diff options
| author | Chris Yeoh <cyeoh@au1.ibm.com> | 2013-06-05 21:07:39 +0930 |
|---|---|---|
| committer | Chris Yeoh <cyeoh@au1.ibm.com> | 2013-06-10 10:59:43 +0930 |
| commit | 614b209d00cc369f5ea87a81c5a9eff47c29c43a (patch) | |
| tree | 90cb28e0ab995d60d6b1e903b15a25d365d2d629 /nova/api | |
| parent | d5ae8d5667fee22ba4df4feea53224874a19d167 (diff) | |
| download | nova-614b209d00cc369f5ea87a81c5a9eff47c29c43a.tar.gz nova-614b209d00cc369f5ea87a81c5a9eff47c29c43a.tar.xz nova-614b209d00cc369f5ea87a81c5a9eff47c29c43a.zip | |
Adds v3 API extension discovery filtering
Adds ability for a v3 loaded extension to be visible in
/v3/extensions to be dependent on the discoverable action policy
for that extension. Note that this does not actually effect whether
or not the functionality provided by the extension is accessible
Implements blueprint nova-v3-api-filter
Change-Id: I3f6ba7ea59e7abfa9d57b79ab18aa5b675e64118
Diffstat (limited to 'nova/api')
| -rw-r--r-- | nova/api/openstack/compute/plugins/v3/extension_info.py | 23 | ||||
| -rw-r--r-- | nova/api/openstack/extensions.py | 4 |
2 files changed, 23 insertions, 4 deletions
diff --git a/nova/api/openstack/compute/plugins/v3/extension_info.py b/nova/api/openstack/compute/plugins/v3/extension_info.py index 43b0551c7..c626f6104 100644 --- a/nova/api/openstack/compute/plugins/v3/extension_info.py +++ b/nova/api/openstack/compute/plugins/v3/extension_info.py @@ -19,6 +19,10 @@ import webob.exc from nova.api.openstack import extensions from nova.api.openstack import wsgi from nova.api.openstack import xmlutil +from nova.openstack.common import log as logging + + +LOG = logging.getLogger(__name__) def make_ext(elem): @@ -64,11 +68,25 @@ class ExtensionInfoController(object): ext_data['version'] = ext.version return ext_data + def _get_extensions(self, context): + """Filter extensions list based on policy""" + + discoverable_extensions = dict() + for alias, ext in self.extension_info.get_extensions().iteritems(): + authorize = extensions.soft_extension_authorizer( + 'compute', 'v3:' + alias) + if authorize(context, action='discoverable'): + discoverable_extensions[alias] = ext + else: + LOG.debug(_("Filter out extension %s from discover list"), alias) + return discoverable_extensions + @wsgi.serializers(xml=ExtensionsTemplate) def index(self, req): + context = req.environ['nova.context'] sorted_ext_list = sorted( - self.extension_info.get_extensions().iteritems()) + self._get_extensions(context).iteritems()) extensions = [] for _alias, ext in sorted_ext_list: @@ -77,9 +95,10 @@ class ExtensionInfoController(object): @wsgi.serializers(xml=ExtensionTemplate) def show(self, req, id): + context = req.environ['nova.context'] try: # NOTE(dprince): the extensions alias is used as the 'id' for show - ext = self.extension_info.get_extensions()[id] + ext = self._get_extensions(context)[id] except KeyError: raise webob.exc.HTTPNotFound() diff --git a/nova/api/openstack/extensions.py b/nova/api/openstack/extensions.py index 6cbc5bb78..2f3494ca4 100644 --- a/nova/api/openstack/extensions.py +++ b/nova/api/openstack/extensions.py @@ -392,9 +392,9 @@ def extension_authorizer(api_name, extension_name): def soft_extension_authorizer(api_name, extension_name): hard_authorize = extension_authorizer(api_name, extension_name) - def authorize(context): + def authorize(context, action=None): try: - hard_authorize(context) + hard_authorize(context, action=action) return True except exception.NotAuthorized: return False |