diff options
| author | Roman Prykhodchenko <me@romcheg.me> | 2013-10-07 16:48:06 +0300 |
|---|---|---|
| committer | Roman Prykhodchenko <me@romcheg.me> | 2013-10-14 21:48:55 +0300 |
| commit | 2d0bc7fd506d1c6000bfff3f8713b36e11ed9776 (patch) | |
| tree | 4ec8607601c4acc850e07d557db18976758026d5 /ironic/api/acl.py | |
| parent | eb30a2ae1a60d296492d388f33750cbf5acfb31b (diff) | |
| download | ironic-2d0bc7fd506d1c6000bfff3f8713b36e11ed9776.tar.gz | |
Fix policies
Policy file contained malformed content so the policy
engine failed to parse it. That was the reason of rejecting
all requests, if authentication was enabled.
This patch also updates policies to get rid of unused policies
and use GenericCheck to check for admin API.
After changes mentioned above some unused code appeared in
ironic.common.policy and so it was cleaned up.
Closes-bug: #1236371
Change-Id: Ie1dbda11561a9e7068d240a19f9fb98eae121c94
Diffstat (limited to 'ironic/api/acl.py')
| -rw-r--r-- | ironic/api/acl.py | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/ironic/api/acl.py b/ironic/api/acl.py index 85fa5325c..453b67b46 100644 --- a/ironic/api/acl.py +++ b/ironic/api/acl.py @@ -20,11 +20,8 @@ from keystoneclient.middleware import auth_token as keystone_auth_token from oslo.config import cfg -from pecan import hooks -from webob import exc from ironic.api.middleware import auth_token -from ironic.common import policy OPT_GROUP_NAME = 'keystone_authtoken' @@ -56,17 +53,3 @@ def install(app, conf, public_routes): return auth_token.AuthTokenMiddleware(app, conf=keystone_config, public_api_routes=public_routes) - - -class AdminAuthHook(hooks.PecanHook): - """Verify that the user has admin rights. - - Checks whether the request context is an admin context and - rejects the request otherwise. - - """ - def before(self, state): - ctx = state.request.context - - if not policy.check_is_admin(ctx) and not ctx.is_public_api: - raise exc.HTTPForbidden() |