diff options
author | Steve Baker <sbaker@redhat.com> | 2020-12-14 13:16:00 +1300 |
---|---|---|
committer | Steve Baker <sbaker@redhat.com> | 2020-12-17 12:11:08 +1300 |
commit | 8669837ea2589a5d7b0f7afdf05727aad09e4f34 (patch) | |
tree | e2050f0d85c6209fde46c31bb043ff0ba7ceda54 /ironic/api/controllers/v1/ramdisk.py | |
parent | a58b88c737a1626af3c98de0f42f9a114fcc6104 (diff) | |
download | ironic-8669837ea2589a5d7b0f7afdf05727aad09e4f34.tar.gz |
Consistently use utils functions for policy auth
The check_policy function exists in api utils, along with other more
complex policy utility functions. This change replaces direct calls to
authorize with calls to check_policy.
Having authorize calls consolidated in api utils may help with the
upcoming secure-rbac work.
Change-Id: If4779b08b9f360f4c2f4675c605aa519f6ea4778
Diffstat (limited to 'ironic/api/controllers/v1/ramdisk.py')
-rw-r--r-- | ironic/api/controllers/v1/ramdisk.py | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/ironic/api/controllers/v1/ramdisk.py b/ironic/api/controllers/v1/ramdisk.py index 705389534..46cc9fa53 100644 --- a/ironic/api/controllers/v1/ramdisk.py +++ b/ironic/api/controllers/v1/ramdisk.py @@ -25,7 +25,6 @@ from ironic.api import method from ironic.common import args from ironic.common import exception from ironic.common.i18n import _ -from ironic.common import policy from ironic.common import states from ironic.common import utils from ironic import objects @@ -95,8 +94,7 @@ class LookupController(rest.RestController): if not api_utils.allow_ramdisk_endpoints(): raise exception.NotFound() - cdict = api.request.context.to_policy_values() - policy.authorize('baremetal:driver:ipa_lookup', cdict, cdict) + api_utils.check_policy('baremetal:driver:ipa_lookup') # Validate the list of MAC addresses if addresses is None: @@ -187,8 +185,7 @@ class HeartbeatController(rest.RestController): raise exception.InvalidParameterValue( _('Field "agent_version" not recognised')) - cdict = api.request.context.to_policy_values() - policy.authorize('baremetal:node:ipa_heartbeat', cdict, cdict) + api_utils.check_policy('baremetal:node:ipa_heartbeat') if (agent_verify_ca is not None and not api_utils.allow_verify_ca_in_heartbeat()): |