Merge "Fix policy dict checkers"
This commit is contained in:
commit
c1ffc1aa16
@ -211,7 +211,7 @@ class ChassisController(rest.RestController):
|
||||
:param fields: Optional, a list with a specified set of fields
|
||||
of the resource to be returned.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:chassis:get', cdict, cdict)
|
||||
|
||||
api_utils.check_allow_specify_fields(fields)
|
||||
@ -234,7 +234,7 @@ class ChassisController(rest.RestController):
|
||||
:param sort_key: column to sort results by. Default: id.
|
||||
:param sort_dir: direction to sort. "asc" or "desc". Default: asc.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:chassis:get', cdict, cdict)
|
||||
|
||||
# /detail should only work against collections
|
||||
@ -255,7 +255,7 @@ class ChassisController(rest.RestController):
|
||||
:param fields: Optional, a list with a specified set of fields
|
||||
of the resource to be returned.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:chassis:get', cdict, cdict)
|
||||
|
||||
api_utils.check_allow_specify_fields(fields)
|
||||
@ -270,7 +270,7 @@ class ChassisController(rest.RestController):
|
||||
|
||||
:param chassis: a chassis within the request body.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:chassis:create', cdict, cdict)
|
||||
|
||||
new_chassis = objects.Chassis(pecan.request.context,
|
||||
@ -289,7 +289,7 @@ class ChassisController(rest.RestController):
|
||||
:param chassis_uuid: UUID of a chassis.
|
||||
:param patch: a json PATCH document to apply to this chassis.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:chassis:update', cdict, cdict)
|
||||
|
||||
rpc_chassis = objects.Chassis.get_by_uuid(pecan.request.context,
|
||||
@ -323,7 +323,7 @@ class ChassisController(rest.RestController):
|
||||
|
||||
:param chassis_uuid: UUID of a chassis.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:chassis:delete', cdict, cdict)
|
||||
|
||||
rpc_chassis = objects.Chassis.get_by_uuid(pecan.request.context,
|
||||
|
@ -154,7 +154,7 @@ class DriverPassthruController(rest.RestController):
|
||||
:raises: DriverNotFound if the driver name is invalid or the
|
||||
driver cannot be loaded.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:driver:vendor_passthru', cdict, cdict)
|
||||
|
||||
if driver_name not in _VENDOR_METHODS:
|
||||
@ -176,7 +176,7 @@ class DriverPassthruController(rest.RestController):
|
||||
implementation.
|
||||
:param data: body of data to supply to the specified method.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
if method == "lookup":
|
||||
policy.authorize('baremetal:driver:ipa_lookup', cdict, cdict)
|
||||
else:
|
||||
@ -208,7 +208,7 @@ class DriverRaidController(rest.RestController):
|
||||
:raises: DriverNotFound, if driver is not loaded on any of the
|
||||
conductors.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:driver:get_raid_logical_disk_properties',
|
||||
cdict, cdict)
|
||||
|
||||
@ -250,7 +250,7 @@ class DriversController(rest.RestController):
|
||||
# will break from a single-line doc string.
|
||||
# This is a result of a bug in sphinxcontrib-pecanwsme
|
||||
# https://github.com/dreamhost/sphinxcontrib-pecanwsme/issues/8
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:driver:get', cdict, cdict)
|
||||
|
||||
driver_list = pecan.request.dbapi.get_active_driver_dict()
|
||||
@ -264,7 +264,7 @@ class DriversController(rest.RestController):
|
||||
# retrieving a list of drivers using the current sqlalchemy schema, but
|
||||
# this path must be exposed for Pecan to route any paths we might
|
||||
# choose to expose below it.
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:driver:get', cdict, cdict)
|
||||
|
||||
driver_dict = pecan.request.dbapi.get_active_driver_dict()
|
||||
@ -285,7 +285,7 @@ class DriversController(rest.RestController):
|
||||
:raises: DriverNotFound (HTTP 404) if the driver name is invalid or
|
||||
the driver cannot be loaded.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:driver:get_properties', cdict, cdict)
|
||||
|
||||
if driver_name not in _DRIVER_PROPERTIES:
|
||||
|
@ -196,7 +196,7 @@ class BootDeviceController(rest.RestController):
|
||||
Default: False.
|
||||
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:set_boot_device', cdict, cdict)
|
||||
|
||||
rpc_node = api_utils.get_rpc_node(node_ident)
|
||||
@ -221,7 +221,7 @@ class BootDeviceController(rest.RestController):
|
||||
future boots or not, None if it is unknown.
|
||||
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:get_boot_device', cdict, cdict)
|
||||
|
||||
return self._get_boot_device(node_ident)
|
||||
@ -236,7 +236,7 @@ class BootDeviceController(rest.RestController):
|
||||
devices.
|
||||
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:get_boot_device', cdict, cdict)
|
||||
|
||||
boot_devices = self._get_boot_device(node_ident, supported=True)
|
||||
@ -274,7 +274,7 @@ class NodeConsoleController(rest.RestController):
|
||||
|
||||
:param node_ident: UUID or logical name of a node.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:get_console', cdict, cdict)
|
||||
|
||||
rpc_node = api_utils.get_rpc_node(node_ident)
|
||||
@ -299,7 +299,7 @@ class NodeConsoleController(rest.RestController):
|
||||
:param enabled: Boolean value; whether to enable or disable the
|
||||
console.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:set_console_state', cdict, cdict)
|
||||
|
||||
rpc_node = api_utils.get_rpc_node(node_ident)
|
||||
@ -390,7 +390,7 @@ class NodeStatesController(rest.RestController):
|
||||
|
||||
:param node_ident: the UUID or logical_name of a node.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:get_states', cdict, cdict)
|
||||
|
||||
# NOTE(lucasagomes): All these state values come from the
|
||||
@ -414,7 +414,7 @@ class NodeStatesController(rest.RestController):
|
||||
:raises: NotAcceptable, if requested version of the API is less than
|
||||
1.12.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:set_raid_state', cdict, cdict)
|
||||
|
||||
if not api_utils.allow_raid_config():
|
||||
@ -445,7 +445,7 @@ class NodeStatesController(rest.RestController):
|
||||
state is not valid or if the node is in CLEANING state.
|
||||
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:set_power_state', cdict, cdict)
|
||||
|
||||
# TODO(lucasagomes): Test if it's able to transition to the
|
||||
@ -525,7 +525,7 @@ class NodeStatesController(rest.RestController):
|
||||
:raises: NotAcceptable (HTTP 406) if the API version specified does
|
||||
not allow the requested state transition.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:set_provision_state', cdict, cdict)
|
||||
|
||||
api_utils.check_allow_management_verbs(target)
|
||||
@ -826,7 +826,7 @@ class Node(base.APIBase):
|
||||
if fields is not None:
|
||||
api_utils.check_for_invalid_fields(fields, node.as_dict())
|
||||
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
# NOTE(deva): the 'show_password' policy setting name exists for legacy
|
||||
# purposes and can not be changed. Changing it will cause
|
||||
# upgrade problems for any operators who have customized
|
||||
@ -962,7 +962,7 @@ class NodeVendorPassthruController(rest.RestController):
|
||||
entries.
|
||||
:raises: NodeNotFound if the node is not found.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:vendor_passthru', cdict, cdict)
|
||||
|
||||
# Raise an exception if node is not found
|
||||
@ -986,7 +986,7 @@ class NodeVendorPassthruController(rest.RestController):
|
||||
:param method: name of the method in vendor driver.
|
||||
:param data: body of data to supply to the specified method.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
if method == 'heartbeat':
|
||||
policy.authorize('baremetal:node:ipa_heartbeat', cdict, cdict)
|
||||
else:
|
||||
@ -1024,7 +1024,7 @@ class NodeMaintenanceController(rest.RestController):
|
||||
:param reason: Optional, the reason why it's in maintenance.
|
||||
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:set_maintenance', cdict, cdict)
|
||||
|
||||
self._set_maintenance(node_ident, True, reason=reason)
|
||||
@ -1037,7 +1037,7 @@ class NodeMaintenanceController(rest.RestController):
|
||||
:param node_ident: the UUID or logical name of a node.
|
||||
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:clear_maintenance', cdict, cdict)
|
||||
|
||||
self._set_maintenance(node_ident, False)
|
||||
@ -1268,7 +1268,7 @@ class NodesController(rest.RestController):
|
||||
:param fields: Optional, a list with a specified set of fields
|
||||
of the resource to be returned.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:get', cdict, cdict)
|
||||
|
||||
api_utils.check_allow_specify_fields(fields)
|
||||
@ -1320,7 +1320,7 @@ class NodesController(rest.RestController):
|
||||
:param resource_class: Optional string value to get only nodes with
|
||||
that resource_class.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:get', cdict, cdict)
|
||||
|
||||
api_utils.check_for_invalid_state_and_allow_filter(provision_state)
|
||||
@ -1351,7 +1351,7 @@ class NodesController(rest.RestController):
|
||||
:param node: UUID or name of a node.
|
||||
:param node_uuid: UUID of a node.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:validate', cdict, cdict)
|
||||
|
||||
if node is not None:
|
||||
@ -1376,7 +1376,7 @@ class NodesController(rest.RestController):
|
||||
:param fields: Optional, a list with a specified set of fields
|
||||
of the resource to be returned.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:get', cdict, cdict)
|
||||
|
||||
if self.from_chassis:
|
||||
@ -1395,7 +1395,7 @@ class NodesController(rest.RestController):
|
||||
|
||||
:param node: a node within the request body.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:create', cdict, cdict)
|
||||
|
||||
if self.from_chassis:
|
||||
@ -1448,7 +1448,7 @@ class NodesController(rest.RestController):
|
||||
:param node_ident: UUID or logical name of a node.
|
||||
:param patch: a json PATCH document to apply to this node.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:update', cdict, cdict)
|
||||
|
||||
if self.from_chassis:
|
||||
@ -1521,7 +1521,7 @@ class NodesController(rest.RestController):
|
||||
|
||||
:param node_ident: UUID or logical name of a node.
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:delete', cdict, cdict)
|
||||
|
||||
if self.from_chassis:
|
||||
|
@ -383,7 +383,7 @@ class PortsController(rest.RestController):
|
||||
for that portgroup.
|
||||
:raises: NotAcceptable, HTTPNotFound
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:port:get', cdict, cdict)
|
||||
|
||||
api_utils.check_allow_specify_fields(fields)
|
||||
@ -441,7 +441,7 @@ class PortsController(rest.RestController):
|
||||
:param sort_dir: direction to sort. "asc" or "desc". Default: asc.
|
||||
:raises: NotAcceptable, HTTPNotFound
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:port:get', cdict, cdict)
|
||||
|
||||
if portgroup and not api_utils.allow_portgroups_subcontrollers():
|
||||
@ -475,7 +475,7 @@ class PortsController(rest.RestController):
|
||||
of the resource to be returned.
|
||||
:raises: NotAcceptable, HTTPNotFound
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:port:get', cdict, cdict)
|
||||
|
||||
if self.parent_node_ident or self.parent_portgroup_ident:
|
||||
@ -494,7 +494,7 @@ class PortsController(rest.RestController):
|
||||
:param port: a port within the request body.
|
||||
:raises: NotAcceptable, HTTPNotFound, Conflict
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:port:create', cdict, cdict)
|
||||
|
||||
if self.parent_node_ident or self.parent_portgroup_ident:
|
||||
@ -540,7 +540,7 @@ class PortsController(rest.RestController):
|
||||
:param patch: a json PATCH document to apply to this port.
|
||||
:raises: NotAcceptable, HTTPNotFound
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:port:update', cdict, cdict)
|
||||
|
||||
if self.parent_node_ident or self.parent_portgroup_ident:
|
||||
@ -608,7 +608,7 @@ class PortsController(rest.RestController):
|
||||
:param port_uuid: UUID of a port.
|
||||
:raises OperationNotPermitted, HTTPNotFound
|
||||
"""
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:port:delete', cdict, cdict)
|
||||
|
||||
if self.parent_node_ident or self.parent_portgroup_ident:
|
||||
|
@ -346,7 +346,7 @@ class PortgroupsController(pecan.rest.RestController):
|
||||
if not api_utils.allow_portgroups():
|
||||
raise exception.NotFound()
|
||||
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:portgroup:get', cdict, cdict)
|
||||
|
||||
api_utils.check_allowed_portgroup_fields(fields)
|
||||
@ -381,7 +381,7 @@ class PortgroupsController(pecan.rest.RestController):
|
||||
if not api_utils.allow_portgroups():
|
||||
raise exception.NotFound()
|
||||
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:portgroup:get', cdict, cdict)
|
||||
|
||||
# NOTE: /detail should only work against collections
|
||||
@ -406,7 +406,7 @@ class PortgroupsController(pecan.rest.RestController):
|
||||
if not api_utils.allow_portgroups():
|
||||
raise exception.NotFound()
|
||||
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:portgroup:get', cdict, cdict)
|
||||
|
||||
if self.parent_node_ident:
|
||||
@ -427,7 +427,7 @@ class PortgroupsController(pecan.rest.RestController):
|
||||
if not api_utils.allow_portgroups():
|
||||
raise exception.NotFound()
|
||||
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:portgroup:create', cdict, cdict)
|
||||
|
||||
if self.parent_node_ident:
|
||||
@ -465,7 +465,7 @@ class PortgroupsController(pecan.rest.RestController):
|
||||
if not api_utils.allow_portgroups():
|
||||
raise exception.NotFound()
|
||||
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:portgroup:update', cdict, cdict)
|
||||
|
||||
if self.parent_node_ident:
|
||||
@ -533,7 +533,7 @@ class PortgroupsController(pecan.rest.RestController):
|
||||
if not api_utils.allow_portgroups():
|
||||
raise exception.NotFound()
|
||||
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:portgroup:delete', cdict, cdict)
|
||||
|
||||
if self.parent_node_ident:
|
||||
|
@ -98,7 +98,7 @@ class LookupController(rest.RestController):
|
||||
if not api_utils.allow_ramdisk_endpoints():
|
||||
raise exception.NotFound()
|
||||
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:driver:ipa_lookup', cdict, cdict)
|
||||
|
||||
# Validate the list of MAC addresses
|
||||
@ -160,7 +160,7 @@ class HeartbeatController(rest.RestController):
|
||||
if not api_utils.allow_ramdisk_endpoints():
|
||||
raise exception.NotFound()
|
||||
|
||||
cdict = pecan.request.context.to_dict()
|
||||
cdict = pecan.request.context.to_policy_values()
|
||||
policy.authorize('baremetal:node:ipa_heartbeat', cdict, cdict)
|
||||
|
||||
rpc_node = api_utils.get_rpc_node(node_ident)
|
||||
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
fixes:
|
||||
- Some of the API methods were not using the right context values for
|
||||
checking the policy, this release fixes the issue.
|
Loading…
Reference in New Issue
Block a user