diff options
author | Henry Nash <henryn@linux.vnet.ibm.com> | 2013-02-18 10:29:43 +0000 |
---|---|---|
committer | Henry Nash <henryn@linux.vnet.ibm.com> | 2013-02-21 00:57:04 +0000 |
commit | 329aeca9f9db4badc82d72907e7891c7d2de2f4b (patch) | |
tree | c63466d6d94ded7c7ecae6dec7b192c6ed279b6a /keystone/catalog | |
parent | 9f812939d4b05384b0a7d48e6b916baeca0477dc (diff) | |
download | keystone-329aeca9f9db4badc82d72907e7891c7d2de2f4b.tar.gz keystone-329aeca9f9db4badc82d72907e7891c7d2de2f4b.tar.xz keystone-329aeca9f9db4badc82d72907e7891c7d2de2f4b.zip |
Pass query filter attributes to policy engine
With the v3 api, there will be cases when a cloud provider will want
to be able to protect apis by matching items in the query filter
string. A classic case would be:
GET /users?domain_id=mydomain
The change augments the v3 controller protection wrapper with one
that will also pass in filter parameters. Since this filter list
also equates to the filter_by_attribute code that the subsequent
api call will make, the filterprotection wrapper passes the filter
list into the api call, allowing the code body to not have to
re-specify the same list. This also has the consequency of fixing
all the missing filter_by_attribute statements in the current code
base.
Some tests cannot yet be run due to dependency on completion of
v3/auth
Fixes Bug #1126048
Fixes Bug #1101240
Change-Id: Ibd9867f6eed585414671bbab774df95b8acdf6a5
Diffstat (limited to 'keystone/catalog')
-rw-r--r-- | keystone/catalog/controllers.py | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/keystone/catalog/controllers.py b/keystone/catalog/controllers.py index 78f1c9e1..24482fe7 100644 --- a/keystone/catalog/controllers.py +++ b/keystone/catalog/controllers.py @@ -131,11 +131,10 @@ class ServiceV3(controller.V3Controller): ref = self.catalog_api.create_service(context, ref['id'], ref) return ServiceV3.wrap_member(context, ref) - @controller.protected - def list_services(self, context): + @controller.filterprotected('type') + def list_services(self, context, filters): refs = self.catalog_api.list_services(context) - refs = self._filter_by_attribute(context, refs, 'type') - return ServiceV3.wrap_collection(context, refs) + return ServiceV3.wrap_collection(context, refs, filters) @controller.protected def get_service(self, context, service_id): @@ -169,12 +168,10 @@ class EndpointV3(controller.V3Controller): ref = self.catalog_api.create_endpoint(context, ref['id'], ref) return EndpointV3.wrap_member(context, ref) - @controller.protected - def list_endpoints(self, context): + @controller.filterprotected('interface', 'service_id') + def list_endpoints(self, context, filters): refs = self.catalog_api.list_endpoints(context) - refs = self._filter_by_attribute(context, refs, 'service_id') - refs = self._filter_by_attribute(context, refs, 'interface') - return EndpointV3.wrap_collection(context, refs) + return EndpointV3.wrap_collection(context, refs, filters) @controller.protected def get_endpoint(self, context, endpoint_id): |