diff options
| author | jakedahn <jake@markupisart.com> | 2012-08-09 14:28:28 -0700 |
|---|---|---|
| committer | jakedahn <jake@markupisart.com> | 2012-08-10 13:43:15 -0700 |
| commit | 8077486b3c15012f4dbf270cd8c9fa3f48cb3d36 (patch) | |
| tree | c8b4fc51bf5526c6db73e01f52eb9d3fcc324446 /nova/api | |
| parent | 2ef345534afe2d1640dd1d7ad42454d477ca2a94 (diff) | |
| download | nova-8077486b3c15012f4dbf270cd8c9fa3f48cb3d36.tar.gz nova-8077486b3c15012f4dbf270cd8c9fa3f48cb3d36.tar.xz nova-8077486b3c15012f4dbf270cd8c9fa3f48cb3d36.zip | |
Default behavior should restrict admins to tenant for volumes.
* NOTE: This is a port from cinder to nova volumes
* Now to view all volumes or volume snapshots across
all tenants you need to include the all_tenants=1
GET param in your api request.
* Fixes remaining issues blocking bug #967882
Change-Id: I7fe15e792b62e59973c7faa2cf1c52929ae5864f
Diffstat (limited to 'nova/api')
| -rw-r--r-- | nova/api/openstack/volume/snapshots.py | 6 | ||||
| -rw-r--r-- | nova/api/openstack/volume/volumes.py | 27 |
2 files changed, 31 insertions, 2 deletions
diff --git a/nova/api/openstack/volume/snapshots.py b/nova/api/openstack/volume/snapshots.py index 209f78d13..91823de79 100644 --- a/nova/api/openstack/volume/snapshots.py +++ b/nova/api/openstack/volume/snapshots.py @@ -130,7 +130,11 @@ class SnapshotsController(object): """Returns a list of snapshots, transformed through entity_maker.""" context = req.environ['nova.context'] - snapshots = self.volume_api.get_all_snapshots(context) + search_opts = {} + search_opts.update(req.GET) + + snapshots = self.volume_api.get_all_snapshots(context, + search_opts=search_opts) limited_list = common.limited(snapshots, req) res = [entity_maker(context, snapshot) for snapshot in limited_list] return {'snapshots': res} diff --git a/nova/api/openstack/volume/volumes.py b/nova/api/openstack/volume/volumes.py index 83a2b2f63..4c12638b4 100644 --- a/nova/api/openstack/volume/volumes.py +++ b/nova/api/openstack/volume/volumes.py @@ -196,9 +196,15 @@ class VolumeController(object): def _items(self, req, entity_maker): """Returns a list of volumes, transformed through entity_maker.""" + + search_opts = {} + search_opts.update(req.GET) + context = req.environ['nova.context'] + remove_invalid_options(context, + search_opts, self._get_volume_search_options()) - volumes = self.volume_api.get_all(context) + volumes = self.volume_api.get_all(context, search_opts=search_opts) limited_list = common.limited(volumes, req) res = [entity_maker(context, vol) for vol in limited_list] return {'volumes': res} @@ -253,6 +259,25 @@ class VolumeController(object): return wsgi.ResponseObject(result, headers=dict(location=location)) + def _get_volume_search_options(self): + """Return volume search options allowed by non-admin.""" + return ('name', 'status') + def create_resource(): return wsgi.Resource(VolumeController()) + + +def remove_invalid_options(context, search_options, allowed_search_options): + """Remove search options that are not valid for non-admin API/context.""" + if context.is_admin: + # Allow all options + return + # Otherwise, strip out all unknown options + unknown_options = [opt for opt in search_options + if opt not in allowed_search_options] + bad_options = ", ".join(unknown_options) + log_msg = _("Removing options '%(bad_options)s' from query") % locals() + LOG.debug(log_msg) + for opt in unknown_options: + search_options.pop(opt, None) |