1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Copyright 2013 Rackspace
5
# Licensed under the Apache License, Version 2.0 (the "License"); you may
6
# not use this file except in compliance with the License. You may obtain
7
# a copy of the License at
9
# http://www.apache.org/licenses/LICENSE-2.0
11
# Unless required by applicable law or agreed to in writing, software
12
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
# License for the specific language governing permissions and limitations
20
from oslo.config import cfg
23
from glance.openstack.common import log as logging
25
CONFIG = ConfigParser.SafeConfigParser()
26
LOG = logging.getLogger(__name__)
29
cfg.StrOpt('property_protection_file',
31
help=_('The location of the property protection file.')),
35
CONF.register_opts(property_opts)
38
def is_property_protection_enabled():
39
if CONF.property_protection_file:
44
class PropertyRules(object):
50
def _load_rules(self):
52
conf_file = CONF.find_file(CONF.property_protection_file)
53
CONFIG.read(conf_file)
54
except Exception as e:
55
msg = _("Couldn't find property protection file %s:%s." %
56
(CONF.property_protection_file, e))
58
raise webob.exc.HTTPInternalServerError(explanation=msg)
60
operations = ['create', 'read', 'update', 'delete']
61
properties = CONFIG.sections()
62
for property_exp in properties:
64
compiled_rule = self._compile_rule(property_exp)
66
for operation in operations:
67
roles = CONFIG.get(property_exp, operation)
69
roles = [role.strip() for role in roles.split(',')]
70
property_dict[operation] = roles
72
property_dict[operation] = []
73
msg = _(('Property protection on operation %s for rule '
74
'%s is not found. No role will be allowed to '
75
'perform this operation.' %
76
(operation, property_exp)))
79
self.rules[compiled_rule] = property_dict
81
def _compile_rule(self, rule):
83
return re.compile(rule)
84
except Exception as e:
85
msg = _("Encountered a malfored property protection rule %s:%s."
88
raise webob.exc.HTTPInternalServerError(explanation=msg)
90
def check_property_rules(self, property_name, action, roles):
94
if action not in ['create', 'read', 'update', 'delete']:
97
for rule_exp, rule in self.rules.items():
98
if rule_exp.search(str(property_name)):
99
if set(roles).intersection(set(rule.get(action))):