diff options
| author | Vishvananda Ishaya <vishvananda@gmail.com> | 2010-06-24 04:11:58 +0100 |
|---|---|---|
| committer | andy <github@anarkystic.com> | 2010-06-24 04:11:58 +0100 |
| commit | 8475e0b590da9f2ef602005d2e8a51b2286c5052 (patch) | |
| tree | 70d53692666938e135ef624266acc22b9492239a | |
| parent | 97c372a3fe288729fe6cd3692c8899ba5a831c8a (diff) | |
| download | nova-8475e0b590da9f2ef602005d2e8a51b2286c5052.tar.gz nova-8475e0b590da9f2ef602005d2e8a51b2286c5052.tar.xz nova-8475e0b590da9f2ef602005d2e8a51b2286c5052.zip | |
hide vpn instances unless you are an admin and allow run_instances to launch vpn image even if it is private
| -rw-r--r-- | nova/endpoint/cloud.py | 78 |
1 files changed, 43 insertions, 35 deletions
diff --git a/nova/endpoint/cloud.py b/nova/endpoint/cloud.py index 8a3604f67..0910e41d1 100644 --- a/nova/endpoint/cloud.py +++ b/nova/endpoint/cloud.py @@ -381,40 +381,45 @@ class CloudController(object): reservations = {} for instance in self.instdir.all: res_id = instance.get('reservation_id', 'Unknown') - if ((context.user.is_admin() or context.project.id == instance['project_id']) - and (reservation_id == None or reservation_id == res_id)): - i = {} - i['instance_id'] = instance.get('instance_id', None) - i['image_id'] = instance.get('image_id', None) - i['instance_state'] = { - 'code': instance.get('state', 0), - 'name': instance.get('state_description', 'pending') - } - i['public_dns_name'] = self.network.get_public_ip_for_instance( - i['instance_id']) - i['private_dns_name'] = instance.get('private_dns_name', None) - if not i['public_dns_name']: - i['public_dns_name'] = i['private_dns_name'] - i['dns_name'] = instance.get('dns_name', None) - i['key_name'] = instance.get('key_name', None) - if context.user.is_admin(): - i['key_name'] = '%s (%s, %s)' % (i['key_name'], - instance.get('owner_id', None), instance.get('node_name','')) - i['product_codes_set'] = self._convert_to_set( - instance.get('product_codes', None), 'product_code') - i['instance_type'] = instance.get('instance_type', None) - i['launch_time'] = instance.get('launch_time', None) - i['ami_launch_index'] = instance.get('ami_launch_index', - None) - if not reservations.has_key(res_id): - r = {} - r['reservation_id'] = res_id - r['owner_id'] = instance.get('project_id', None) - r['group_set'] = self._convert_to_set( - instance.get('groups', None), 'group_id') - r['instances_set'] = [] - reservations[res_id] = r - reservations[res_id]['instances_set'].append(i) + if reservation_id != None and reservation_id != res_id: + continue + if not context.user.is_admin(): + if instance['image_id'] == FLAGS.vpn_image_id: + continue + if context.project.id != instance['project_id']: + continue + i = {} + i['instance_id'] = instance.get('instance_id', None) + i['image_id'] = instance.get('image_id', None) + i['instance_state'] = { + 'code': instance.get('state', 0), + 'name': instance.get('state_description', 'pending') + } + i['public_dns_name'] = self.network.get_public_ip_for_instance( + i['instance_id']) + i['private_dns_name'] = instance.get('private_dns_name', None) + if not i['public_dns_name']: + i['public_dns_name'] = i['private_dns_name'] + i['dns_name'] = instance.get('dns_name', None) + i['key_name'] = instance.get('key_name', None) + if context.user.is_admin(): + i['key_name'] = '%s (%s, %s)' % (i['key_name'], + instance.get('owner_id', None), instance.get('node_name','')) + i['product_codes_set'] = self._convert_to_set( + instance.get('product_codes', None), 'product_code') + i['instance_type'] = instance.get('instance_type', None) + i['launch_time'] = instance.get('launch_time', None) + i['ami_launch_index'] = instance.get('ami_launch_index', + None) + if not reservations.has_key(res_id): + r = {} + r['reservation_id'] = res_id + r['owner_id'] = instance.get('project_id', None) + r['group_set'] = self._convert_to_set( + instance.get('groups', None), 'group_id') + r['instances_set'] = [] + reservations[res_id] = r + reservations[res_id]['instances_set'].append(i) instance_response = {'reservationSet' : list(reservations.values()) } return instance_response @@ -471,7 +476,10 @@ class CloudController(object): @rbac.allow('projectmanager', 'sysadmin') def run_instances(self, context, **kwargs): - image = self._get_image(context, kwargs['image_id']) + # make sure user can access the image + # vpn image is private so it doesn't show up on lists + if kwargs['image_id'] != FLAGS.vpn_image_id: + image = self._get_image(context, kwargs['image_id']) logging.debug("Going to run instances...") reservation_id = utils.generate_uid('r') launch_time = time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime()) |