diff options
| author | Julia Kreger <juliaashleykreger@gmail.com> | 2021-03-02 15:42:19 -0800 |
|---|---|---|
| committer | Julia Kreger <juliaashleykreger@gmail.com> | 2021-03-12 08:37:51 -0800 |
| commit | 88673f1e949a41cfe804ff919e16935c6dca11e1 (patch) | |
| tree | ebe5dd1ba4815628653ec737120b92364fdbf695 /ironic/db/sqlalchemy/api.py | |
| parent | ebaa359937817319c15bd6acfb88d74f0d2d63bb (diff) | |
| download | ironic-88673f1e949a41cfe804ff919e16935c6dca11e1.tar.gz | |
Allocation support for project scoped RBAC
Adds policy scope based RBAC handling for the allocations
endpoing which enables admins to create allocations if
they have baremetal nodes which are available to them.
Change-Id: I60e273afaf344fded9bdb8c4c8e143efc9971fc1
Diffstat (limited to 'ironic/db/sqlalchemy/api.py')
| -rw-r--r-- | ironic/db/sqlalchemy/api.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ironic/db/sqlalchemy/api.py b/ironic/db/sqlalchemy/api.py index 6f38c4b8f..2029d8942 100644 --- a/ironic/db/sqlalchemy/api.py +++ b/ironic/db/sqlalchemy/api.py @@ -439,7 +439,7 @@ class Connection(api.Connection): return _paginate_query(models.Node, limit, marker, sort_key, sort_dir, query) - def check_node_list(self, idents): + def check_node_list(self, idents, project=None): mapping = {} if idents: idents = set(idents) @@ -459,6 +459,10 @@ class Connection(api.Connection): sql.or_(models.Node.uuid.in_(uuids), models.Node.name.in_(names)) ) + if project: + query = query.filter((models.Node.owner == project) + | (models.Node.lessee == project)) + for row in query: if row[0] in idents: mapping[row[0]] = row[0] |