openstack/aodh
Code Issues Proposed changes

Merge "Add policy rule for get quotas"

Browse Source
This commit is contained in:
Zuul 2024-12-10 10:43:41 +00:00 committed by Gerrit Code Review
commit b70ef40c14
3 changed files with 34 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
aodh/api/controllers/v2/quotas.py
View File

@ -48,10 +48,9 @@ class QuotasController(rest.RestController):
""" """
request_project = pecan.request.headers.get('X-Project-Id') request_project = pecan.request.headers.get('X-Project-Id')
project_id = project_id if project_id else request_project project_id = project_id if project_id else request_project
is_admin = rbac.is_admin(pecan.request, pecan.request.enforcer) rbac.enforce(
'get_quotas', pecan.request,
if project_id != request_project and not is_admin: pecan.request.enforcer, {'project_id': project_id})
raise base.ProjectNotAuthorized(project_id)
LOG.debug('Getting resource quotas for project %s', project_id) LOG.debug('Getting resource quotas for project %s', project_id)
@ -68,12 +67,12 @@ class QuotasController(rest.RestController):
@wsme_pecan.wsexpose(Quotas, body=Quotas, status_code=201) @wsme_pecan.wsexpose(Quotas, body=Quotas, status_code=201)
def post(self, body): def post(self, body):
"""Create or update quota.""" """Create or update quota."""
rbac.enforce('update_quotas', pecan.request,
pecan.request.enforcer, {})
params = body.to_dict() params = body.to_dict()
project_id = params['project_id'] project_id = params['project_id']
rbac.enforce('update_quotas', pecan.request,
pecan.request.enforcer, {'project_id': project_id})
input_quotas = [] input_quotas = []
for i in params.get('quotas', []): for i in params.get('quotas', []):
input_quotas.append(i.to_dict()) input_quotas.append(i.to_dict())
@ -87,5 +86,5 @@ class QuotasController(rest.RestController):
def delete(self, project_id): def delete(self, project_id):
"""Delete quotas for the given project.""" """Delete quotas for the given project."""
rbac.enforce('delete_quotas', pecan.request, rbac.enforce('delete_quotas', pecan.request,
pecan.request.enforcer, {}) pecan.request.enforcer, {'project_id': project_id})
pecan.request.storage.delete_quotas(project_id) pecan.request.storage.delete_quotas(project_id)

23
aodh/api/policies.py
View File

@ -96,6 +96,12 @@ deprecated_query_alarm_history = policy.DeprecatedRule(
deprecated_reason=DEPRECATED_REASON, deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.WALLABY deprecated_since=versionutils.deprecated.WALLABY
) )
deprecated_get_quotas = policy.DeprecatedRule(
name="telemetry:get_quotas",
check_str=RULE_ADMIN_OR_OWNER,
deprecated_reason=DEPRECATED_REASON,
deprecated_since='Epoxy'
)
deprecated_update_quotas = policy.DeprecatedRule( deprecated_update_quotas = policy.DeprecatedRule(
name="telemetry:update_quotas", name="telemetry:update_quotas",
check_str=RULE_CONTEXT_IS_ADMIN, check_str=RULE_CONTEXT_IS_ADMIN,
@ -281,6 +287,23 @@ rules = [
], ],
deprecated_rule=deprecated_query_alarm_history deprecated_rule=deprecated_query_alarm_history
), ),
policy.DocumentedRuleDefault(
name="telemetry:get_quotas",
check_str=PROJECT_READER,
scope_types=['project'],
description='Get resources quotas for project.',
operations=[
{
'path': '/v2/quotas',
'method': 'Get'
},
{
'path': '/v2/quotas/{project_id}',
'method': 'Get'
}
],
deprecated_rule=deprecated_get_quotas
),
policy.DocumentedRuleDefault( policy.DocumentedRuleDefault(
name="telemetry:update_quotas", name="telemetry:update_quotas",
check_str=PROJECT_ADMIN, check_str=PROJECT_ADMIN,

4
releasenotes/notes/get-quotas-policy-b0338f314ec06ae9.yaml Normal file
View File

@ -0,0 +1,4 @@
---
features:
- |
The new ``telemetry::get_quotas`` policy has been added.