Merge "Add policy rule for get quotas"

This commit is contained in:
Zuul 2024-12-10 10:43:41 +00:00 committed by Gerrit Code Review
commit b70ef40c14
3 changed files with 34 additions and 8 deletions

View File

@ -48,10 +48,9 @@ class QuotasController(rest.RestController):
"""
request_project = pecan.request.headers.get('X-Project-Id')
project_id = project_id if project_id else request_project
is_admin = rbac.is_admin(pecan.request, pecan.request.enforcer)
if project_id != request_project and not is_admin:
raise base.ProjectNotAuthorized(project_id)
rbac.enforce(
'get_quotas', pecan.request,
pecan.request.enforcer, {'project_id': project_id})
LOG.debug('Getting resource quotas for project %s', project_id)
@ -68,12 +67,12 @@ class QuotasController(rest.RestController):
@wsme_pecan.wsexpose(Quotas, body=Quotas, status_code=201)
def post(self, body):
"""Create or update quota."""
rbac.enforce('update_quotas', pecan.request,
pecan.request.enforcer, {})
params = body.to_dict()
project_id = params['project_id']
rbac.enforce('update_quotas', pecan.request,
pecan.request.enforcer, {'project_id': project_id})
input_quotas = []
for i in params.get('quotas', []):
input_quotas.append(i.to_dict())
@ -87,5 +86,5 @@ class QuotasController(rest.RestController):
def delete(self, project_id):
"""Delete quotas for the given project."""
rbac.enforce('delete_quotas', pecan.request,
pecan.request.enforcer, {})
pecan.request.enforcer, {'project_id': project_id})
pecan.request.storage.delete_quotas(project_id)

View File

@ -96,6 +96,12 @@ deprecated_query_alarm_history = policy.DeprecatedRule(
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.WALLABY
)
deprecated_get_quotas = policy.DeprecatedRule(
name="telemetry:get_quotas",
check_str=RULE_ADMIN_OR_OWNER,
deprecated_reason=DEPRECATED_REASON,
deprecated_since='Epoxy'
)
deprecated_update_quotas = policy.DeprecatedRule(
name="telemetry:update_quotas",
check_str=RULE_CONTEXT_IS_ADMIN,
@ -281,6 +287,23 @@ rules = [
],
deprecated_rule=deprecated_query_alarm_history
),
policy.DocumentedRuleDefault(
name="telemetry:get_quotas",
check_str=PROJECT_READER,
scope_types=['project'],
description='Get resources quotas for project.',
operations=[
{
'path': '/v2/quotas',
'method': 'Get'
},
{
'path': '/v2/quotas/{project_id}',
'method': 'Get'
}
],
deprecated_rule=deprecated_get_quotas
),
policy.DocumentedRuleDefault(
name="telemetry:update_quotas",
check_str=PROJECT_ADMIN,

View File

@ -0,0 +1,4 @@
---
features:
- |
The new ``telemetry::get_quotas`` policy has been added.