def _validate_cross_tenant_id(self, tenant_id, cross_tenant_id): if not service.is_delegate(tenant_id): if cross_tenant_id: raise falcon.HTTPForbidden( 'Permission denied', 'Projects %s cannot POST cross tenant logs' % tenant_id )
def _before_logs_post(req, res, payload, params): cross_tenant_id = req.get_param('tenant_id') tenant_id = req.get_header(*headers.X_TENANT_ID) if not service.is_delegate(req.get_header(*headers.X_ROLES)): if cross_tenant_id: raise falcon.HTTPForbidden( 'Permission denied', 'Projects %s cannot POST cross tenant metrics' % tenant_id )
def test_is_delegate_not_ok_role(self): roles = 'a_role,b_role' self.assertFalse(common_service.is_delegate(roles))
def test_is_delegate_ok_role_in_roles(self): roles = logs_api.MONITORING_DELEGATE_ROLE + ',a_role,b_role' self.assertTrue(common_service.is_delegate(roles))