← Back to branch summary

~ubuntu-branches/ubuntu/saucy/glance/saucy-proposed

« back to all changes in this revision

Viewing changes to glance/common/property_utils.py

  • Committer: Package Import Robot
  • Author(s): Chuck Short, Chuck Short, James Page
  • Date: 2013-09-09 13:06:09 UTC
  • mfrom: (1.1.54)
  • Revision ID: package-import@ubuntu.com-20130909130609-33p9xrv7zu4b5sh7
Tags: 1:2013.2~b3-0ubuntu1
[ Chuck Short ]
* New upstream release. 
* debian/control: Add python-oslo.sphinx as a build 
  dependency.

[ James Page ]
* d/p/*: Refreshed patches.

Show diffs side-by-side

added added

removed removed

Lines of Context:
glance/common/property_utils.py
 
1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
 
2
 
 
3
#    Copyright 2013 Rackspace
 
4
#
 
5
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
 
6
#    not use this file except in compliance with the License. You may obtain
 
7
#    a copy of the License at
 
8
#
 
9
#         http://www.apache.org/licenses/LICENSE-2.0
 
10
#
 
11
#    Unless required by applicable law or agreed to in writing, software
 
12
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 
13
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 
14
#    License for the specific language governing permissions and limitations
 
15
#    under the License.
 
16
 
 
17
import ConfigParser
 
18
import re
 
19
 
 
20
from oslo.config import cfg
 
21
import webob.exc
 
22
 
 
23
from glance.openstack.common import log as logging
 
24
 
 
25
CONFIG = ConfigParser.SafeConfigParser()
 
26
LOG = logging.getLogger(__name__)
 
27
 
 
28
property_opts = [
 
29
    cfg.StrOpt('property_protection_file',
 
30
               default=None,
 
31
               help=_('The location of the property protection file.')),
 
32
]
 
33
 
 
34
CONF = cfg.CONF
 
35
CONF.register_opts(property_opts)
 
36
 
 
37
 
 
38
def is_property_protection_enabled():
 
39
    if CONF.property_protection_file:
 
40
        return True
 
41
    return False
 
42
 
 
43
 
 
44
class PropertyRules(object):
 
45
 
 
46
    def __init__(self):
 
47
        self.rules = {}
 
48
        self._load_rules()
 
49
 
 
50
    def _load_rules(self):
 
51
        try:
 
52
            conf_file = CONF.find_file(CONF.property_protection_file)
 
53
            CONFIG.read(conf_file)
 
54
        except Exception as e:
 
55
            msg = _("Couldn't find property protection file %s:%s." %
 
56
                    (CONF.property_protection_file, e))
 
57
            LOG.error(msg)
 
58
            raise webob.exc.HTTPInternalServerError(explanation=msg)
 
59
 
 
60
        operations = ['create', 'read', 'update', 'delete']
 
61
        properties = CONFIG.sections()
 
62
        for property_exp in properties:
 
63
            property_dict = {}
 
64
            compiled_rule = self._compile_rule(property_exp)
 
65
 
 
66
            for operation in operations:
 
67
                roles = CONFIG.get(property_exp, operation)
 
68
                if roles:
 
69
                    roles = [role.strip() for role in roles.split(',')]
 
70
                    property_dict[operation] = roles
 
71
                else:
 
72
                    property_dict[operation] = []
 
73
                    msg = _(('Property protection on operation %s for rule '
 
74
                            '%s is not found. No role will be allowed to '
 
75
                            'perform this operation.' %
 
76
                            (operation, property_exp)))
 
77
                    LOG.warn(msg)
 
78
 
 
79
            self.rules[compiled_rule] = property_dict
 
80
 
 
81
    def _compile_rule(self, rule):
 
82
        try:
 
83
            return re.compile(rule)
 
84
        except Exception as e:
 
85
            msg = _("Encountered a malfored property protection rule %s:%s."
 
86
                    % (rule, e))
 
87
            LOG.error(msg)
 
88
            raise webob.exc.HTTPInternalServerError(explanation=msg)
 
89
 
 
90
    def check_property_rules(self, property_name, action, roles):
 
91
        if not self.rules:
 
92
            return True
 
93
 
 
94
        if action not in ['create', 'read', 'update', 'delete']:
 
95
            return False
 
96
 
 
97
        for rule_exp, rule in self.rules.items():
 
98
            if rule_exp.search(str(property_name)):
 
99
                if set(roles).intersection(set(rule.get(action))):
 
100
                    return True
 
101
        return False