~ubuntu-branches/ubuntu/vivid/ceilometer/vivid-proposed

« back to all changes in this revision

Viewing changes to ceilometer/api/rbac.py

Committer: Package Import Robot
Author(s): Chuck Short
Date: 2015-04-15 13:51:39 UTC
mfrom: (1.2.5)
Revision ID: package-import@ubuntu.com-20150415135139-wu1mlm9g91iibcu5

Tags: 2015.1~rc1-0ubuntu1

* New upstream milestone release:
- d/control: Align with upstream dependencies.
- d/p/disable-kafka.patch: Refreshed.

files added:
ceilometer/tests/gabbi/gabbits/meters.yaml

files modified:
.pc/disable-kafka.patch/ceilometer/tests/publisher/test_kafka_broker_publisher.py

.pc/disable-kafka.patch/requirements.txt

AUTHORS

ChangeLog

PKG-INFO

ceilometer.egg-info/PKG-INFO

ceilometer.egg-info/SOURCES.txt

ceilometer.egg-info/entry_points.txt

ceilometer.egg-info/pbr.json

ceilometer.egg-info/requires.txt

ceilometer/agent/base.py

ceilometer/agent/plugin_base.py

ceilometer/alarm/evaluator/__init__.py

ceilometer/alarm/evaluator/gnocchi.py

ceilometer/alarm/storage/impl_mongodb.py

ceilometer/api/controllers/v2/alarm_rules/gnocchi.py

ceilometer/api/controllers/v2/capabilities.py

ceilometer/api/controllers/v2/meters.py

ceilometer/api/controllers/v2/utils.py

ceilometer/api/rbac.py

ceilometer/collector.py

ceilometer/compute/virt/vmware/inspector.py

ceilometer/compute/virt/vmware/vsphere_operations.py

ceilometer/dispatcher/__init__.py

ceilometer/dispatcher/database.py

ceilometer/event/endpoint.py

ceilometer/event/storage/impl_mongodb.py

ceilometer/image/glance.py

ceilometer/ipmi/pollsters/node.py

ceilometer/locale/ceilometer-log-error.pot

ceilometer/locale/ceilometer.pot

ceilometer/locale/de/LC_MESSAGES/ceilometer-log-error.po

ceilometer/locale/en_AU/LC_MESSAGES/ceilometer-log-error.po

ceilometer/locale/en_GB/LC_MESSAGES/ceilometer-log-error.po

ceilometer/locale/en_GB/LC_MESSAGES/ceilometer.po

ceilometer/locale/es/LC_MESSAGES/ceilometer-log-error.po

ceilometer/locale/fr/LC_MESSAGES/ceilometer-log-error.po

ceilometer/locale/ja/LC_MESSAGES/ceilometer-log-error.po

ceilometer/locale/ko_KR/LC_MESSAGES/ceilometer-log-error.po

ceilometer/locale/pt_BR/LC_MESSAGES/ceilometer-log-error.po

ceilometer/locale/vi_VN/LC_MESSAGES/ceilometer-log-error.po

ceilometer/locale/zh_CN/LC_MESSAGES/ceilometer-log-error.po

ceilometer/locale/zh_CN/LC_MESSAGES/ceilometer.po

ceilometer/middleware.py

ceilometer/nova_client.py

ceilometer/objectstore/notifications.py

ceilometer/pipeline.py

ceilometer/profiler/notifications.py

ceilometer/publisher/kafka_broker.py

ceilometer/publisher/udp.py

ceilometer/publisher/utils.py

ceilometer/storage/base.py

ceilometer/storage/impl_mongodb.py

ceilometer/storage/impl_sqlalchemy.py

ceilometer/storage/mongo/utils.py

ceilometer/tests/agent/test_manager.py

ceilometer/tests/agent/test_plugin.py

ceilometer/tests/alarm/evaluator/test_base.py

ceilometer/tests/alarm/evaluator/test_gnocchi.py

ceilometer/tests/api/v2/test_alarm_scenarios.py

ceilometer/tests/api/v2/test_list_meters_scenarios.py

ceilometer/tests/api/v2/test_post_samples_scenarios.py

ceilometer/tests/api/v2/test_query.py

ceilometer/tests/compute/virt/vmware/test_inspector.py

ceilometer/tests/compute/virt/vmware/test_vsphere_operations.py

ceilometer/tests/gabbi/gabbits/samples.yaml

ceilometer/tests/image/test_glance.py

ceilometer/tests/network/statistics/opencontrail/test_client.py

ceilometer/tests/objectstore/test_notifications.py

ceilometer/tests/publisher/test_kafka_broker_publisher.py

ceilometer/tests/publisher/test_udp.py

ceilometer/tests/publisher/test_utils.py

ceilometer/tests/storage/test_impl_db2.py

ceilometer/tests/storage/test_impl_hbase.py

ceilometer/tests/storage/test_impl_mongodb.py

ceilometer/tests/storage/test_impl_sqlalchemy.py

ceilometer/tests/storage/test_storage_scenarios.py

ceilometer/tests/test_collector.py

ceilometer/tests/test_notification.py

debian/changelog

debian/control

debian/patches/disable-kafka.patch

doc/source/install/mod_wsgi.rst

doc/source/webapi/v2.rst

etc/ceilometer/event_definitions.yaml

etc/ceilometer/policy.json

pylintrc

requirements-py3.txt

requirements.txt

setup.cfg

test-requirements-py3.txt

test-requirements.txt

tox.ini

Show diffs side-by-side

added added

removed removed

ceilometer/api/rbac.py

CONF = cfg.CONF

def _has_rule(name):

return name in _ENFORCER.rules.keys()

def enforce(policy_name, request):

"""Return the user and project the request should be limited to.

policy_dict['target.user_id'] = (headers.get('X-User-Id'))

policy_dict['target.project_id'] = (headers.get('X-Project-Id'))

for rule_name in _ENFORCER.rules.keys():

if rule_method == rule_name:

if not _ENFORCER.enforce(

rule_name,

{},

policy_dict):

pecan.core.abort(status_code=403,

detail='RBAC Authorization Failed')

# maintain backward compat with Juno and previous by allowing the action if

# there is no rule defined for it

if ((_has_rule('default') or _has_rule(rule_method)) and

not _ENFORCER.enforce(rule_method, {}, policy_dict)):

pecan.core.abort(status_code=403, detail='RBAC Authorization Failed')

# TODO(fabiog): these methods are still used because the scoping part is really

policy_dict['target.user_id'] = (headers.get('X-User-Id'))

policy_dict['target.project_id'] = (headers.get('X-Project-Id'))

if not _ENFORCER.enforce('segregation',

# maintain backward compat with Juno and previous by using context_is_admin

# rule if the segregation rule (added in Kilo) is not defined

rule_name = 'segregation' if _has_rule(

'segregation') else 'context_is_admin'

if not _ENFORCER.enforce(rule_name,

{},

policy_dict):

return headers.get('X-User-Id'), headers.get('X-Project-Id')

return None, None

Older »