAPICommand(resource="a contract", start_time=str(start_time), end_time=str(end_time)) if start_time and end_time and\ end_time <= start_time: raise exception.InvalidTimeAPICommand(resource='a contract', start_time=str(start_time), end_time=str(end_time)) filters = {} for k, v in possible_filters.items(): if v is not None: filters[k] = v return filters
def post(self, new_offer): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:offer:create', cdict, cdict) offer_dict = new_offer.to_dict() offer_dict['project_id'] = request.project_id OffersController._verify_resource_permission(cdict, offer_dict) o = offer.Offer(**offer_dict) o.create(request) o = OffersController._add_offer_availabilities(o) return Offer(**o)
def get_one(self, offer_id): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:offer:get', cdict, cdict) o_id = offer.Offer.get(offer_id) if len(o_id) > 1: raise exception.OfferDuplicateName(name=offer_id) elif len(o_id) == 0: raise exception.OfferNotFound(offer_uuid=offer_id) o = OffersController._add_offer_availabilities(o_id[0]) return Offer(**o)
def post(self, new_contract): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:contract:create', cdict, cdict) contract_dict = new_contract.to_dict() contract_dict['project_id'] = request.project_id contract_dict['uuid'] = uuidutils.generate_uuid() if new_contract.offer_uuid_or_name is None: raise exception.ContractNoOfferUUID() o_objects = offer.Offer.get(new_contract.offer_uuid_or_name) if len(o_objects) > 1: raise exception.OfferDuplicateName( name=new_contract.offer_uuid_or_name) elif len(o_objects) == 0: raise exception.OfferNotFound( offer_uuid=new_contract.offer_uuid_or_name) related_offer = o_objects[0] contract_dict['offer_uuid'] = related_offer.uuid if 'start_time' not in contract_dict: contract_dict['start_time'] = datetime.datetime.now() if 'end_time' not in contract_dict: q = related_offer.get_first_availability( contract_dict['start_time']) if q is None: contract_dict['end_time'] = related_offer.end_time else: contract_dict['end_time'] = q.start_time c = contract.Contract(**contract_dict) c.create(request) return Contract(**c.to_dict())
def policy_authorize(policy_name, target, creds): try: policy.authorize(policy_name, target, creds) except oslo_policy.PolicyNotAuthorized: raise exception.HTTPForbidden(rule=policy_name)
def get_all(self, project_id=None, resource_type=None, resource_uuid=None, start_time=None, end_time=None, available_start_time=None, available_end_time=None, status=None): request = pecan.request.context cdict = request.to_policy_values() policy.authorize('esi_leap:offer:get', cdict, cdict) if (start_time and end_time is None) or\ (end_time and start_time is None): raise exception.InvalidTimeAPICommand(resource='an offer', start_time=str(start_time), end_time=str(end_time)) if start_time and end_time and\ end_time <= start_time: raise exception.InvalidTimeAPICommand(resource='an offer', start_time=str(start_time), end_time=str(end_time)) if (available_start_time and available_end_time is None) or\ (available_end_time and available_start_time is None): raise exception.InvalidAvailabilityAPICommand( a_start=str(start_time), a_end=str(end_time)) if available_start_time and available_end_time and\ available_end_time <= available_start_time: raise exception.InvalidAvailabilityAPICommand( a_start=available_start_time, a_end=available_end_time) if status is None: status = statuses.AVAILABLE elif status == 'any': status = None possible_filters = { 'project_id': project_id, 'resource_type': resource_type, 'resource_uuid': resource_uuid, 'status': status, 'start_time': start_time, 'end_time': end_time, 'available_start_time': available_start_time, 'available_end_time': available_end_time, } filters = {} for k, v in possible_filters.items(): if v is not None: filters[k] = v offer_collection = OfferCollection() offers = offer.Offer.get_all(request, filters) offer_collection.offers = [ Offer(**OffersController._add_offer_availabilities(o)) for o in offers ] return offer_collection
def test_authorized(self): creds = {'roles': ['esi_leap_owner']} self.assertTrue(policy.authorize('esi_leap:offer:get', creds, creds))