How to use the ceilometer.api.rbac.get_limited_to_project function in ceilometer
To help you get started, we’ve selected a few ceilometer examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
openstack / ceilometer / ceilometer / api / controllers / v2 / alarms.py View on Github 
continue
action_set = set(actions)
if len(actions) != len(action_set):
LOG.info(_('duplicate actions are found: %s, '
'remove duplicate ones') % actions)
actions = list(action_set)
setattr(alarm, actions_name, actions)
if 0 < max_actions < len(actions):
error = _('%(name)s count exceeds maximum value '
'%(maximum)d') % {"name": actions_name,
"maximum": max_actions}
raise base.ClientSideError(error)
limited = rbac.get_limited_to_project(pecan.request.headers)
for action in actions:
try:
url = netutils.urlsplit(action)
except Exception:
error = _("Unable to parse action %s") % action
raise base.ClientSideError(error)
if url.scheme not in actions_schema:
error = _("Unsupported action %s") % action
raise base.ClientSideError(error)
if limited and url.scheme in ('log', 'test'):
error = _('You are not authorized to create '
'action: %s') % action
raise base.ClientSideError(error, status_code=401)def _alarm(self):
self.conn = pecan.request.alarm_storage_conn
auth_project = rbac.get_limited_to_project(pecan.request.headers)
alarms = list(self.conn.get_alarms(alarm_id=self._id,
project=auth_project))
if not alarms:
raise AlarmNotFound(alarm=self._id, auth_project=auth_project)
return alarms[0]def _force_visibility(self, visibility_field):
"""Force visibility field.
If the tenant is not admin insert an extra
"and =" clause to the query.
"""
authorized_project = rbac.get_limited_to_project(pecan.request.headers)
is_admin = authorized_project is None
if not is_admin:
self._restrict_to_project(authorized_project, visibility_field)
self._check_cross_project_references(authorized_project,
visibility_field)def _alarm(self):
self.conn = pecan.request.alarm_storage_conn
auth_project = rbac.get_limited_to_project(pecan.request.headers)
alarms = list(self.conn.get_alarms(alarm_id=self._id,
project=auth_project))
if not alarms:
raise base.AlarmNotFound(alarm=self._id, auth_project=auth_project)
return alarms[0]def _verify_query_segregation(query, auth_project=None):
"""Ensure non-admin queries are not constrained to another project."""
auth_project = (auth_project or
rbac.get_limited_to_project(pecan.request.headers))
if not auth_project:
return
for q in query:
if q.field in ('project', 'project_id') and auth_project != q.value:
raise base.ProjectNotAuthorized(q.value)def get_one(self, resource_id):
"""Retrieve details about one resource.
:param resource_id: The UUID of the resource.
"""
rbac.enforce('get_resource', pecan.request)
authorized_project = rbac.get_limited_to_project(pecan.request.headers)
resources = list(pecan.request.storage_conn.get_resources(
resource=resource_id, project=authorized_project))
if not resources:
raise EntityNotFound(_('Resource'), resource_id)
return Resource.from_db_and_links(resources[0],
self._resource_links(resource_id))def post(self, samples):
"""Post a list of new Samples to Telemetry.
:param samples: a list of samples within the request body.
"""
rbac.enforce('create_samples', pecan.request)
now = timeutils.utcnow()
auth_project = rbac.get_limited_to_project(pecan.request.headers)
def_source = pecan.request.cfg.sample_source
def_project_id = pecan.request.headers.get('X-Project-Id')
def_user_id = pecan.request.headers.get('X-User-Id')
published_samples = []
for s in samples:
if self.meter_name != s.counter_name:
raise wsme.exc.InvalidInput('counter_name', s.counter_name,
'should be %s' % self.meter_name)
if s.message_id:
raise wsme.exc.InvalidInput('message_id', s.message_id,
'The message_id must not be set')
if s.counter_type not in sample.TYPES:
raise wsme.exc.InvalidInput('counter_type', s.counter_type,
Popular ceilometer functions
- ceilometer.api.rbac.enforce
- ceilometer.api.rbac.get_limited_to_project
- ceilometer.compute.virt.inspector
- ceilometer.i18n._
- ceilometer.NotImplementedError
- ceilometer.openstack.common.fixture.moxstubout.MoxStubout
- ceilometer.openstack.common.gettextutils._
- ceilometer.openstack.common.gettextutils._LE
- ceilometer.openstack.common.log.getLogger
- ceilometer.openstack.common.test
- ceilometer.openstack.common.test.BaseTestCase
- ceilometer.pipeline.PipelineManager
- ceilometer.publisher.rpc.meter_message_from_counter
- ceilometer.sample
- ceilometer.sample.Sample
- ceilometer.sample.TYPE_GAUGE
- ceilometer.storage
- ceilometer.storage.SampleFilter
- ceilometer.tests.db.MixinTestsWithBackendScenarios
- ceilometer.utils