Пример #1
0
    def get_repo(self, context):
        #生成数据库操作对象
        image_repo = glance.db.ImageRepo(context, self.db_api)
        #???
        store_image_repo = glance.location.ImageRepoProxy(
            image_repo, context, self.store_api, self.store_utils)
        #包装上配额检查
        quota_image_repo = glance.quota.ImageRepoProxy(
            store_image_repo, context, self.db_api, self.store_utils)
        #包装上策略检查
        policy_image_repo = policy.ImageRepoProxy(
            quota_image_repo, context, self.policy)
        #包装上消息通知
        notifier_image_repo = glance.notifier.ImageRepoProxy(
            policy_image_repo, context, self.notifier)
        if property_utils.is_property_protection_enabled():
            property_rules = property_utils.PropertyRules(self.policy)
            pir = property_protections.ProtectedImageRepoProxy(
                notifier_image_repo, context, property_rules)
            authorized_image_repo = authorization.ImageRepoProxy(
                pir, context)
        else:
            #简单起点,我们认为没有开启,再封装一层
            authorized_image_repo = authorization.ImageRepoProxy(
                notifier_image_repo, context)

        return authorized_image_repo
Пример #2
0
 def setUp(self):
     super(TestProtectedImageRepoProxy, self).setUp()
     self.set_property_protections()
     self.policy = policy.Enforcer()
     self.property_rules = property_utils.PropertyRules(self.policy)
     self.image_factory = glance.domain.ImageFactory()
     extra_props = {
         'spl_create_prop': 'c',
         'spl_read_prop': 'r',
         'spl_update_prop': 'u',
         'spl_delete_prop': 'd',
         'forbidden': 'prop'
     }
     extra_props_2 = {'spl_read_prop': 'r', 'forbidden': 'prop'}
     self.fixtures = [
         self.image_factory.new_image(image_id='1',
                                      owner=TENANT1,
                                      extra_properties=extra_props),
         self.image_factory.new_image(owner=TENANT2, visibility='public'),
         self.image_factory.new_image(image_id='3',
                                      owner=TENANT1,
                                      extra_properties=extra_props_2),
     ]
     self.context = glance.context.RequestContext(roles=['spl_role'])
     image_repo = self.ImageRepoStub(self.fixtures)
     self.image_repo = property_protections.ProtectedImageRepoProxy(
         image_repo, self.context, self.property_rules)
Пример #3
0
    def get_repo(self, context, authorization_layer=True):
        """Get the layered ImageRepo model.

        This is where we construct the "the onion" by layering
        ImageRepo models on top of each other, starting with the DB at
        the bottom.

        NB: Code that has implemented policy checks fully above this
        layer should pass authorization_layer=False to ensure that no
        conflicts with old checks happen. Legacy code should continue
        passing True until legacy checks are no longer needed.

        :param context: The RequestContext
        :param authorization_layer: Controls whether or not we add the legacy
                                    glance.authorization and glance.policy
                                    layers.
        :returns: An ImageRepo-like object

        """
        repo = glance.db.ImageRepo(context, self.db_api)
        repo = glance.location.ImageRepoProxy(repo, context, self.store_api,
                                              self.store_utils)
        repo = glance.quota.ImageRepoProxy(repo, context, self.db_api,
                                           self.store_utils)
        if authorization_layer:
            repo = policy.ImageRepoProxy(repo, context, self.policy)
        repo = glance.notifier.ImageRepoProxy(repo, context, self.notifier)
        if property_utils.is_property_protection_enabled():
            property_rules = property_utils.PropertyRules(self.policy)
            repo = property_protections.ProtectedImageRepoProxy(
                repo, context, property_rules)
        if authorization_layer:
            repo = authorization.ImageRepoProxy(repo, context)

        return repo
Пример #4
0
    def get_repo(self, context):
        image_repo = glance.db.ImageRepo(context, self.db_api)
        store_image_repo = glance.location.ImageRepoProxy(
            image_repo, context, self.store_api, self.store_utils)
        quota_image_repo = glance.quota.ImageRepoProxy(store_image_repo,
                                                       context, self.db_api,
                                                       self.store_utils)
        policy_image_repo = policy.ImageRepoProxy(quota_image_repo, context,
                                                  self.policy)
        notifier_image_repo = glance.notifier.ImageRepoProxy(
            policy_image_repo, context, self.notifier)
        if property_utils.is_property_protection_enabled():
            property_rules = property_utils.PropertyRules(self.policy)
            pir = property_protections.ProtectedImageRepoProxy(
                notifier_image_repo, context, property_rules)
            authorized_image_repo = authorization.ImageRepoProxy(pir, context)
        else:
            authorized_image_repo = authorization.ImageRepoProxy(
                notifier_image_repo, context)

        return authorized_image_repo